WXA 1.3 User's Guide
Contents
1. System States Interface States Marka geement Seton Pinmware Diagnostics Report Power OF Reboot Set Time B e Li System Information Time Settings Bedel Hum beer WA 4000 Time Syinchriniza bon bakk Dimi F z Cren z Source de Mk 3 sonicwail com Controller Sena Hum beri DOTACSE SA WE Firmware Version iihi piana ar aksa a Lical Time dri Olierit Fim Jen 16 15 42 24 2012 System Statistics RAID Load Oe Status Uptime 3 irs 2 Presses a Name Description System Status Tab Displays the system details about the WXA series appliance including system information time settings and system statistics See the System Status Tab on page 140 for details Interface Status Tab Monitors the WAN Acceleration interface by displaying the status and statistics See the Interface Status Tab on page 142 for details Management Tab Displays details about the configuration of the Simple Network Management Protocol SNMP and the Syslog Server functions See the Management Tab on page 143 for details Settings Tab Displays details about the configuration of the WXA series appliance and pro vides an option to browse for policies to upload A settings file is an XML document that captures the current configuration set tings of the WXA series appliance The configuration settings can then be restored on the WXA series appliance after a firmware upgrade or factory reset is performed See the Settings Tab on page 144 for details Firmware Tab Displays detail2. Bypassed Addresses x ra lng IP Address Port Reason Lifetime Created Updated Expires 192 168 20 100 445 Traffic not compressing wel 300 10 10 2012 10 10 2012 10 10 2012 12 59 41 12 59 51 13 04 51 Close Ms Enable TCP Acceleration TCP Acceleration Mode Enables or disables the TCP Acceleration service This is selected by default Selects how the service object is used Either as services to be accelerated or as services to be excluded from acceleration TCP Acceleration Service Object Address object always excluded from TCP Acceleration 42 Dell SonicWALL WXA 1 3 User s Guide Selects service objects for the TCP Acceleration service To add new service objects to the drop down list navigate to Network gt Address Objects and create new service objects Note The option for choosing a TCP Acceleration service object is greyed out if the TCP Acceleration mode does not support it Selects address objects to always exclude from the TCP Accelera tion service To add an address object to the drop down list navi gate to Network gt Address Objects and create new address objects Statistics Tab AN Acceleration TC P Acceleration Crita tiri Covering Fard Pasi 3 Gays wi Torta Date Redwton Yo WAN Capacity Increase Factor Hear Conmescthenes Dhrsed Cirit Erie Peak Cirirrethiris Egress j Statistics Statetcs Breakdown D riretHoris a re ar retest 00 me il
3. File Server File Server 1 z Apply Cancel a Step 4 Click the File Server drop down list and then select the Local Server Name File Server 1 Step 5 Click Apply The Update Domain Records pop up window displays Update Domain Records x Adds any missing domain records and remowes stale records required for the comed functioning of WFS Acceleration Enter the username and password of a domain Administrator or other suitably qualified user password Sd Update Records Cancel Step 6 Enter your Administrator credentials Step 7 Click the Update Records button 104 Dell SonicWALL WXA 1 3 User s Guide Add File Server 2 Step 8 Click the Add Server button The Add Server pop up window displays Add Local File Server x Select a local file serwer from those discovered on the network After adding the server you will be prompted for en Administrator s credentials so that the necessary records can be crested on the domain File operations to all of ts shared folders and documents from remote sites will be accelerated WES Acceleration to specific shares this can be configured on the WFS If you wish to limit Advanced Configuration Mode File Server File Server 2 Ga Apply Cancel A 4 Step 9 Click the File Server drop down list and then select Local Server Name File Server 2 Step 10 Click Apply The Update Domain Records pop up window displays Update Domain Records x Adds any missing
4. Basic Advanced Configuration Statistics Signed SMB Setup Tools Diagnostic Tool ONS Name Lookup ONS Name Lookup sd Available Shares DNS Nan Test WFS Configuration List Kerberos Servers Primary DNS 192 168 20 251 Secondary DNS Lookup Name or IP The Diagnostic Tools drop down provides the following selections DNS Name Lookup Performs a search on a specific Name or IP address see on page 78 for details e Available Shares Displays information about available shares on a specific host see on page 79 for details Test WFS Configuration Performs a test on the WFS Acceleration configuration and validates connectivity see on page 80 for details List Kerberos Servers Displays a list of Kerberos servers that are available to use see on page 80 for details Viewing the WFS Acceleration Page 77 78 Figure 11 DNS Name Lookup Panel Diagnostic Tool DNS Name Lookup r DNS Name Lookup Primary DNS Secondary DNS Lookup Name or IP 204 212 170 25 The DNS Name Lookup Panel displays the following information Name Description Primary DNS read only Secondary DNS read only Lookup Name or IP Text Field Displays the primary DNS which was configured on NSA TZ security appliance using the Network gt DNS page or Network gt DHCP Server gt Edit gt DNS WINS tab Displays the secondary DNS which was configured on NSA TZ security appliance using the Net
5. remote_server docs under WFS Acceleration it will become local_ wxa docs After adding the server you will be prompted for an Administrator s credentials so that the necessary records can be created on the domain File operations to all of its shared folders and documents will be accelerated If you wish to limit WES Acceleration to specific shares this can be configured on the WFS Shares page in Advanced Configuration Mode File Server File Server 1 Local WXA Name WA 2000 R5 1 Apply Cancel s Step 4 Click the File Server drop down list and then select the name of the remote file server hosting the shares File Server 1 Step 5 Enter a local WXA name WXA 2000 RS 1 a Note Adding a dot after the name will auto complete the name with that of the domain This the local WXA Name is the name that should then be used in paths to folders and files on the remote server in order for the file sharing operations to benefit from WFS Acceleration For example if the current path is remote_server docs under WFS Acceleration it will become local_Wxa docs Step 6 Click Apply The Update Domain Records pop up window displays Update Domain Records x Adds any missing domain records and removes stale records required for the comect functioning of WFS Acceleration Enter the username and password of a domain Administrator or other suitably qualified user Update Records Cancel Step 7 Enter y
6. 20 20 20 20 20 Priority 2 ltems 1 to 9 of 9 calla Probe Comment Configure Zi a x oS oS es Delete All Configuring TCP Acceleration 51 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 The Route Policy Settings pop up window displays General Route Policy Settings Source Any ha Destination Central Site Service Any Gateway Al Default Gateway Interface Xl Metric 1 Comment w Disable route when the interface is disconnected Allow VPN path to take precedence F Permit Acceleration Probe None Disable route when probe succeeds Probe default state is UP Ready OK Cancel Help Click the Source drop down select Any Click the Destination drop down select the address object you created Central Site Click the Service drop down select Any Click the Gateway drop down select the X1 Default Gateway Click the Interface drop down select the X1 interface Enter 7 in the Metric text field This gives the route policy a high priority level A larger metric number would have a lower priority select the Permit Acceleration checkbox Click the OK button 52 Dell SonicWALL WXA 1 3 User s Guide Configure Routing Policies for Incoming Traffic Step 1 Address Objects El Name 1 x0 IP 2 x Subnet 3 X1IP 4 x1 Subnet Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 On the central site configure
7. Ce Web Cache Enable Web Cache Client Inclusion Address Object Any Server Exclusion Address Object None T Caching Strategy Moderate 7 Note enabling the WXA Web Cache affects settings on the Network Web Proxy page 132 Dell SonicWALL WXA 1 3 User s Guide Step 7 In the Client Inclusion Address Object drop down menu you can select the Address Object or Group that represents the local subnets whose web traffic should be diverted via the Web Cache You can also choose Any and the traffic from any source IP address is forwarded to the WXA Step 8 Inthe Server Exclusion Address Object drop down menu you can select the Address Object or Group that contains the destination address of web servers for which traffic should not be diverted via the Web Cache If you select None no web server is excluded and all appropriate traffic is sent via the WXA Step9 The Caching Strategy determines which objects are placed into the web cache and how long they stay there Click the Caching Strategy drop down menu and then select one of the web caching strategies e Minimal All objects are cached unless the HTTP header specifically says not to such as no cache or an expire time that occurs in the past e Moderate default This is the default web caching strategy In Moderate caching mode the Web Cache keeps objects in the cache for longer than in Minimal mode The Web Cache also enforces a minimum age of 7
8. Fi e 5erver 2 via NXA A00OCS WXA 2OD RS 2 o x 108 Dell SonicWALL WXA 1 3 User s Guide Advanced Configuration Mode To configure WFS Acceleration in Advanced configuration mode use the Domain Details and Shares tabs to join the domain and add file shares Caution Advanced configuration mode should only be used if you need to specifically define server or share names The preferred way to configure WFS Acceleration is to use the Basic configuration mode This section contains the following subsections e Joining the Domain on page 109 e Adding File Shares on page 111 Joining the Domain To join the domain manually perform the following steps on the WXA series appliance Step1 In the WAN Acceleration gt WFS Acceleration page select the Domain Details Tab If this is the first time setting up WFS Acceleration an initial Domain Details page displays WAN Acceleration WES Acceleration Signed SMB Configuration Mode C Basic advanced The gpi hes mot yet joned the specified dman You must etter create an account for the apia on fe domain oF here if jon he domain ming Administrator credentials You must configure the semen and sheres bo which acceleration wall be appie on Gre Feres page Confhigquratien Statisti Cetera Details Shares Tete Advanced Options Join Domain Test Configuration Restart WFS Configured Domain Fully Qualified Domain Name th2tkic3 sonicwall com Configured
9. If your NSA TZ series appliance is using 5 8 1 x or 6 1 x firmware use the procedures in this section to configure WFS Acceleration for Signed SMB For more information on the WXA Setup Wizard refer to the SonicOS 5 9 Administrator s Guide To manually configure the WFS Acceleration service using signed SMB perform the following Step 1 Configure a network interface on the NSA TZ series appliance for the port you want to connect the WXA series appliance to The WXA series appliance must be connected to a NSA or TZ series appliance on a port other than XO and X1 See Configuring Network Interfaces on page 33 for details Step 2 Navigate to the WAN Acceleration gt WFS Acceleration page cceleration WFS Acceleration il ny Configuration Statistics Apply Changes WFS Acceleration Enable WES Acceleration 3 C unsigned SMB Support SMB Signing WFS Acceleration Address LAN Primary IP w T Step 3 Click the Configuration tab and then select the Enable WFS Acceleration checkbox Step4 Select the Support SMB Signing checkbox Step 5 Click the Apply Changes button Configuring WFS Acceleration 99 The Signed SMB Setup and Tools tab and Basic and Advanced configuration mode radio buttons display WAN Acceleration WES Acceleration Signed SMB Configuration Mode Basic O Advanced Configuration Statistics Signed SMB Setup Tools WFS Acceleration E Enable WFS Acceleration Cl Unsigned SMB E SMB Sign
10. Step 2 Step 3 Step 4 Test the performance or diagnose the Web Caching features on the Web Cache gt Tools tab by using the Web Request diagnostic tools and viewing the results DNS Lookups are not used in the operation of the Web cache but there is a DNS Name Lookup tool provided on this page for the Administrator This section contains the following subsections e Web Request on page 135 e DNS Name Lookup on page 136 The Web Request panel sends a request for the entered URL and displays the results including the requested URL HTTP response process time file size and download rate To configure the Web Request panel perform the following Navigate to the Web Cache gt Tools tab Click the Diagnostic Tools drop down menu and select Web Request IUIAR eration che Status Statistics Tools Diagneshe Too Web Request Ww Web Request Request URL http f Enter a URL e g google com in the Request URL http text field Click the Go button The test results display WAN Acceleration eb Cache Status Statistics Tools Diagnostic Tool Web Request wt Web Request Request URL http Results Request URL google com HTTP Response 200 OK Time 0 25 File Size 15 78 KB Download Rate 105KB s Configuring the Web Cache 135 DNS Name Lookup The DNS Name Lookup panel searches for a name or IP address and displays results including the address DNS server resolved status
11. and lookup time The DNS servers used in these lookups are the DNS servers inherited from the NSA TZ series appliance s settings They may be different to the DNS servers actually used on a user s PC To configure the DNS Name Lookup panel perform the following Step 1 Navigate to the Web Cache gt Tools tab Step 2 Click the Diagnostic Tool drop down menu and select DNS Name Lookup WAN Acceleration Web Cache Status Statistics Tools Dingneste Toot DNS Name Lookup FE DNS Name Lookup Primary DMS Secondary DNS Lookup Name or IP i Go Step 3 Enter a name or IP address e g www sonicwall com in the Lookup Name or IP text field Step 4 Click the Go button The test results display INAN Acrelerstarn f WAN Accelera ton i Web Cache Status Statistics Tools Diagnostic Tool ONS Name Look DNS Name Lookup Primary DNS 192 168 20 251 Secondary DNS Lookup Name or IP Results Address techpubs sonicwall com DNS Server 192 168 20 251 Resolved Resolved Approx Time 7881 ms 136 Dell SonicWALL WXA 1 3 User s Guide system 138 Dell SonicWALL WXA 1 3 User s Guide Chapter 11 Viewing the System Page WAN Acceleration gt System The System page provides options to monitor and change the WAN Acceleration system settings This chapter details the management interface functions of the System Status Interface Status Management Settings and Firmware tabs system
12. appropriate permissions Password Text Field The password for the user s account This is only visible required if the WXA series appliance does not have its own machine account with appropriate permissions Run WFS Configuration Tests But ton Initiates a test to ensure that the WFS Acceleration service is configured correctly Results Displays the results of the WFS Acceleration test Reverse DNS Displays the Reverse DNS address For more information on troubleshooting test results refer to Verifying the WFS Acceleration Configuration on page 117 Figure 14 Diagnostic Tool List Kerberos Servers Domain List Kerberos Servers List Kerberos Servers Option The List Kerberos Server Panel provides the following configuration options Name Description Domain Text Field Displays the domain for the Kerberos server Go Button Initiates the search and displays a list of the Kerberos servers Dell SonicWALL WXA 1 3 User s Guide Advanced Configuration Mode Clicking the Advanced configuration mode radio button displays the Domain Details and Shares tabs All other tabs Configuration Statistics and Tools appear the same in both Basic and Advanced configuration modes For details on the Configuration Statistics and Tools tabs see the Basic Configuration Mode on page 67 Caution Advanced configuration mode should only be used if you need to specifically define server or sha
13. domain records are also added to the server requiring the Administrator s credentials Cancel button Cancels the information entered and closes the Add Server pop up window Viewing the WFS Acceleration Page 75 Figure 9 Add Remote File Server Pop up Window Add Remote File Server x Select a remote file server from those discovered on the network The remote server should be a Windows file server hosting shared folders and files The WXA will attempt to discover the next hop WXA configured to provide accelerated access to that server Type a unique name or afas for the local WXA adding a dot will auto complete the name with that of the domain This is the name that should then be used in paths to folders and files on the remote server in order for file sharing operations to benefit from WFS Acceleration For example if the current path is remote_server docs under WFS Acceleration it will become local_ wxa docs After adding the server you will be prompted for an Administrator s credentials so that the necessary records can be created on the domain File operations to all of its shared folders and documents will be accelerated If you wish to limit WES Acceleration to specific shares this can be configured on the WFS Shares page in Advanced Configuration Mode File Server File Server 1 Local WXA Name WA 2000 R5 1 Apply Cancel F Name Description File Server text field Selects the rem
14. it is required that the WXA series appliance join the domain due to the presence of a security layer in Signed SMB traffic Although this type of configuration is more complex than unsigned SMB it offers a more granular configuration of the WFS Acceleration service Supporting SMB signing provides the option to configure WFS Acceleration in a Basic or Advanced configuration modes Refer to Configuring WFS Acceleration on page 97 for details on how to configure WFS Acceleration The Web Cache feature stores copies of Web pages passing through the network that are frequently and recently requested So when a user requests one of these Web pages it is retrieved from the local web cache instead of the Internet saving bandwidth and response time Minimal Moderate and Aggressive caching strategies are available these determine which objects are placed into the web cache and how long they stay there Refer to Configuring the Web Cache on page 131 for details on configuring the web cache New Features in WXA 1 3 The WXA 1 3 release includes the following new features Increased Supported Connections WXA 1 3 runs as a 64 bit system offering significant increases in concurrent connections over a 32 bit system e Extended Support for Localization Firmware support for Brazilian Portuguese Simplified Chinese Japanese and Korean languages is available e Web Cache Improvements Additional data fields and charts are added to the Web
15. the past e Moderate This is the default web caching strategy In Moderate caching mode the Web Cache keeps objects in the cache for longer than in Minimal mode The Web Cache also enforces a minimum age of 7 days on objects that don t include any no caching control options such as no cache no store or an explicit expiry time in the HTTP header e Aggressive In Aggressive mode the Web Cache ignores explicit expiry time enforcing a minimum age of 7 days reload and no cache options in HTTP headers Note The Web Cache never caches any data marked as private or auth requiring authorisation to access in the HIT TP header When switching from Aggressive or Moderate mode to Minimal mode any already cached objects that do not meet the Minimal caching strategy will be refreshed by the cache YouTube caching is implemented in both Moderate and Aggressive caching modes Cache Status Panel Provides read only data for the Following e Operational Status Displays the operational status of the Web Cache service e Web Requests Displays the response time in a value of seconds e Cache Size Displays the current size of the cache used by the Web Cache e Cache Free Space Displays the amount of disk space available to the Web Cache e Number of Cached Objects Displays the number of objects cur rently stored in the Web Cache Caution The Aggressive mode should be used with caution it violates the HT
16. using Transmission Control Protocol TCP acceleration methods Windows File Sharing WFS acceleration and Web caching The Dell SonicWALL WXA series appliance is deployed in conjunction with a Dell SonicWALL NSA TZ series appliance In this type of deployment the NSA TZ series appliance provides dynamic security services such as attack prevention Virtual Private Network VPN routing and Web Content Filtering The WAN Acceleration service can increase application performance Introduction 13 The illustration below displays the basic network topology for the Dell SonicWALL WXA series appliance and the NSA TZ series appliances Internet NSA TZ series appliance Switch Switch of of of PC PC Domain File Email Web WX lt A series WXA series PC Controller Server Server Server appliance appliance Central Site Branch Site Transmission Control Protocol Acceleration The TCP Acceleration service is a process that decreases the amount of data passing over the WAN by using compression which accelerates selected traffic passing between a central site and abranch site The selected traffic is stored in the Dell SonicWALL WXA series appliances shared databases as blocks of data and tagged with reference indexes This allows the WXA series appliances to only send the reference indexes which are smaller in size over the WAN instead of the actual data Refer to Configuring TCP Acceleration on page 47 for details on how
17. 9 wwa th g 61440 ix p h HQ tb20dc3 sonicwal coom rs th20dc3 sonicwaill com e Acd New Share Cache Name ad Read Configure Ahead ALL SHARES G 614 GAK TE200C3 FS wis WKA TB20 wxa tba0 g 61440 Pile F h HQ tb2idcd sonicwalloom rsi tb tdc3 sonicwall com Sae Acc New Shere r Cache Name a Fi Read Configure i Ahead ALL SHARES G Siso GACK Action Items Name Description Add Server Button When clicked the Add Server pop up is displayed see on page 93 This window allows you to configure a new remote server Update Domain Records Column Headings Name Remote Server Name Column Updates any missing domain records for SPN aliases and trusted for delegation When clicked the Update Domain Records pop up window displays see on page 95 requiring you to enter the Administrator s Credentials Description Displays the name of the remote server Note This may not physically be remote it might be on the local site Local WXA Name Column Displays the name or alias of the local WXA series appliance Default Cache Enabled Column Displays whether caching is enabled checked or disabled unchecked Default Cache Read Ahead Column Displays the size of the read ahead buffer Configure Column Displays Edit and Delete buttons Click the edit button to modify the configuration of the server Click the delete button to remove the file server from the configuration see
18. Action Buttons Description Advanced Options Configures the WFS Acceleration service in more detail with Client Signing Server Signing and Max Transmit which affect the CIFS packet size see on page 87 for details Join Domain Rejoin Domain The WXA series appliance joins the domain becomes part of the domain that is identified in the FQDN The Join Domain Pop up Window is displayed see on page 88 for details If the WXA series appliance has previously joined the domain the Rejoin Domain button is displayed If this is the first time a Join Domain button is displayed Unjoin Domain Removes all information about the current domain that the WXA series appliance has joined This button will no remove a configured domain hostname or servers shares from the configuration Test Configuration Tests the WFS Acceleration service and displays a WFS Configuration Test Results pop up window see on page 89 If the WFS Acceleration service is not working cor rectly reconfigure the domain details and then retest Viewing the WFS Acceleration Page 83 84 Name Description Restart WFS Restarts the WFS Acceleration service All existing sessions and file transfers will be terminated Update Domain Records Updates any missing domain records for SPN aliases configured remote servers to the Specific Trusted Host List and missing DNS records Displays an Update Domain Pop up window see on
19. Ahead 51440 bytes Add All Shares Update Domain Records Apply Cancel fi Step 3 Enter the Remote Server Name Select WXA 4000 CS 1 from the drop down list If the remote server is not in the list toggle the radio button and enter it manually in the text field Step 4 Enter a Local WXA Name WXA 2000 RS 1 Then add a period after the name Step 5 Click Apply The Update Domain Records pop up window displays Update Domain Records x Adds any missing domain records and removes stale records required for the oome functioning of WFS Acceleration Enter the username and password of a domain Administrator or other suitabhy qualified user Username Update Records ncel mi il Step 6 Enter your Administrator credentials Step 7 Click the Update Records button 114 Dell SonicWALL WXA 1 3 User s Guide Add File Server 2 Step 1 Click the Add Server button The Add Server pop up window displays Add Server Remote Server Name Look Up A the WA appliance is not specifically trusted to present delegated credentials to the remote server server X wanoptDogfood local This may be corrected by using the Update Domain Records function Local WXA Name See o j Default Cache Enabled Default Cache Read Ahead 51 440 bytes Add All Shares 7 Update Domain Records Apply Cancel Mb Step 2 Enter the Remote Server Name Select WXA 4000 CS 2 from the drop down list If the remote
20. Cancels the operation Figure 18 Configure Hostname Pop up Window Configure Hostname Default hostname ES3300 C5559EBA Leave the input field blank in order to use the default NOTE The device has already joined the domain Changing the hostname mar the device will have to be reprovisioned Hostname WXA4000 555A10E 3 Apply Cancel Name Description Hostname Text Field Input the desired hostname or leave the input field blank to use the default hostname Note If you are configuring a WXA 5000 Virtual Appliance or WXA 500 Live CD a default hostname is not provided you must enter one Apply Button Applies all changes Cancel Button Cancels the operation Viewing the WFS Acceleration Page 85 Note If the device has already joined the domain changing the host name requires the device to unjoin the domain and then rejoin the domain after the change is made Figure 19 Configure Kerberos Server Configure Kerberos Server Pop up Window x You can opt to have the Kerberos Server chosen automatically enter one manually or select one from the list of those discovered on the domain based on their Priority Weight and Round Trip Response Times RTT Current Selection Manually enter Kerberos Server Select a discovered Kerberos Server Kerberos Serwer iw Allow automatic choice of a discovered Kerberos Server th id ede thes sonicevall com Port Priority Weight RIT C baidi
21. Client Activation key Schedules Settings Packet Monitor Please enter WAN Acceleration Client license key In the WAN Acceleration Client Activation Key text field enter your WAN Acceleration Client license key then click the Submit button For reference the table below displays the maximum numbers of supported client licences per appliance Appliance Number of Supported Clients WXA 500 Live CD 20 WXA 2000 60 WXA 4000 120 WXA 5000 Virtual Appliance 120 WXA 6000 Software 120 Note Lower end NSA TZ series appliances may support less clients The WAN Acceleration Client now displays as Licensed Licenses License Management Manage Services Online Security Service Status Manage Service Nodes Lisers Licensed 4pop Control Licensed Kaspersky Enforced Client Anti virus and Anti Spyware Not Licensed Activate Mcafee Client Server Anti virus Suite Upgrade Renew Mcafee Enforced Client Anti virus and Anti Spyware Expired Upgrade Renew Share App Visualization Licensed Gateway Anti Virus Anti Spyware amp Intrusion Prevention Service Licensed Renew Deep Packet Inspection for SSL DPI 551L Virtual Assist E Mail Filtering Service VPH Global VPM Client Global YPN Client Enterprise YPN 5A SSL YPN WAN Acceleration Client WAN Acceleration Software Dell SonicWALL WXA 1 3 User s Guide Not Licensed Try Activate Licensed Upgrade Licensed Licensed Licensed Upgrade No
22. E Log Upgrade F Enable WXAC Debug Log W Check for upgrades automatically Check for Upgrade Step 13 Verify that the Enable Acceleration checkbox is selected t Note The Enable Acceleration checkbox is selected by default Step 14 Exit the NetExtender Properties window and then click the WXAC tab From this tab you can view the WXAC data of files downloading from the server SonicWALL NetExtender User win xp 1 Connected 0 Days 00 01 43 Status Routes BAS Wt A Compression 41 Compressed 13 94 MB Decompressed 23 83 MB Connections 1 Disconnect i amp 2013 Dell ci Y Appendix B Configuring the NetExtender WAN Acceleration Client 167
23. NETBIOS Domain TED Decovered 2 Hostname WMA TERLRS Configured 4 Kerbenss Seren Dakki hieIsoniewallean 33 Disove 7 LDAP Server bakk Hi bakk soniewalllcam 389 Disoovened Joined Domain r Machine Acodunt Exists p Trusted for Delegation D ut Configured Trusted for Delegation ta iS sone Reverse DNS Lovkup E 1920158 30 1 correctly rees fo wehh hkk aowa oan Step2 Click Join Domain Configuring WFS Acceleration 109 The Join Domain pop up window displays Join Domain x To hawe Che WOU seme apoiase jam the doman enter an Admmrstrator s credentials and cick on Ge Bullion below Cancel F Step 3 Enter the username and password for the administrator of the domain or an account that can join the WXA series appliance to the domain Step 4 Click the Join Domain button A Join Domain Results pop up window displays showing live results of the join domain command The WXA series appliance will create a computer account on the domain controller using the hostname entered in Join Domain pop up window The Domain Details tab populates with the configured Domain Details WAN Acceiarsizan WES Acceleration Signed SMB Configuration Mode C Beie C Advanced A a ou mest configure ie seres and sheres bo which acceleration will be apie on e Fees pee Cirirfigur tieri Statistiks Dom in Details Shares Trw Adwanced Options Rejoin Domain Unjoin Domain Test Configuration Restart WFS Add Domain Records Con
24. NetBIOS Broadcast Gateway o 0 0 0 a C Enable Multicast Interface Select an interface Permit Acceleration Metric C Apply NAT Policies Comment fe Management via this SA Ej HTS E ssh Disable route when the interface is disconnected User login via this SA CI HTTP C HTTPS C Allow VPN path to take precedence Default LAN Gateway optional VPN Policy bound to Zone WAN Permit Acceleration Probe Disable route when probe succeeds Probe default state is UP Step 2 Configure a network interface on the NSA TZ series appliance for the port you want to connect the WXA series appliance to The WXA series appliance must be connected to a NSA or TZ series appliance on a port other than XO and X1 See Configuring Network Interfaces on page 33 for details Step 3 Navigate to the WAN Acceleration gt WFS Acceleration page ocelerstion WAN WES Acceleration Configuration Stalinia Apply Changes WFS Acceleration Enable WFS Acceleration Unsigned S15 7 Ol Support SMB Signing Step 4 Click the Configuration tab and then select the Enable WFS Acceleration checkbox Step 5 Select the Unsigned SMB checkbox Step 6 Click the Apply Changes button 98 Dell SonicWALL WXA 1 3 User s Guide Configuring WFS Acceleration Using Signed SMB The preferred way to configure WFS Acceleration for Signed SMB is to use the WXA Setup Wizard However this is currently only available if running SonicOS 5 9 firmware
25. Note The address for the WXA series appliance normally remains private because it is behind the managing NSA TZ series appliance s IP address which is already used for routing across the network Authentication Code Displays the authentication code for the WXA series appliance Note The authentication code is only needed when configuring a WXA series appliance to auto join itself to the domain Joined Domain Displays the domain that the WXA series appliance joined Note You can verify the WFS Acceleration status on the WAN Acceleration gt Status page Viewing the WFS Acceleration Page 69 Statistics Tab 70 The Statistics tab displays performance statistics for the WFS Acceleration service Note The WFS Cache statistics displayed in this page only represent Signed SMB traffic If you are using Unsigned SMB the WFS Cache statistics do not apply WAH Acceleration WFS Acceleration Signed SMB Configuration Mede E Emsie O Avance Configure ten Statist Sigried SME Setup Tiis Comring Period Past 30 days chart Flush Cache DS Radek mc iil Total Data Reduction Y0 aia a5 From Thursday October 11 2012 3 00 00 PM Cache Sine oe Cache Free Space 3165 Egress Name Description Covering Period Drop down Click the Covering Period drop down list and select the period of time the data displays on the Statistics tab Chart Drop down Selects the graph style us
26. Please refer to the documentation for more details Using an Administrator s credentials will ensure that the device is trusted for delegation Otherwise you will need to configure that option on the domain controller Username Password Name Join Domain Cancel Description Join Domain button Joins the WXA series appliance to the domain Note The join domain process adds the relevant domain records for the WXA series appliance which requires administrator s credentials Cancel button Dell SonicWALL WXA 1 3 User s Guide Cancels any information entered and closes the Join Domain pop up win dow Figure 5 Join Domain Results Join Domain Results Summary of Results Successfully jared fhe Doman Details m Checking S congr Dhek doran connie meme for bakki itak ieam Check doran oboe siie for hH kaona Checking crsdentiai Checking NETEIOS doman NETSIOS domam m TEAD Frecenng to jn donan bng doman Checking WS conga Set frosted for egim eeoe8 8B 2VeesBesd es Name Description Summary of Results Read only Displays a summary of results after the WXA series appliance joins the domain Details Read only Details the steps performed in the domain joining procedure A green circle indicates a pass and a red circle indicates a failure If the WXA series appliance is joined to the domain the Add Server and Update Domain Records buttons display along with the domain detail
27. Refreshes the graph with the most recent TCP Acceleration data Data and Graphs Connections Tab ie IN doce See TCP Acceleration Confiquraten States local Iderien TA 535E Geeta Hoda eA ae E tr r Start Time Erd Time 4g PH 4 37 25 PH 4 372 PH 4 37 75 PH 4 37 22 PH 4 37 51 PH 4 37 21 PH 4 33 05 PH 4 01 45 PH 4 00 15 PH 3 53 02 PH 3 53 05 FPH 3 53 01 PH 3 59 34 PH 3 53 01 3 59 04 F a i 3 17 30 J J 3 17 30 PA 3 17 32 PF 3 17 30 PM 3 17 72 P 3 17 23 PH 3 79 23 FM 2 55 19 PH P j PH 2 PFI 2 54 47 P r MY ba HA te E E bi i co i u W y r Lm E e T E L bJ aj 2 24 52 PH 2 20 46 PM m 2 22 32 PH BoR OR Hoi gn H H i e H e j j G m 4 bi bi bi bi pd m E e E a oe ke Filter by Showing 1 fo 20 of 200 eres Action Items Name Intater Remote Mode Src IP Sr Port Dest IP Dest Pert Egress LAN LAN LAH LAN WAN Lan LAM States Breakdown Displays read only data for the Remote Node Direction Threshold Total Con nections and Covering Period This data is also displayed in the graph recent B00 ae M ca Ed 3 00 50 42 152 158 30 55 H 132 158 20 51 aa p a 70 50 42 152 1658 30 3 5 152 158 20 251 z359 p p 00 50 42 132 154 3059 P 152168 20251 i538 00 50 42 152 158 3059 a 192 1648 30251 9156 e m 20 50 42 192 168 20252 aa 152 158 30255 49155
28. SMB Configuration Mode pasic Advanced Configuration Statistics Signed SMB Setup Tools Join Domain Domain Details Domain th20dc3 sonicwall com A The WXA series appliance has not yet joined the domain Hostname WA TB20 RS out Step 2 Enter the following in the Domain Details panel a Click the Configure icon located next to Hostname A Configure Hostname pop up window displays Configure Hostname x Default hostname WKAS000 S55A10E Leave the input field blank in order to use the default Hostname Apply Cancel Hs b Enter a friendly hostname or leave the Hostname text field blank to use the default hostname The WXA series appliance automatically creates a hostname for you but it is recommended that you create your own friendly hostname c Click the Apply button Configuring WFS Acceleration 101 102 Step 3 Click Join Domain The Join Domain pop up window displays Join Domain Enter the username and password of an account that can join the WXA Appliance to the domain Please refer to the documentation for more details Using an Administrator s credentials will ensure that the device is trusted for delegation Otherwise you will need to configure that option on the domain controller Username Password Join Domain Cancel Step 4 Enter the username and password for the administrator of the domain or an account that can join the WXA series appliance to the domain Step
29. a Bich Pered i Thursday january 05 2012 1 00 00 PH Thursday January 12 2012 4 31 55 PH m m Name Description Covering Period Click the Covering Period drop down list and select the period of time the data dis plays on the Statistics tab Chart Selects the graph style used to display the TCP Acceleration data Refresh Actions Refreshes the data displayed in the WAN Acceleration gt Statistics tab The refresh interval can be entered in the text field The interval can be increased to a maximum of 999 seconds Click the Refresh symbol to manually update the Statistics tab Click the Pause button to stop updates on the page Data and Graphs Displays read only data for the following e Total Data Reduction percentage WAN capacity increase factor New Connections Closed Connections Peak Connections Egress Ingress data illustrated with bar graphs corresponding to the site you are viewing from Viewing the TCP Acceleration Page 43 Statistics Breakdown Tab Socel rsiion TCP Acceleration Criteri States Statehecs Greakdowen Dirrie irie Display T show Top Y petermined By Highest Data Reduction J Plot Graphe Dest Port Top 5 by Highest Data Reduction a 7 Remote Mede ALL Remote Modes Conwr srineg Pered Dirett Com Bene From Thusiay lanua 12 2012 3 18 21 AM Thiresharid 5 byte by Total To Thursday January 12 3012 11 51 45 AM Total Correctors 32 Exiudes Mo
30. days on objects that don t include any no caching control options such as no cache no store or an explicit expiry time in the HT TP header Aggressive In Aggressive mode the Web Cache ignores explicit expiry time enforcing a minimum age of 7 days reload and no cache options in HI TP headers Caution The Aggressive mode should be used with caution it violates the HTTP standard and may lead to unwanted consequences Step 10 Click the Apply Changes button Step 11 Verify the Web Cache service is working see Verifying Web Cache Operation on page 134 for details Configuring the Web Cache 133 Verifying Web Cache Operation After Configuring the Web Cache service perform the following verification steps Step 1 Navigate to the Web Cache gt Statistics tab WAN Acceleration Web Cache Status Statistics Tools Covering Period Past 30 days i Chart Summary Data Since 2 7 2014 3 00 00 PM 7 Current Status Total Data Reduction o 279 7 Cache Size 27 50 MB 7 WAN Capacity Increase Factor L4 7 Cache Free Space 62 47GB 7 Requests iok Number of Cached Objects J7 7 Hits 3 7 Errors g7 Bandwidth MM Sent Conveyed TB 19 MB 36 MEB 57 ME 76 ME 35 MB 1i4 MB Step2 View the number of cached objects to confirm the Web Cache service is working 134 Dell SonicWALL WXA 1 3 User s Guide Ge Diagnosing and Testing Performance of the Web Cache Web Request Step 1
31. domain records and removes stale reconds required for the oome functioning of WFS Acceleration Enter the username and password of a domain Administrator or other suitabhy qualified user password Sd Update Records Cancel Step 11 Enter your Administrator credentials Step 12 Click the Update Records button Configure the WXA 2000 appliance on the Branch Site Add File Server 1 Step 1 Navigate to the WAN Acceleration gt WFS Acceleration gt Signed SMB Setup tab Step 2 Click the File Servers to Show Remote radio button SEPA RD A l Pn y WAN Acceleration WES Acceleration Configuration Mode Basic i Advanced Configuration Basic Setup Statistics Tools Add Server File Servers to Show C Local Remote Step 3 Click the Add Server button Configuring WFS Acceleration 105 The Add Remote Server pop up window displays Add Remote File Server Select a remote file server from those discovered on the network The remote server should be a Windows file server hosting shared folders and files The WXA will attempt to discover the next hop WXA configured to provide accelerated access to that server Type a unique name or ates for the local WXA adding a dot will auto complete the name with that of the domain This is the name that should then be used in paths to folders and files on the remote server in order for file sharing operations to benefit from WFS Acceleration For example if the current path is
32. lIndicates that probing did not detect a WXA series appli ance Ensure the connection between the WXA series appliance and the SonicOS series appliance is properly set up before continuing with further configuration e Resetting lndicates that either the status of the WAN Acceleration service or the presence of a WXA series appliance has just changed and the configuration is being reset accordingly Refresh the page in a few moments lIndicates the presence and status of a WXA series appli ance is not known This may be because the WAN Acceleration service is disabled in which case probing is turned off Alternatively it may be that probing is just starting Displays the amount of time the appliance has been running Displays the WXA series appliance model number Serial Number Displays the WXA series appliance serial number Viewing Status Information 27 Name Description Authentication Code Displays the authentication code used to register the WXA series appli ance Note This is also used as the password for a machine account when automatically provisioning the WXA series appliance Firmware Version TCP Acceleration Panel TCP Acceleration TOP Acceleration Service Status on WXA Since 6 6 2013 11 00 00 AM Total Data Reduction Vo WAN Capacity Increase Factor Connections Max i200 Peak New ii Closed Name Displays the firmware version that is currently loaded on the
33. page and is split up in two sections Unsigned SMB and Signed SMB Some of the tabs and options on this page might be hidden depending on which type of SMB signing and configuration mode is selected see below for details In a network that supports unsigned SMB traffic the WFS Acceleration service configuration is greatly simplified The reason for this is Unsigned SMB traffic does not have a security layer so the WXA series appliance can intercept the traffic without joining the domain eliminating the need to configure custom zones configuring reverse lookup and add file shares In a network that supports SMB signing it is required that the WXA series appliance join the domain due to the presence of a security layer in Signed SMB traffic Although this type of configuration is more complex than unsigned SMB it offers a more granular configuration of the WFS Acceleration service Supporting SMB signing provides the option to configure WFS Acceleration in a Basic or Advanced configuration modes When using Unsigned SMB only the Configuration and Statistics tabs are present WES Acceleration Configquraten Statisti Apply Changes WES Acceleration Enable WFS deceleration Unsigned S45 Viewing the WFS Acceleration Page 63 When using SMB Signing additional tabs display depending on which configuration mode is selected Basic or Advanced which is explained below The Basic configuration mode displays the Configuration Statisti
34. protocol server Add read only and read write communities for a specific client IP or subnet Add New Community x Community Name SS e Community Name Enter the community name being used to communicate with the SNMP feature e Access Select none read only or read write e Any Source Select the Any Source checkbox remove all source restrictions e Source Select the Source checkbox to enter a source manually e Apply Applies all changes e Cancel Cancels the operation Viewing the System Page 143 Syslog Server Name Description Syslog Server Panel Sets the server IP address to which log messages are sent Apply Changes Button Settings Tab 144 System Settings Settings Download Activate Delete default Active Settings Name Refresh Applies all changes Settings Upload Settings XML File Browse Description Refreshes the Settings tab Settings Panel Upload Settings XML File Panel Dell SonicWALL WXA 1 3 User s Guide Manage the settings by downloading new settings or delete old unused settings Search for settings XML file to upload from your PC Once settings are uploaded they are added to the Settings panel and may be activated Firmware Tab WAM Acceleration System System Status InterFace Status Current Settings Management Settings Firmware Before making any changes to the firmware itis advisable to download a copy o
35. ready to accelerating wide area file shar ing operations as soon as the component is enabled Note There are separate switches to control support for Signed and Unsigned SMB traffic e No Domain To accelerate Signed SMB traffic the WXA series appliance must join the Windows domain This indicates that sup port for Signed SMB is enabled but either the WXA series appliance has not joined the Domain or its status on the domain is unknown Note This status will not display if using Unsigned SMB only e Unavailable Indicates the WFS Acceleration service is not run ning on the connected WXA series appliance or there may be an error Indicates the status of the WFS Acceleration service on the connected WXA series appliance is not known at the present time Viewing Status Information 29 Name Description Windows Domain The Windows domain on which the WXA series appliance will accelerate access to configured shares Note This field is not displayed if using Unsigned SMB only Total Data Reduction The total percentage of data reduced by the WFS Acceleration ser vice WAN Capacity Increase Factor Displays the total amount of WAN capacity increase over the speci fied period of time Cache Size Displays the amount of read ahead data stored in the cache Note The WFS Cache statistics displayed in this page only repre sent Signed SMB traffic If you are using Unsigned SMB the W
36. thd sonicwall com a 0 100 93 275 ms 93 4 a Illl Apply Cancel Name Description Configure Kerberos Server radio Select the desired configuration from these options buttons e Allow automatic choice of a discovered Kerberos Server Display the auto selected server e Manually enter Kerberos Server Enter the name and port number for the Kerberos Server used for authentication to the domain e Select a discovered Kerberos Server Choose one from the list Kerberos Server list List the discovered Kerberos Servers with informa tion on the following performance metrics e Priority The priority of the Kerberos Server lower values are preferred e Weight The relative weight for Kerberos Servers with the same priority Higher values are preferred e RTT The round trip time for probes to the Kerbe ros Server Apply Button Cancel Button Applies all changes Cancels the operation Note The LDAP Server and the Kerberos Server are usually the same computer 86 Dell SonicWALL WXA 1 3 User s Guide Figure 20 Time Synchronization a Sa ei Haan e eae m br A i a aa are Es ar Ea eer N P i a g Choose between using the Domain Controler recommended for WES an a specified NTP Server as Time Synchronization Pop up Window the source for time synchronization on the WA W Use the Domain Controller for time synchronization NTP Server a Apply Name Cancel Description Use the
37. type of network environment used If the Client PC is already joined to a domain it is recommended to use Signed SMB If you are not sure of the Client PC s domain joining status it is recommended to use Unsigned SMB to begin with Unsigned SMB In a network that supports unsigned SMB traffic the WFS Acceleration service configuration is greatly simplified The reason for this is unsigned SMB traffic does not have a security layer so the WXA series appliance can intercept the traffic without joining the domain eliminating the need to configure custom zones configuring reverse lookup and add file shares Unsigned SMB is enabled by default Signed SMB In a network that supports SMB signing it is required that the WXA series appliance join the domain due to the presence of a security layer in signed SMB traffic Although this type of configuration is more complex than unsigned SMB it offers a more granular configuration of the WFS Acceleration service The WAN Acceleration gt WFS Acceleration page displays a warning when signed SMB traffic is detected on the network If this warning is present please enable the Support SMB Signing checkbox join the WXA appliance to the domain and access the signed shares through the WXA appliance s shares Supporting SMB signing provides the option to configure WFS Acceleration in a Basic or Advanced configuration mode The Basic configuration mode recommended is a simplified WFS Acceleration
38. woe th2Qhg th20dc3 sonicwall com 192 188 20 1 a j E 1 wee tb2Dlrs tb2idc3 sonicwall com 3 152 168 311 Local WA Reverse DNS Remote Server Go or sik Hoss G vE Specie Hosts ME VE 192 158 30 1 comecthy resolves to wexe th2Q s thikdcd sonicwall com The WFS Configuration Test Results page displays the test results for the WFS Acceleration service A green circle indicates a successful configuration and a red circle indicates an error Hover over the circle icons to display the details for that configuration The results are listed in a table with the following columns Name Description Server Display the remote server or local WXA names Resolves To Displays the IP address that the WXA series appliance is resolved to Used in Share Config Displays the server that is used for sharing This can be an actual server or a WXA series appliance Short SPN Verifies a short SPN is present on the machine account Long SPN Verifies a long SPN is present on the machine account Trusted for Delegation Lists the general server or specific hosts that are trusted for delegation by the WXA series appliance Accept Delegation Displays the hosts that are trusted to present delegated credentials to the WXA series appliance Accepted Connection Verifies the server accepted an authenticated connection Propagated Connection Verifies the server propagated an a
39. 5 Click the Join Domain button The WXA series appliance will create a computer account on the domain controller using the hostname entered in Join Domain pop up window The Signed SMB Setup tab populates with the configured Domain Details WAN Acceleration WFS Acceleration Signed SME Configuration Mode Basic O Advanced Configuration Statistics Signed SMB Setup Tools Add Server Update Domain Records H temerin to Cine Ehei Domain Details Domain th20dc3 sonicwall com Hostname WYXA Tb20 R5 Dell SonicWALL WXA 1 3 User s Guide Adding File Shares The Basic server configuration mode does not require you to create SPNs for the remote servers or match remote and local WXA appliance names In Basic mode all available shares are added when a server is configured When adding a server using the Basic configuration mode the Administrator s credentials must be entered enabling the WXA series appliance to add the SPN aliases for the share automatically Note If file servers were previously configured in the Advanced configuration mode they might not display in the Basic configuration mode s Signed SMB Setup tab It is recommended to enter a dot after the Local WXA Name this auto completes the name with that of the domain The following Illustration and configuration steps provide an example of how to add file shares In this example deployment scenario the Central site contains all the file servers and th
40. 9 Administrator s Guide The initial setup includes configuring network interfaces for the WXA series appliance enabling the WAN Acceleration service and creating a static DHCP lease for the WXA series appliance All configuration procedures are performed on the NSA TZ series appliance s management interface For licensing information refer to the WXA 500 Live CD Getting Started Guide or WXA 5000 Virtual Appliance Getting Started Guide After completing the initial configuration steps in this chapter refer to Configuring TCP Acceleration on page 47 and Configuring WFS Acceleration on page 97 to configure the TCP and WFS Acceleration services Note This configuration example uses the X5 interface but you can use any spare interface on the NSA TZ security appliance Configuring the WXA Series Appliance 33 To configure your NSA TZ security appliance to be used with the WXA series appliance perform the following steps Step 1 Open a Web browser Step 2 Access the SonicOS Management interface Step 3 Navigate to the Network gt Interfaces page Accept Interface Settings Name Fone Group IP Address Subnet Mask IF Assignment Status Comment Configure XO LAN 192 168 168 168 255 255 255 0 Static No link Default LAN i Xi WAN Default LE Group 10 203 285 40 255 255 255 0 Static 100 Mbps full duplex Default WAN 7 X2 Unassigned 0 0 0 0 0 0 0 0 N A No link Pa X3 Unassigned 0 0 0 0 0 0 0 0 N A No link Pag x4 Unassig
41. B In a network that supports SMB signing it is required that the WXA series appliance join the domain due to the presence of a security layer in signed SMB traffic Although this type of configuration is more complex than unsigned SMB it offers a more granular configuration of the WFS Acceleration service The WAN Acceleration gt WFS Acceleration page displays a warning when signed SMB traffic is detected on the network If this warning is present please enable the Support SMB Signing checkbox join the WXA appliance to the domain and access the signed shares through the WXA appliance s shares WES Basic Configuration Mode The Basic configuration mode is a simplified and user friendly way to have the Dell SonicWALL WXA series appliance join the domain add servers to the configuration and create the necessary records on the domain The Basic mode is available when using Signed SMB and is the preferred mode for configuring WFS Acceleration Web Cache Management The Web Cache feature stores copies of Web pages passing through the network that are frequently and recently requested When a user requests one of these Web pages it is retrieved from the local web cache instead of the Internet which can result in significant reductions in downloaded data and bandwidth usage YouTube Web Caching The Web Cache feature is capable of caching YouTube videos currently only Flash video format is supported This feature is only avai
42. Cache gt Statistics page allowing the user to filter the page to display data for particular subnets and certain IP addresses e Manual Server Entry for Signed SMB The option to manually enter a server or share name is added to the Signed SMB configuration Introduction 15 Key Features in WXA 1 3 The WXA 1 3 release includes the following Key features Wan Acceleration The WAN Acceleration service allows network administrators to accelerate WAN traffic between a central site and a branch site by using Transmission Control Protocol TCP and Windows File Sharing WFS TCP Acceleration The TCP Acceleration service is a process that decreases the amount of data passing over the WAN by using compression which accelerates selected traffic passing between a central site and a branch site WFS Acceleration WAN Acceleration refers to a wide range of technologies that are aimed at accelerating applications improving throughput and enabling bandwidth scalability using Windows File Sharing WFS Unsigned SMB In a network that supports unsigned SMB traffic the WFS Acceleration service configuration is greatly simplified The reason for this is unsigned SMB traffic does not have a security layer so the WXA series appliance can intercept the traffic without joining the domain eliminating the need to configure custom zones configuring reverse lookup and add file shares Unsigned SMB is enabled by default Signed SM
43. Domain Controller for Time Synchronization Checkbox When enabled checked the domain controller is used as the time synchronization source NTP Server Text Field Overrides the domain controller synchronization by specify a NTP server in the required field Validate Button Validates that the NTP Server specified can be connected and that the server provide the current time Apply Button Applies all changes Cancel Button Figure 21 Advanced Options Client Signing Em bytes Server Signing auto Max Transmit 4096 Apply Name Cancels the operation Advanced Options Pop up Window Cancel Description Client Signing Drop down Identifies the server message block SMB signing between the WXA series appliance and the Windows client Server Signing Drop down Identifies the SMB signing between the WXA series appliance and the server Max Transmit Text Field Sets the largest block of data that can be written at any one time Apply Button Applies all changes Cancel Button Cancels the operation Viewing the WFS Acceleration Page 87 88 Figure 22 Join Domain Pop up Window Join Domain F Enter the username and password of an account that can join the WA Appliance to the domain Please refer to the documentation for more details Using an Administrator s credentials will ensure that the device is trusted for delegation Oth
44. Example equation BDP lt expected number of user sessions gt where BDP link rate in kilobytes link latency Add All Shares Checkbox When enabled checked all shares are added on the server for WFS Acceleration Otherwise individual shares must be added manually Update Domain Records Checkbox Updates any missing domain records for SPN aliases configured remote servers to the Specific Trusted Host List and missing DNS records Requires the user to enter Admin credentials in a second pop up window Viewing the WFS Acceleration Page 93 94 Name Description Apply Button Applies all changes Cancel Button Cancels the operation Figure 28 Add Share and Edit Share Details Pop up Windows Add Share x Edit Share Details x All Shares All Shares Select Share T Select Share T Be Enter Name documents Enber Mare HWocuMments Cache Enabled 7 Cache Enabled Cache Read Ahead 61440 bytes 7 Name Cache Read Ahead 51440 eyt Apply Cancel A Description All Shares Option All shares are added to the server Share Name Drop down menu Provides a list of available shares on the remote server not always available Enter Name Text Field Manually enter the name of a share Cache Enabled Checkbox When enabled checked data is stored in the cache Cache Read Ahead Text Field Apply Button The number of bytes that the cach
45. FS Cache statistics do not apply Web Cache Panel Web Cache Web Cache Enabled Service Status on WKA Running Since 5 13 2013 4 00 00 PH Total Data Reduction 100 0 WAN Capacity Increase Factor 0 0 Cache Size 16 94 MB 7 Cache Free Space 62 48 GB ss Number of Cached Objects 814 b Name Description Web Cache e Enabled lIndicates that WAN Acceleration is enabled and that 30 web traffic passing through the NSA TZ series appliance is to be redirected to the Web Cache on the WXA series appliance e Disabled lIndicates that the Web Cache is not enabled and web traffic passing through the NSA TZ series appliance is not redi rected to the Web Cache on the WXA series appliance Service Status on WXA The current operational status of the Web Cache e Running lIndicates the Web Cache service is running normally e Ready lIndicates the Web Cache service is ready to begin cach ing as soon as the component is enabled e Unavailable Indicates the Web Cache service is not running on the WXA series appliance this may be due to an error e Indicates that the status of the Web Cache service on the connected WXA series appliance is not known at the present moment Total Data Reduction Displays the difference between the data conveyed and the data sent represented as a percentage WAN Capacity Increase Factor Indicates the total amount of WAN capacity increase over the speci fied period of t
46. File Server 2 Step 11 Enter a local WXA name WXA 2000 RS 2 Note Adding a dot after the name will auto complete the name with that of the domain This the local WXA Name is the name that should then be used in paths to folders and files on the remote server in order for the file sharing operations to benefit from WFS Acceleration For example if the current path is remote_server docs under WFS Acceleration it will become local_Wxa docs Step 12 Click Apply Configuring WFS Acceleration 107 The Update Domain Records pop up window displays Update Domain Records x Adds any missing domain records and removes stale records required for the comect functioning of WFS Acceleration Enter the username and password of a domain Administrator or other suitably qualified user Update Records Cancel Step 13 Enter your Administrator credentials Step 14 Click the Update Records button The Configured File Servers panel in the Signed SMB Setup tab populates the configured file server WAN Acceleration WES Ac ce ration Configuration Mode Bssic O Advanced Configuration Basic Setup Statistics Tools Add Server Add Domain Records File Servers to Show Local Remote Domain Details Domain thc sonicwall oom Hostname WXA TEJI ES Configured File Servers i Via Next Hop WA Domain File Server Local WXA Name Records Remove File Server 1 File Server 1 via WeA4OR CS WEXA 2000 R5 1 o K File 5erver 2
47. TP standard and may lead to unwanted consequences Viewing the Web Cache Page 125 Statistics Tab LAI SBI Web Cache Status Statistics Tools Covering Period Fast 30 days T i Chart Summary YF a yl Data Since 2 7 2014 3 00 00 PM 7 Current Status Total Data Reduction o 27 9 7 Cache Size 27 50 MB WAN Capacity Increase Factor L4 7 Cache Free Space 62 47 GB 7 Requests i0k Number of Cached Objects 337 7 Hits 39 7 Errors a Bandwidth Name MM Sent Conveyed 57 MB 76 MB 55 MB 1i4 MB Description Covering Period Drop Down Menu Click the Covering Period drop down menu and select the period of time the data displays on the Statistics tab Chart Drop Down Menu Selects what data displays in the graph For details on the differ ent chart types see Graphs on page 127 Refresh Button Refreshes the Web Cache gt Statistics tab Data Since Displays the actual period covered using the statistics shown in the data and graphs Note This might differ from the chosen covering period depending on the data stored and available on the appliance Total Data Reduction Displays the difference between the data conveyed and the data sent represented as a percentage WAN Capacity Increase Factor Displays the ratio of the amount of data conveyed to the amount actually sent This can be used as a guide to how much extra capacity the WAN gained without any increase in b
48. The authentication code should be used as the password for the computer account Sew Object Computer aj Create in wafs 1 wanopt tesk Computers Computer name fastboxhgq Computer name pre indowe 2000 FASTBOXHQ The following user or group can join this computer to a domain User or group E efault Domain Admins Assign this computer account as a pre Windows 2000 computer Assign this computer account as a backup domain controller Cancel Step 2 Click Change Appendix A Configuring the WXA to the Domain Without Using the WXA Management Interface 153 Step3 In the Enter the object name to select text field enter SELF and then click OK Note This is also required when manually joining using a non admin account Select User or Group X Select this object type User Group or Built in security principal Object Types From this location wats Wwanopt test Locations Enter the object name to elect examples SELF E Check Names Advanced Cancel A Step 4 Right click on the computer account go to Properties ESAES33X 559F6A Properties x General Operating System Memberof Delegation Location ManagedBy Dalin Delegation is a secunty sensitive operation which allows services to act on behalf of another user Do not trust this computer for delegation Trust this See en to any service ee Use Kerberos o
49. WXA 1 3 User s Guide SonicWALL Notes Cautions and Warnings NOTE A NOTE indicates important information that helps you make better use of your system K CAUTION A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed A WARNING A WARNING indicates a potential for property damage personal injury or death 2014 Dell Inc Trademarks Dell the DELL logo SonicWALL and all other SonicWALL product and service names and slogans are trademarks of Dell Inc 2014 02 P N 232 002401 00 Rev A 2 Dell SonicWALL WXA 1 3 User s Guide Table of Contents Part Introduction Chapter PretaCe lt 2 ses a eae ee oe ad ae SR eee Rw a ea 9 PADOUT TMS GUIGS ics a aa Beate Sect a aie Scie aca Abe Mate eed eae eee 9 Organization Of hig Guide vite nt ooetaw cree Cetera od eed ewe 9 Guide Convenios sey godess Oa cen ave keel ela eens ane a Sh ee wee Se 11 Dell SonicWALL Technical Support 000 eee es 11 More Information on Dell SonicWALL Products 00000 eee 12 Curent Bore s agit cli eee ae eae ee ee ee eee eee gee eee ea ees 12 Chapter 2 IntrodUCUION 4 2 206 do Mees Seda hk eee eee eee eh dea oa es 13 MALO CUCHIOM amp gee utes dive gma whee inter oie Seti a eon a a Aa ee au aa eee 13 What is WAN Acceleration iias stn gi ecn vee ete beew ewe hea Rew ecen 13 New Features IM WAA i a lena sistas tty titers acetal a OL a a 15 Key Features ID WAAT S eae obo
50. WXA series appliance Enabled Running a 49 4 1 9 ae Current h ii Description TCP Acceleration Service Status on WXA Total Data Reduction 28 Dell SonicWALL WXA 1 3 User s Guide e Enabled lIndicates that both the WAN Acceleration service and the specific TCP Acceleration switches are enabled TCP traffic is sent to the WXA series appliance in order to be accelerated across the network e Disabled lIndicates the TCP Acceleration service or the general WAN Acceleration service is disabled The current status of the TCP Acceleration service e Running Indicates the TCP Acceleration service on the WXA series appliance is accelerating TCP connections e Ready Indicates the TCP Acceleration service on the WXA series appliance is up and ready to accelerate TCP connections as soon as the component is enabled e Unavailable lIndicates the TCP Acceleration service is either not running on the connected WXA series appliance or there is an error e Indicates the status of the TCP Acceleration service on the WXA series appliance is not known at the moment The total percentage of data reduced by the TCP Acceleration ser vice Name Description WAN Capacity Increase Factor The ratio of the amount of data conveyed to the amount that is actually sent Use this as a guide for how much extra capacity the WAN has gained without any increase in bandwidth Connections WES Acceleration Pa
51. XA appliances at both locations therefore there is no need for additional configuration to the access rules Set a WAN gt LAN zone if using Layer 2 Bridge mode Note Access rules are necessary for the traffic coming from VPN gt LAN and LAN gt VPN to be open for WXA associated traffic and the default zone properties of the LAN takes care of handling traffic without manually adding or modifying any access rules Both WXA appliances deployed at each location should be able to communicate with each other without being blocked by access rules or firewall policies If you need to customize a zone for WFS acceleration make sure VPN remote users are allowed to access the WXA appliance If additional domain controllers and file servers are located in any zone other than the LAN necessary access rules must be configured to allow traffic from and to the WXA appliance to those zones as well as from and to the NSA TZ security appliance For example consider at the central site if the WXA appliance is deployed in the DMZ zone the access rules must be configured to allow traffic from VPN gt DMZ and LAN gt DMZ so that traffic to the WXA appliance from the VPN and from the LAN zones are allowed to the WXA appliance 156 Dell SonicWALL WXA 1 3 User s Guide Configuring Reverse Lookup After both WXA appliances are added to the domain corresponding Computer Accounts for WXA appliances DNS Host name and Pointer PTR records are automatically created
52. a routing policy for incoming traffic from the branch site On the branch site configure a routing policy for incoming traffic from the central site The steps in this section are an example of configuring a routing policy on the branch site for traffic coming from the central site incoming Navigate to the Network gt Address Objects page Items 1 to 27 of 27 1al a ile Go to Address Groups Refresh All Purge All Delete All Address Detail Type Fone Configure Comments 192 168 168 168 255 255 255 255 Host LAN 192 168 168 0 255 255 255 0 Network LAN 10 203 28 40 255 255 255 255 Host WAN 10 203 28 0 255 255 255 0 Network WAN Click the Add button The Add Address Object Group pop up window displays SONICWALL Network Security Appliance Name Branch Site Zone Assignment LAN Type Network Network 192 168 20 0 Netmask 255 255 255 0 Ready OO O Add Close Enter a name Branch Site for the address object in the Name text field Click the Zone Assignment drop down select LAN Click the Type drop down select Network Enter the LAN IP address of the Branch Site 192 168 20 0 in the Network text field Enter the netmask IP address 255 255 255 0 in the Netmask text field Click the Add button Configuring TCP Acceleration 53 Route Policies View Style all 54 rl 2 El 4 Step9 Navigate to the Network gt Routing page Polides Custom Policies Sourc
53. adio button and enter it manually in the text field Step 3 Enter a Local WXA Name WXA 4000 CS 2 Then add a period after the name Step 4 Click Apply The Update Domain Records pop up window displays Update Domain Records x Adds any missing domain records and removes stale records required for the comect functioning of WFS Acceleration Enter the username and password of a domain Administrator or other suitabhy qualified user Username Sd Update Records Cancel Step 5 Enter your Administrator credentials Step 6 Click the Update Records button Configuring WFS Acceleration 113 Configure the WXA 2000 appliance on the Branch Site When configuring the Branch Site to access a file server on the Central Site the Remote Server Name entered on the Branch Site must match the Local WXA Name of the Central Site s WXA appliance This allows the Central Site WXA appliance to provide accelerated access for the particular file server in question Add File Server 1 Step 1 Navigate to the WAN Acceleration gt WFS Acceleration gt Shares tab Step 2 Click the Add Server button The Add Server pop up window displays Add Server x Remote Server Name 7 Look Up f the WA appliance is not specifically trusted to present delegated credentials to the remote server serverX wanoptDogfood local This may be corrected by using the Update Domain Records function Local WXA Name Default Cache Enabled Default Cache Read
54. an be increased to a maximum of 999 seconds Click the Refresh symbol to manually update the Connections tab Click the Pause button to stop updates on the page Viewing the TCP Acceleration Page 45 46 Column Field Headings Name Description Start Time Indicates the starting time of a connection End Time Indicates the ending time of a connection Initiator Displays which end of the network initiated the connection LAN for connections Started locally and WAN for connections started from a remote site Remote Node Displays the WXA series appliance at the far end of the connection Src IP Displays the IP address where the connection started Src Port Displays the port number that the connection request was sent from Dest IP Displays the destination IP address Dest Port Displays the destination port number Egress Displays a bar graph that represents outgoing traffic on the network The blue colored bar is sent traffic and the grey bar is conveyed traffic Ingress Displays a bar graph that represents incoming traffic on the network The blue colored bar is sent traffic and the grey bar is conveyed traffic Filter by Filter the results by entering text into the appropriate input box A combination of Dell SonicWALL WXA 1 3 User s Guide fields can be filtered Chapter 6 Configuring TCP Acceleration WAN Acceleration gt TCP Acceleration The initial configuration of TCP Accelerat
55. andwidth Requests The number of requests made during the selected period Hits The number of requests that were served from the Web Cache during the selected period Errors The total number of errors encountered during the selected period Cache Size Displays the current size of the cache used by the Web Cache Cache Free Space Displays the amount of disk space available to the Web Cache Number of Cached Objects 126 Dell SonicWALL WXA 1 3 User s Guide Displays the number of objects currently stored in the Web Cache Graphs The Statistics graphs display the Web Cache data for the selected Covering Period and Chart The Conveyed data is the number of bytes that would be sent from a web server without the use of the WXA series appli ance s Web Cache The Sent data is the bytes that are actually sent from web servers in response to the user s web request with the remainder being served from the cache A Hit is when an object is served from the Web Cache instead of fetched from the internet The following Chart types are available e Summary The Summary chart graphically displays the sent and conveyed bandwidth data Bandwidth 977 KB 1 4 ME 1 3 ME 2 4 MB 2 9 MB 3 3 MB 3 8 MB 4 3 MB Time Series The Time Series chart graphically displays the sent and conveyed data over a specified period of time You can drag the mouse over the chart to zoom in on a selected area To zoom back out click th
56. arts one for the Administrator enabling allowing NetExtender WAN Acceleration Clients to connect to the central site and one for the client configuring the NetExtender WXAC ona remote PC Both of these configurations must be complete for the NetExtender WXAC to work This appendix contains the following sections e Overview on page 159 e Requirements Prerequisites on page 159 e Deployment Considerations on page 159 e Enabling WXAC on the Central Site on page 160 e Configuring WXAC on a Remote PC on page 164 The NetExtender Client allows remote PCs to connect to the central site via a VPN connection the NetExtender WAN Acceleration Client WXAC is an addition to the NetExtender Client and accelerates traffic though the VPN connection Using the NetExtender WXAC on a remote PC means the traffic at the central site will pass through the central site s WXA appliance Requirements Prerequisites The NetExtender WXAC requires the following e A SonicOS NSA TZ series appliance running SonicOS 5 9 firmware e A WXA series appliance running WXA 1 2 or higher firmware e The WXA series appliance is connected and configured to the managing NSA TZ series appliance e The TCP Acceleration service is enabled on the WXA appliance Deployment Considerations Please consider the following when deploying the NetExtender WXAC e When a user tries to enable WXAC while PPP software compression is on a dialog pops up and the user needs to
57. ates the test for the requested URL This button is greyed out until a URL is entered into to Request URL text field Results Displays the following results for the requested URL Dell SonicWALL WXA 1 3 User s Guide e Request URL e HTTP Response e Time e File Size e Download Rate Chapter 10 Configuring the Web Cache WAN Acceleration gt Web Cache The Web Cache page provides options to enable configure view results diagnose and test performance of the Web Cache feature By enabling the Web Cache service the NSA TZ series appliance immediately begins transparently forwarding HTTP connections to the WXA series appliance and saving bandwidth Consider the following when configuring the Web Cache service e When the Web Cache checkbox is enabled the Web Proxy fields are automatically populated in the Network gt Web Proxy page in the SonicOS management interface e There is no need to configure the HTTP clients with proxy settings since the NSA TZ series appliance transparently redirects standard HTTP connections onto the proxy e When the Web Cache is enabled the NSA TZ series appliance disables redirection of HTTP connections to the WXA series appliance if it becomes unavailable e The Web Cache service is not available in WXA 500 Live CD Memory Mode To configure the Web Cache service refer to the following sections e Configuring the Web Cache on page 132 e Verifying Web Cache Operation on page 134 e Diag
58. ce is joined to Hostname Displays the default or created hostname for your WXA series appli ance Configure button Configures the WXA series appliance hostname You can create your own hostname or leave the text field blank to use the default Delete button Deletes the configuration for the WXA series appliance hostname and the domain it is configured to If the WXA series appliance has not joined the domain a Delete button displays for the Hostname and can be reverted back to the default hostname Viewing the WFS Acceleration Page 71 72 The Configure Hostname pop up window displays after clicking the Configure button in the Hostname field Configure Hostname Default hostname WXAS000 S55A10E Leave the input field blank in order to use the default Hostname Apply Name Cancel Description Hostname text field Enter a hostname for your WXA series appliance A default hostname is chosen for you leave the text field blank to use it Note If you are configuring a WXA 5000 Virtual Appliance or WXA 500 Live CD a default hostname is not provided you must enter one Apply button Applies the created or default hostname to the WXA series appliance Cancel button Cancels any entered information and closes the Configure Hostname pop up window Figure 4 Join Domain Pop up Window Join Domain Enter the username and password of an account that can join the WXA Appliance to the domain
59. celeration 7 22 23 37 44 49 88 107 135 136 137 138 139 179 261 443 445 448 465 513 563 585 614 636 684 695 989 990 992 993 994 995 1494 1701 1718 1719 1720 1723 2000 2001 2002 2003 2252 2427 2478 2479 2482 2484 2492 2598 2679 2727 2762 2998 3077 3078 3183 3191 3220 3269 3389 3410 3424 3471 3496 3509 3529 3539 3660 3661 3713 3747 3864 3885 3896 3897 3995 4031 5007 5060 5061 5631 5900 5901 5902 5903 6000 7674 8443 9802 11751 12109 The option to choose a TCP Acceleration Service Object is read only in this mode Step5 Click the Address Object always excluded from TCP Acceleration drop down then select None Step6 Click the Apply Changes button 56 Dell SonicWALL WXA 1 3 User s Guide Example 2 To configure acceleration of only the HTTP web traffic follow the steps below Step 1 Navigate to WAN Acceleration gt TCP Acceleration Step 2 Select the Configuration tab WAN Acceiesrstion TCP Acceleration LI Corthgquara teri Stats Shtehes Breakdown rreri res Apply Changes Enable TCP Acceleration TCP Accent Mide Onty TCP services specified in the Service Object TCP Accleaion Service Object Address Object shways excluded Noe a from TCP Acceleration Noe y Step 3 Click the Enable TCP Acceleration checkbox Step 4 Click the TCP Acceleration Mode drop down then select Only TCP Services Specified in the Service Object St
60. choose whether to reconnect the SSL VPN session But the user doesn t need to enter the server information and credentials if he chooses to reconnect the session e The NetExtender WXAC is supported on all NSA TZ series appliances except the following TZ 100 series TZ 105 series TZ 200 series Appendix B Configuring the NetExtender WAN Acceleration Client 159 e Ifthe WXA appliance is not connected to a Dell SonicWALL NGFW the WXAC tab will not display in the NetExtender management interface e A link to install the WXAC will display on the NetExtender WXAC tab if WXAC is licensed and enabled on the managing NSA TZ series appliance but not yet installed on the client side e If the WXAC is disabled or not supported at the central site the WXAC tab will not display in the NetExtender Client on the remote PC Enabling WXAC on the Central Site The NetExtender WXAC is used on remote PCs connecting to a central site At the central site the Administrator has to allow those NetExtender WAN Acceleration Clients to connect to the central site location of the WXA managing NSA TZ and server Please do the following to enable allow WAN Acceleration Clients Activating the WXAC Step 1 Login to the managing NSA TZ series appliance Step 2 Navigate to the System gt Licensing page SonicWALL Network Security Appliance ZF Dashboard Hardware Warranty r Gj System Jan Reassembly Free Administration Manage Securit
61. configuration that concentrates on selecting the Windows File Servers that are hosting shares and distinguishing remote and local file server configurations in the management interface A Signed SMB Setup tab is displayed providing options to easily add file servers and domain records The Advanced configuration mode offers manual configuration of the domain details file servers and file shares on the Domain Details and Shares tabs Advanced configuration mode should only be used if you need to specifically define server or share names The preferred way to configure WFS Acceleration is to use the Basic configuration mode To configure the WFS Acceleration service refer to the section below that matches to your desired configuration e Configuring WFS Acceleration Using Unsigned SMB on page 98 e Configuring WFS Acceleration Using Signed SMB on page 99 e Verifying the WFS Acceleration Configuration on page 117 Configuring WFS Acceleration 97 Configuring WFS Acceleration Using Unsigned SMB To configure the WFS Acceleration service using Unsigned SMB perform the following Step 1 Permit acceleration for the relevant VPN or routed policies in the Network gt Routing or VPN gt Settings pages in the SonicOS management interface Route Policy Settings Advanced Settings Source Any hi Enable Keep Alive Destination Any C Suppress automatic Access Rules creation for VPN Policy Service Any z C Enable Windows Networking
62. cs Signed SMB Setup and Tools tabs IAR A ors d WAN Acceleration WES Acceleration Configuration Statistics l Apply Changes WFS Acceleration E Enable WFS Acceleration C Unsigned SMB E Support SMB Signing WFS Acceleration Address WXA Series Appliance Hostname Authentication Code Joined Domain Signed SMB Setup th2ide3 sonicwall com Signed SMB Configuration Mode Basic Advanced The Advanced configuration mode displays the Configuration Statistics Domain Details Shares and Tools tabs WAN Acceleration l WFS Acceleration Configuration Statistics Apply Changes WFS Acceleration E Enable WFS Acceleration C Unsigned SMB E Support SMB Signing WFS Acceleration Address WXA Series Appliance Hostname Authentication Code Joined Domain thd sonicwall com For detailed views and descriptions of the WFS Acceleration management interface refer to the sections below e WFS Acceleration Page Using Unsigned SMB on page 65 e WFS Acceleration Page Using Signed SMB on page 67 64 Dell SonicWALL WXA 1 3 User s Guide WFS Acceleration Page Using Unsigned SMB Clicking the Unsigned SMB checkbox displays the Configuration and Statistics tabs this section details the options for those tabs WES Acceleration Corfigurati r Statistics Apply Changes WFS Acceleration Unsigned 348 COl Support SME Signing Configuration Tab The Configurati
63. dc3 sonicwall com 192 158 30 1 Local WXA G o O Specific Hosts Go Go Reverse DNS 192 168 30 1 correctly resolves to wxa tb20 rs tb20dc3 sonicwall com The WFS Configuration Test Results page displays the configuration status of the WFS Acceleration service A green circle indicates a successful configuration and a red circle indicates an error Hover over the circle icons to display the details for that configuration Name Description Server Display the remote server or local WXA names Resolves To Displays the IP address that the WXA series appliance is resolved to Used in Share Config Displays the server that is used for sharing This can be an actual server or a WXA series appliance Short SPN Verifies a short SPN is present on the machine account Long SPN Verifies a long SPN is present on the machine account Trusted for Delegation Lists the general server or specific hosts that are trusted for delegation by the WXA series appliance Accept Delegation Displays the hosts that are trusted to present delegated credentials to the WXA series appliance Accepted Connection Verifies the server accepted an authenticated connection Propagated Connection Verifies the server propagated an authenticated connection Reverse DNS Displays the Reverse DNS address path For information on troubleshooting refer to the Verifying the WFS Acceleration Configuration on page 117 Viewing the WFS Accele
64. de objects The WAN Acceleration feature must be enabled before you can enable or configure the TCP Acceleration service Enable WAN Acceleration in the WAN Acceleration gt Status page See Configuration Tab on page 42 for details Statistics Tab Displays egress and ingress data for the TCP Acceleration service See Statistics Tab on page 43 for details Statistics Breakdown Graphs TCP Acceleration data by port IP address and data reduction See for Statistics Breakdown Tab on page 44 details Connections Tab Displays a detailed list of the TCP Acceleration connection results such as start and end time stamps source IP address and port and destination IP address and port Use these results to monitor the performance of your TCP Acceleration service See Connections Tab on page 45 for details Viewing the TCP Acceleration Page 41 Configuration Tab TG P Acceleration Configuration Statistics Statistics Breakdown Apply Changes Enable TCP Acceleration TCP Acceleration Mode All TCP services except those excluded by default v TCP Acceleration Service Object Address Object always excluded from TCP Acceleration None Name s3 Description Apply Changes Button Bypassed Button Saves the changes to the configuration Displays a pop up window with a list of connections that have either been excluded from the acceleration process or failed This button is greyed out if these conditions are not present
65. dows Add Server Remote Server Name sewer wanoptlocal AS the WA appliance is not specifically trusted to present delegated credentials to the remote server he WHA appliances is usted to oesent delecsted credentials to the remote server thP0dcdde wis WKA server wanoptDogfood local This may be corrected by using the Update Domain Records function x Edit Server Details Remote Server Name T Look Up A a a a a a a A S a a T Look Up servert wanopt local Local WXA Name f toServert Default Cache Enabled Default Cache Read Ahead 16 1440 bytes Add All Shares ii Update Domain Records Name Local WXA Name toServert i dlrs toz D carted resolves soe 2 WFS 255 objet egurre Default Cache Enabled i Default Cache Read Ahead 61 440 tes Update Domain Records Te i emery Cancel Ms Apply Description Remote Server Name Radio Buttons Local WXA Name Text Field The Remote Server name can be selected from a list of remote servers found on the network or manually entered in the text field Toggle the radio buttons to choose between automatic or manual entry Note The remote server can either be a Windows server or another WXA series appliance acting as a proxy server Clicking the Look Up button verifies that the name entered is registered in the DNS server Enter the name of the local WXA this will forward to the remote server Use this name in paths to share
66. dvanced configuration mode radio buttons These signed SMB configuration modes give you the option to perform a simplified or more detailed WFS Acceleration configuration The Basic configuration mode displays a Signed SMB Setup tab while the Advanced configuration mode displays the Domain Details and Shares tabs in place of the Signed SMB Setup tab All the other tabs Configuration Statistics and Tools appear the same in both Basic and Advanced configuration modes For detailed views and descriptions of the Basic and Advanced configuration mode management interface refer to the following sections e Basic Configuration Mode on page 67 e Advanced Configuration Mode on page 81 Basic Configuration Mode Basic mode is the preferred way to configure WFS Acceleration due to its simplistic naming convention and ease of use However you can select the Advanced radio button at any time directing you to the Domain Details Tab page 82 if you wish to configure individual shares Note In Basic mode a naming convention is used to circumvent some of the settings required in Advanced mode Therefore servers configured in Advanced mode may not appear in the Basic mode server lists but will still be part of the configuration WAN Acceleration WFS Acceleration Signed SMB Configuration Mode Bssic Advanced Configuration Statistics Signed SMB Setup Tools seeeeneeseeemeeeeeeeeeennaeeeerneennneeeenaaeenae WFS Acceleration EH E
67. e Branch site contains users that are accessing files from the Central site file servers Note When configuring shares on the Central site the Branch site is considered Remote When configuring shares on the Branch site the Central site is considered Remote Internet NSA TZ series NSA TZ series appliance appliance SONGI Domain File File WXA 4000 CS WXA 2000 RS Controller Server 1 Server 2 Central Site Branch Site Configuring WFS Acceleration 103 Configure the WXA 4000 appliance on the Central Site Add File Server 1 Step 1 Navigate to the WAN Acceleration gt WFS Acceleration gt Signed SMB Setup tab Step 2 Click the File Servers to Show Local radio button Always configure the central site first ETAR i mem leinn f WAN Acceleration i WFS Acceleration Configuration Mode Baic C Advanced Configuration Basic Setup Statistics Tools Add Server File Servers to Show O Local C Remote Step 3 Click the Add Server button The Add Server pop up window displays Add Local File Server x After adding the server you will be prompted for an Administrator s credentials so that the necessary records can be created on the domain File operations to all of ts shared folders and documents from remote sites will be accelerated I If you wih to limit WFS Acceleration to specific shares this can be configured on the WF Shares page in Adwanced Configuration Mode
68. e Conventions The following conventions used in this guide are as follows eines vse Bold Highlights items you can click or select on the WXA series appliance management interface For example Click the Caching Strategy drop down menu and select Minimal Note This only applies to sections in this document that contain configuration procedures or management interface descriptions Italic Highlights a value to enter into a field For example Type 192 168 168 168 in the IP Address field Menu Item gt Menu Item Indicates a multiple step Management Interface menu choice For example Navigate to the WAN Acceleration gt System page means select WAN Acceleration then select System Dell SonicWALL Technical Support For timely resolution of technical support questions visit Dell SonicWALL on the Internet at ntto www sonicwall com us Support htm Web based resources are available to help you resolve most technical issues or contact Dell SonicWALL Technical Support To contact Dell SonicWALL telephone support see the telephone numbers listed below North America Telephone Support U S Canada 1 888 793 2830 or 1 408 837 4317 International Telephone Support Australia 1800 35 1642 Austria 43 0 820 400 105 EMEA 31 0 411 617 810 France 44 193 257 3927 Germany 44 193 257 3910 Hong Kong 1 800 93 0997 India 000 800 100 3395 Italy 44 193 257 3928 Japan 0120 569122 New Zealand 800 446489 S
69. e Destination Any 255 255 255 255 32 Any x1 Default Gateway Any Data Center Any XO Subnet Any X1 Subnet Any x5 Subnet X1IP Any Any 0 0 0 0 0 Add Dell SonicWALL WXA 1 3 User s Guide Default Policies Service Any Any Any Any Any Any Any Any Step 10 Click the Add button Gateway 0 0 0 0 0 0 0 0 xi Default Gateway 0 0 0 0 0 0 0 0 0 0 0 0 xi Default Gateway 10 203 28 1 Interface xO xi xi xO xil MS xi xi Metric 20 20 20 20 20 20 20 Priority Probe 2 Items 1 to 9 of 9 ja a e Comment Configure 3 ie Lx g Z Delete All The Route Policy Settings pop up window displays General Route Policy Settings can Central Site Destination Eranch Site Service Any Gateway 0 0 0 0 Interface AQ Metric 1 Comment Fil Disable route when the interface is disconnected Allow VPN path to take precedence E Permit Acceleration Probe None Disable route when probe succeeds Probe default state is UP Ready OK Cancel Help Step 11 Click the Source drop down select Central Site Step 12 Click the Destination drop down select the address object you created Branch Site Step 13 Click the Service drop down select Any Step 14 Click the Gateway drop down select 0 0 0 0 Step 15 Click the Interface drop down select the XO interface Step 16 Enter 7 in the Metric text
70. e End Lease Time minutes 1440 Default Gateway Subnet Mask E Interface Pre Populate Select Interface E allow BOOTP Clients to use Range Ready OK Cancel Help Step 8 Do the following Select the Enable this DHCP Scope checkbox Select the Interface Pre Populate checkbox and then select port X5 in the Interface Pre Populate drop down The information will be auto populated c Click the OK button Note Configuring DNS is only required if you plan to use WFS Acceleration for Signed SMB This example assumes that the correct DNS server has already been entered in the Network gt DNS page You can overwrite the DNS specified in the Network gt DNS Server page Click the Edit button for the lease you want to change and then click the DNS WINS tab Enter the DNS IP Addresses in the text fields provided You should also populate the Domain text field this soeeds up the WFS Acceleration configuration and auto detection of the server in the case that reverse DNS is not configured Step 9 Connect an Ethernet cable from the WXA series appliance to the X5 port on the NSA TZ security appliance Configuring the WXA Series Appliance 35 Step 10 Navigate to the WAN Acceleration gt Status page Step 11 Click the Settings tab WAN Acceleration i Status Status Settings Apply Changes Probe for WXA Create static DHCP lease for WXA WXA Appliance Configuration Enable WAN Accelerati
71. e Reset Zoom button Time Series 400 kE MY Conveyed 300 kB MM Sent 300 kB 2750 kB 200 kB 150 kB 100 kB 50 kB E _ ______H_H__k_k_k_H__H Feb 27 00 00 Feb 27 04 00 Feb 27 08 00 Feb 27 12 00 Feb 27 16 00 Feb 27 20 00 Drag the mouse over the chart to zoom in on a selected area Viewing the Web Cache Page 127 e Requests The Requests chart graphically displays the number of requests hits and hits over a selected period of time You can drag the mouse over the chart to zoom in on a selected area To zoom back out click the Reset Zoom button I Requests Hits E Hii sysanbey Jo SE SJH 4 E E b m ch a E E in Cr a co Feb 27 00 00 Feb 27 04 00 Feb 27 08 00 Feb 27 12 00 Feb 27 16 00 Feb 27 20 00 Drag the mouse over the chart to zoom in on a selected area 128 Dell SonicWALL WXA 1 3 User s Guide Tools Tab Test the performance or diagnose the Web Caching feature by using the DNS Name Lookup or Web Request diagnostic tools and viewing the results Note The Tools tab management interface options change depending on which diagnostic tool DNS Name Lookup or Web Request is selected from the Diagnostic Tool drop down menu The DNS servers used in these lookups are the DNS servers inherited from the NSA TZ series appliance s settings They may be different to the DNS servers actually used on a user s PC WAN Acceleration Web Cache Status Statis
72. e aed ieee a a teak 16 Deployment Prerequisites 1 cee ee es 17 Deployment ConsiderationS 2 0 0 e eee es 17 SUDDOMed PlQUOINS 1 etnies a r eee dena eae eee nex 18 WXA Series Appliance Management Interface 00 eee eee 18 Part Status Chapter 3 Viewing Status Information 0 0000 ce eee eee 25 WAN Accelerahon Stads eta ine elena ate a eer ne oes nid ae ape ean eee 25 Slats lab k tet Ge bad dee tae te ae eee Oe made eae bee 26 DeUMOo dl tatu ta wis eee tan nue EEE ine ae eee etre eee 31 Chapter 4 Configuring the WXA Series Appliance 00000008 33 Configuring Network InterfaceS 1 0 cee e eee es 33 Part TCP Acceleration Chapter 5 Viewing the TCP Acceleration Page 00 0c ewan nnee 41 WAN Acceleration gt TCP Acceleration 2 0 ccc eee eee 41 COMIGUIaION Tab lt tian testi es Pet ad tah ae da eee eee a 42 Stals ies T aDry tanina dee acen waite a vas cake ce eee a cee dee te eae 43 Statistics Breakdown Tab 2 0c eee eee ees 44 CONnnMECHONS FAD ic estate ecte an o a aes Avec acd Sb Ait eee eee 45 Chapter 6 Configuring TCP Acceleration 0 0000 es 47 WAN Acceleration gt TCP Acceleration 2 0 0 c cee ee eee 47 Configuring TCP Acceleration on a Site to Site VPN 0005 47 Configuring TCP Acceleration on a Non VPN Routed Mode 49 Table of Contents 3 Configuring the TCP Acceleration gt Configuration Tab 000008 56 Verify
73. e reads ahead This service is only functional when the Cache Enabled checkbox is selected The default cache read ahead is 61440 bytes Applies all changes Cancel Button Dell SonicWALL WXA 1 3 User s Guide Cancels the operation Figure 29 Update Domain Records Update Domain Records x Adds any missing domain records and removes stale records required for the comet functioning of WFS Acceleration Enter the username and password of a domain Administrator or other suitabhy qualified user Username Password I Update Records Cancel a This pop up window displays when the Update Domain Records button is clicked Enter the Administrator s Credentials to resolve any missing domain records for SPN aliases trusted for delegation and DNS records Name Description Username Text Field Enter the Administrator s Username Password Text Field Enter the Administrator s Password Update Records Button Updates any missing domain records for SPN aliases and trusted for delegation Cancel Button Cancels the Update Domain Records process Viewing the WFS Acceleration Page 95 96 Dell SonicWALL WXA 1 3 User s Guide Chapter 8 Configuring WFS Acceleration WAN Acceleration gt WFS Acceleration A Cautio This chapter provides details on configuring the WFS Acceleration service There are several different ways to configure WFS Acceleration depending on the user requirements and
74. ed to display the WFS Acceleration data Flush Cache Button Clears the WFS Acceleration cache on the WXA series appliance Refresh Actions Refreshes the current page The refresh interval can be entered in the text field The max imum time interval that can be set is 999 seconds Click the Refresh symbol to manually update the page Click the Pause symbol to stop updates on the page Overview Table Displays read only data for the following e Egress Ingress Total Data Reduction percentage e Egress Ingress WAN capacity increase factor e Egress Cache Size e Egress Cache Free Space Egress Charts Displays the egress out going sent and conveyed traffic in Bytes Ingress Charts Displays the ingress incoming sent and conveyed traffic in Bytes Dell SonicWALL WXA 1 3 User s Guide Signed SMB Setup Tab The Signed SMB Setup tab offers a simplified and user friendly way to have the WXA series appliance join the domain add servers to the configuration and to create the necessary records on the domain Note There is a WFS Setup Wizard available for deployments running SonicOS 5 9 firmware This is the preferred way to configure Signed SMB You can access the wizard by clicking the Wizards link in the top right corner of the managing NSA TZ series appliance s user interface Click the WXA setup Wizard then select the WFS Setup Wizard For more information refer to the Wizards section of the S
75. ep 5 Click the TCP Acceleration Service Object drop down the select HTTP Step 6 Click the Address Object always excluded from TCP Acceleration drop down then select None Step 7 Click the Apply Changes button Configuring TCP Acceleration 57 Example 3 Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 To configure acceleration of everything except Microsoft SQL database traffic or traffic to the Guest Authentication Servers follow the steps below Navigate to WAN Acceleration gt TCP Acceleration Select the Configuration tab Figure 1 Configuring TCP Acceleration Example 3 Joosl sihon TC P Acceleration Coogan teen States Statist Ereakichowen Coerireschceries Apply Changes Enable TCP Acceleration TCP Accelerate Mide AN TCP services except those specified in the Service Object and those excluded by default A TCP Acceleration Service Object MS SOL 4 From TCP sizes Guest Authentication Servers Ay Select the Enable TCP Acceleration checkbox Click the TCP Acceleration Mode drop down then select All TCP services except those specified in the Service Object and those excluded by default Click the TCP Acceleration Service Object then select Microsoft Structured Query Language MS SQL Click the Address Object always excluded from TCP Acceleration drop down then select Guest Authentication Servers Click the Apply Changes button 58 Dell SonicWALL WXA 1 3 User s Guide Verif
76. eration SSYSICM 42 0 c5tet Masea ela eee wie sarees 139 System Status lab otc tctteceiiee cat iiwat boa abet tine oa eee 140 Inmberiace Status Va cue w 4 4k ane a licen aowem ah ecb ata aba eee pes Bonn 142 Management TaD aindbee or etre eee ed aa eek aa 143 15 14 1916 ogi its 9 ete eee se ese oe eee ee eee eee eee eee 144 FEMNAS VD Zor rte Sei ea al a ek aa ean le ceo a 8a Sah rant gh a hc at aa 145 Part Log Chapter 12 Viewing the Log Page 0 0 0 cece eee es 149 WAN UACCCIClAtON LOG s464e sheet a a wan wae ae enwereee eas 149 Part Appendices Appendix A Configuring the WXA to the Domain Without Using the WXA Management Interface 153 Automatically Joining the Domain 21 ee es 153 4 Dell SonicWALL WXA 1 3 User s Guide Configuring Custom Zones for WXA 1 00 eee ees 156 Configuring Reverse LOOKUP 002 cece eee ees 157 Manually Adding SPN Hostnames in DNS 00sec es 158 Appendix B Configuring the NetExtender WAN Acceleration Client 159 OVET ICW caste fossa i aa Bi aee a ec ace fore Sue Soe tease Aa oe dete eat aaa ive 159 Requirements Prerequisites 0 cece eee 159 Deployment Considerations s 4 ci sewceicadaeesd tou telnw bait edwwws a ewe 159 Enabling WXAC on the Central Site 0 cee es 160 Configuring WXAC on a Remote PC 1 eee es 164 Table of Contents 5 6 Dell SonicWALL WXA 1 3 User s Guide Introduction 8 Dell SonicWALL WXA 1 3 User s Guide Chapter 1 Preface Abo
77. erify that the WFS Acceleration was successful using the Domain Details tab in Advanced mode perform the following steps Navigate to the WAN Acceleration gt WFS Acceleration page Select Advanced configuration mode Select the Domain Details tab w AN Accelera FS Acceleration Coniguration tattis Domam Details Shares Advanced Options Rejoin Domain Unjoin Domain Configured Domain Fully Qualified Domain Mame mydomain local HETEIOS Dxemain Hostname fastboxhg K rberts Server dc mydomain locale LDAP Server dc mydomain locales Joined Domain Machine Account Exists Trusted for Delegation Trusted for Delegation te Revere DHS Litkup Signed SMB Configuration Mode COpesc Advanced iF Gi ipai Hosts Al Protecos fastbox fastboxhg cr 197 168 30 1 comecty rmos fo wees 1 1 adc sonicwall com Step 4 Click Test Configuration Test Configuration Configured Configured Configured Discovered Configuring WFS Acceleration Restart WFS Add Domain Records 119 120 The WFS Configuration Test Results pop up window displays when the test is complete WFS Configuration Test Results Used in Short Long Trusted for Accept Accepted Propagated Server Resolves To Share Config SPN SPN Delegation Delegation Connection Connection th2Odicd dc vie WXA TB20 HO thakdc3 sonicwvrall com TB20DtC2 FS vis WXA TB20 HQ thakdicd soncuvall com 192 165 30 1 192 168 20 1
78. erwise you will need to configure that option on the domain controller Username Password Join Domain Cancel Enter the username and password of the domain administrator account Join Domain Results Summary of Results Successfully jared fhe Dome Details Checking WES configuration Check domain contre name for bakk Hek itak Imie Check dome controler stds for Thad hd awae Checking credentials Checking NETEIOS doman NETBIOS doman es TRAD Precari to jon dome bng domain Ohecking WPS configuration Set frosted To egim Regering WS server in DHE E eeoeoe8 8292888289 uE atng WFS Name Description Summary of Results Read only Displays a summary of results after the WXA series appliance joins the domain Details Read only Details the steps performed in the domain joining procedure A green circle indicates a pass and a red circle indicates a failure Dell SonicWALL WXA 1 3 User s Guide Figure 23 WFS Configuration Test Results Pop up Window WFS Configuration Test Results Used in Short Long Trusted for Accept Accepted Propogated Server Resolves To Share Config SPN SPN Delegation Delegation Connection Connection wxa tb20 hg 1 th20dc3 sonicwall com 192 168 20 1 Remote Server e wxa th20 hg tb20dc3 sonicwall com 192 168 20 1 Remote Server G Oo Specific Hosts G O wxa tb20 rs 1 tb20dc3 sonicwall com 495 168 30 17 Local WXA o 0c G 0 wxa tb20 rs tb20
79. ettings al Enable DHCP Server Advanced E Enable Conflict Detection Ei Enable DHCP Server Persistence DHCP Server Persistence Monitoring Interval 5 minutes DHCP Server Lease Scopes Items 1 to 3 of 3 kie View Style al Dynamic Static E Type Lease Scope Interface Details Enable Configure E 4 Dynamic Range 10 203 30 1 10 203 30 161 X5 ey Fi i E 2 Static IP 10 203 30 162 for MAC 57 41 42 4f 50 54 x5 ey Fi i F 3 Dynamic ange 10 203 30 163 10 203 30 x E Fil P E D R 10 203 30 153 10 203 30 218 KS Add Dynamic Add Static Delete Delete All Configuring the WXA Series Appliance 37 38 Dell SonicWALL WXA 1 3 User s Guide TCP Acceleration 40 Dell SonicWALL WXA 1 3 User s Guide Chapter 5 Viewing the TCP Acceleration Page WAN Acceleration gt TCP Acceleration The WAN Acceleration gt TCP Acceleration page provides options to configure and monitor the TCP Acceleration service This chapter details the management interface functions of the Configuration Statistics Statistics breakdown and Connections tabs TC P Acceleration Configuration Apply Changes Enable TCP Acceleration TCP Acceleration Mode All TCP services except those excluded by default TCP Acceleration Service Object Address Object always excluded from TCP Acceleration None vin Name Description Configuration Tab Enable the TCP Acceleration service and selects the mode service object and exclu
80. etween the NSA TZ series appliance and the WXA series appliance and confirms they are connected to each other Creates a static lease for the WXA series appliance Description Enables or disables the WAN Acceleration feature WXA Interface Drop Down Selects the NSA TZ series appliance interface that the WXA series appliance is connected to WXA IP Address Displays the IP address of the WXA series appliance Note this field is read only Viewing Status Information 31 WXAC 32 The NetExtender WAN Acceleration Client WXAC securely accelerates WAN traffic between a remote PC and a central or branch office using SonicWALL NetExtender The WXAC panel will not display unless the NSA TZ series appliance is running SonicOS 5 9 firmware Name Description Enable NetExtender WAN Acceleration Client WXAC Checkbox Enables support for NetExtender WXAC Note WAN Acceleration must be enabled on NetExtender and a WXAC licence must be purchased before you enable WXAC on this page Active Licenses Currently in Use Displays the number of active WXAC licenses that are currently in use NetExtender WAN Acceleration Client WXAC is not licensed Dell SonicWALL WXA 1 3 User s Guide If the NSA TZ series appliance detects that the WXAC licence is not activated the following displays WXAC NetExtender WAN Acceleration Client WXAC is not licensed To License the WXAC navigate to the System g
81. f every page accesses the context sensitive help for the page Alert Wizards Help Logout Note Accessing the Dell SonicWALL WXA series appliance online help requires an active Internet connection Introduction 21 22 Dell SonicWALL WXA 1 3 User s Guide 24 Dell SonicWALL WXA 1 3 User s Guide Chapter 3 Viewing Status Information WAN Acceleration gt Status The Status page displays a Status tab with a dashboard view of the System Information TCP Acceleration WFS Acceleration and Web Cache of your WXA series appliance It also displays a Settings tab that provides top level control of the WAN Acceleration service To configure the WXA series appliance see Configuring the WXA Series Appliance on page 33 This chapter is an overview of the Status page management interface and includes the following sections e Status Tab on page 26 Action Items on page 27 WXA System Information Panel on page 27 TCP Acceleration Panel on page 28 WFS Acceleration Panel on page 29 Web Cache Panel on page 30 e Settings Tab on page 31 Action Items on page 31 WXA Appliance Configuration Panel on page 31 WXAC on page 32 Viewing Status Information 25 Status Tab 26 WAN Acceleration Status Status Settings Probe for WAA Refresh boo sec il B WXA System Information TCP Acceleration WAN Acceleration Enabled TCP Acceleration Enabled WA Operational Statu
82. f the current configuration settings To do that mow click on the link Download Current Settings As part of the process the WHA series appliance will be rebooted This will lead to a temporary loss of service resulting in broken connections and file transfers Therefore itis best to choose a time to make changes that minimises the disruption Firmware Management Firmware Image Current Firmware Upload New Firmware Name Factory Reset Version Restore the appliance to a Factory installed state 1 2 0 0 26 F Restore the current configuration settings Factory Reset Description Current Settings Panel Allows you to download a copy of the current settings Perform this before making any changes to the firmware Firmware Upgrade Panel Configures the WXA series appliance with the latest firmware A step by step procedure walks you through the firmware upgrade process Factory Reset Panel Restores the WXA series appliance to the factory default settings A reset option is available to restore the current configuration settings Note When performing a firmware upload do NOT navigate away from the System gt Firmware tab This could stop the uploading process or cause the management interface to become unresponsive Viewing the System Page 145 146 Dell SonicWALL WXA 1 3 User s Guide 148 Dell SonicWALL WXA 1 3 User s Guide Chapter 12 Viewing the Log Page WAN Acceleration gt L
83. field This gives the route policy a high priority level A larger metric number would have a lower priority Step 17 Select the Permit Acceleration checkbox Step 18 Click the OK button Configuring TCP Acceleration 55 Configuring the TCP Acceleration gt Configuration Tab The Configuration tab gives you the option to select the mode service object and address object or group that are included or excluded from the TCP Acceleration service To view a list create and edit service objects navigate to the Network gt Address Objects page in the NSA TZ series appliance management interface Below is three different examples of TCP Acceleration configurations Example 1 To configure acceleration of all the service objects except those excluded by default Follow the steps below Step 1 Navigate to WAN Acceleration gt TCP Acceleration Step 2 Select the Configuration tab celera ton i i TCP Acceleration Configuration Statistics Statistics Breakdown Connections Apply Changes Enable TCP Acceleration TCP Acceleration Mode All TCP services except those excluded by default Al TCP Acceleration Service Object HTTP Address Object always excluded F from TCP Acceleration None Step3 Select the Enable TCP Acceleration checkbox Step4 Click the TCP Acceleration Mode drop down then select All TCP services except those excluded by default By Default the following ports are excluded from TCP Ac
84. figured Domain Fully Qualified Domain Name thakkk sonicwall com Configured i NETBIOS Domain TE200C3 Discovered 3 Hostname WHA TEAERS Configured i Kerberis Server thakkk Phd 3 sonicwalll com 88 Deceversd a7 i LDAP Server Phd ie Phd 3 sonicwalll com 389 Discovered y Joined Domain IY Machine Account Exists E x Trusted for Delegation Specific Hosts All Protocols z Trusted for Delegation bi x Hakeri ATIA Reverse DNS Letkup E 19211531 comectly resolves fo wabah bakk soncwalllcom 110 Dell SonicWALL WXA 1 3 User s Guide Adding File Shares The Advanced mode offers a more detailed configuration process for adding file servers and shares Giving you manual configuration options such as enabling the default cache selecting the default cache read ahead specifying individual shares and adding domain records Note the following considerations before adding file shares e File servers configured in Advanced mode might not display when viewed in Basic mode e A unique Local WXA Name must be created for every remote file server added on the Central Site e When adding a server it is recommended to enter a period after the Local WXA Name this auto completes the name with that of the domain e g WXA 4000 CS 1 my_domain local If the period is not entered a caution icon will appear in the Shares tab next to the Remote Server name noting that it is recommended to use the fully qualified name Type ay etna Defa
85. for Time Synchronization Checkbox Select this checkbox to use the domain controller as the time synchronization source e NTP Server Text Field Override the domain controller synchronization by specifying an NTP server i Note If WFS Acceleration Signed SMB is not enabled the NAT polices that give the WXA access to the network are not created Therefore time synchronization using the NTP server will not work unless the Administrator creates the NAT rules manually e Validate Button Validates that an NTP server is a valid time server and can be reached e Apply Button Applies all changes e Cancel Button Cancels the operation Viewing the System Page 141 Interface Status Tab system System St tus Interface Status Ping Gateway Renew DHCP Lease Maree erit Sethngs Finnware Status Statistics DHCP is weed to dtan the IP akes DONE Servers and fhe Default Gateway Mum bees of Dwale 10i automatically IP Address 10 030 250 24 Default Gateway 10 0301 ae D N Primary DNS ee Packet Count 115719 12am Secondary DNS Packet Ermir j 0 MAC 00 17 05 55 01 02 e MTU 1500 fytes ra Coliesres a Actsal MTU 1500 byter Name Description Refresh Refreshes the Interface Status tab The refresh interval can be entered in the text field The interval can be increased to a maximum of 999 seconds Click the Refresh button to manually update the Interface Status tab Click the Pause button to st
86. he client user how to download and install the NetExtender Client if not already done and then download install and enable NetExtender WXAC These procedures are performed on a remote PC that is connecting to a central site Downloading Installing the NetExtender Client If you already have the NetExtender Client installed on your PC upgrade to version 7 0 197 or higher If you do not have the NetExtender Client installed on your PC perform the following Step 1 Open a Web browser and then enter the WAN IP address of the NSA TZ appliance that is on the central site The NSA TZ appliance login page displays SonicWALL Network Security Appliance Username Password Language English gt Clif here r ssivpn login Step 2 Click the Here link to login to sslvpn The Virtual Office login page displays SonicWALL Virtual Office Welcome to the SonicWALL Virtual Office SonicWALL Virtual Office provides secure Internet access for remote users to log in and access private network resources via SSLVPH technology User Name Password Domain LocalDomain r Login Step3 Enter the Username and Password to log into the Virtual Office 164 Dell SonicWALL WXA 1 3 User s Guide The Virtual Office main page displays SonicWALL Virtual Office Welcome vo Logout Welcome to the SonicWALL Virtual Office SonicWALL Virtual Office provides secure Internet access for remote users to log in and access private
87. ies Refresh Interval secs 10 Items per page 50 Items 4 to 8 of 8 1 Name Gateway Destinations Crypto Suite Enable Configure 1 WAN GroupVPN ESP 3DES HMAC SHA1 IKE 2 WLAN GroupVPN ESP 3DES HMAC SHA 1 IKE ra Home VPN Alt 0 0 0 0 AES ESP 3DES HMAC SHA1 IKE v 2 x 10 20 21 128 10 20 21 255 Click the Configure button for the VPN policy you wish to use Configuring TCP Acceleration 47 The Configure VPN Policy pop up window displays General Network Proposals Advanced Advanced Settings Enable Kep Alive Ol suppress automatic Access Rules crestion for VPM Policy CO Begire sutiientication of VPN clients by MALITH CO Enstie Windows Networking NetBIOS Srosdemst CO cnstie Multicast Permit deceerstion C Apply MAT Policies C inie Pree Dead Peer Detection Management wia this SA O ames O ssh O snmp User login vis this SA O xtte O HTTPS Defaut LAN Gateway optional 0 0 0 0 VPN Policy Bound to Zone WAN z wW Cancel Help Step 3 Select the Advanced tab Step 4 Select the checkbox for Permit Acceleration Step 5 Click the OK button 48 Dell SonicWALL WXA 1 3 User s Guide Configuring TCP Acceleration on a Non VPN Routed Mode If you do not have a VPN configured on your network and you are using a custom routing policy you need to add two routing policies on each site One for outgoing traffic and one for incoming traffic Both routing policies are configured to permit acceleration No
88. ime Cache Size Displays the current size of the cache used by the Web Cache Cache Free Space Displays the amount of disk space available to the Web Cache Number of Cached Objects Dell SonicWALL WXA 1 3 User s Guide Displays the number of objects currently stored in the Web Cache Settings Tab Action Items WAM Acceleration Status Status Settings Apply Changes Probe for WAA WXA Appliance Configuration V Enable WAN Acceleration WXA Interface X b WXA IP Address WXAC Create static DHCP lease for Va 192 168 10 244 V Enable NetExtender WAN Acceleration Client WXAC i Active Licenses Currently in Use Name a Description Action Items Provides the options to apply changes probe for the presence of the WXA series appliance and create a static DHCP lease for the WXA series appliance WXA Appliance Configuration Panel Enables and configures the WXA series appliance WXAC Panel Enables support for the NetExtender WAN Acceleration Client See WXAC on page 32 for details Note This panel only displays if the NSA TZ series appliance is running SonicOS 5 9 Name Description Apply Changes Applies the latest configuration changes Probe for WXA Checks for the presence of a WXA series appliance This is a hand Create Static DHCP Lease for WXA WXA Appliance Configuration Panel Name Enable WAN Acceleration Checkbox shake b
89. ing WES Acceleration Address LAN Primary IF WA Series Appliance Hostname WXA TB2ERS Authentication Code RSI5 R277 Joined Domain th20dc3 sonicwalll com Step6 Select the Basic Recommended or Advanced configuration mode radio button e If you selected the Basic configuration mode refer to the Basic Configuration Mode on page 101 for Basic mode configuration procedures e f you selected the Advanced configuration mode refer to the Advanced Configuration Mode on page 109 for Advanced mode configuration procedures 100 Dell SonicWALL WXA 1 3 User s Guide Basic Configuration Mode To configure WFS Acceleration in Basic configuration mode use the Signed SMB Setup tab to join the domain add file servers on the local and remote locations and add domain records When initially configuring WFS Acceleration always configure the Central site first the site where the file servers are physically located Note Basic mode is the preferred way to configure WFS Acceleration only use Advanced mode if you need to specifically define server or share names e Joining the Domain on page 101 e Adding File Shares on page 103 Joining the Domain To join the domain perform the following steps Step 1 In the WAN Acceleration gt WFS Acceleration page select the Signed SMB Setup Tab If this is the first time setting up WFS Acceleration an initial Signed SMB Setup page displays WAN Acceleration WFS Acceleration Signed
90. ing feature See the Web Cache Panel on page 30 for more details Action Items Name Description Probe for WXA Checks for the presence of a WXA series appliance This is a handshake between the NSA TZ series appliance and the WXA series appliance and confirms they are connected to each other Refresh Refreshes the Status page The refresh interval can be entered in the text field The interval can be increased to a maximum of 999 seconds Click the Refresh symbol to manually update the Status page Click the Pause button to stop the auto refresh of the Status page To resume auto refresh click the Start button WXA System Information Panel WXA System Information WAN Acceleration WXA Operational Status Uptime Model Number Serial Number Authentication Code Firmware Version Name WAN Acceleration Enabled Operational b 65 days 9 mins WXA 4000 001705554134 I2XG FCFS 1 zZ 1 0 2 Description WAN Acceleration must be enabled on the Settings tab and a WXA series appliance detected in order for traffic to be accelerated e Enabled lIndicates the WAN Acceleration service is enabled e Disabled lndicates the WAN Acceleration service is disabled WXA Operational Status Uptime Model Number The current status of the WXA series appliance connection e Operational lIndicates the WAN Acceleration service is enabled and a WXA series appliance is discovered and running e Unavailable
91. ing the TCP Acceleration Configuration 0000 eee eee eee 59 Part WFS Acceleration Chapter 7 Viewing the WFS Acceleration Page 000 eee eeeaee 63 WAN Acceleration gt WFS Acceleration 0000 e eee eee es 63 WFS Acceleration Page Using Unsigned SMB 2000 cee eee 65 WFS Acceleration Page Using Signed SMB 000 cece eee eee 67 Chapter 8 Configuring WFS Acceleration 00000 eee eee eee 97 WAN Acceleration gt WFS Acceleration 000 eee eee eee ees 97 Configuring WFS Acceleration Using Unsigned SMB 50005 98 Configuring WFS Acceleration Using Signed SMB 0000e eee 99 Verifying the WFS Acceleration Configuration 0000eeeeeee 117 Part Web Cache Chapter 9 Viewing the Web Cache Page 00002 ee eee eens 123 WAN Acceleration gt Web Cache 002 e eee eee eee 123 Slas Vas avai a een seh hae kaya thovsicw ayn etait ta Bb wi alta Aidit aie Os thee 124 Sa SUCS TaD aeri a cate a Vee nrah wa cae aac Gace NE 126 TOOG WO ees as eset ng ee ad eee ae tes eae ar ee 129 Chapter 10 Configuring the Web Cache 2 0000 131 WAN Acceleration gt Web Cache 002 e eee eee eee 131 Configuring the Web Cache 00 cece eee eee 132 Verifying Web Cache Operation 00 cee eee ee eee eee 134 Diagnosing and Testing Performance of the Web Cache 5 135 Part System Chapter 11 Viewing the System Page 0 00 ce es 139 WAN Accel
92. ingapore 800 110 1441 Spain 44 193 257 3921 Switzerland 44 193 257 3929 UK 44 193 257 3929 Preface 11 More Information on Dell SonicWALL Products Contact Dell SonicWALL Inc for information about Dell SonicWALL products and services at Web http www sonicwall com E mail sales sonicwall com Phone 408 745 9600 Fax 408 745 9300 Current Documentation Check the Dell SonicWALL documentation Web site for that latest versions of this manual and all other Dell SonicWALL product documentation http www sonicwall com us Support html 12 Dell SonicWALL WXA 1 3 User s Guide Chapter 2 Introduction Introduction WXA 1 3 is the latest version of firmware for the Dell SonicWALL WXA series appliance This chapter provides an overview of the WAN Acceleration feature the WAN Acceleration management interface deployment prerequisites and considerations supported platforms and details the key features in the WXA 1 3 and previous releases This chapter contains the following sections e What is WAN Acceleration on page 13 e New Features in WXA 1 3 on page 15 e Key Features in WXA 1 3 on page 16 e Deployment Prerequisites on page 17 e Deployment Considerations on page 17 e Supported Platforms on page 18 e WXA Series Appliance Management Interface on page 18 What is WAN Acceleration The WAN Acceleration service allows network administrators to accelerate WAN traffic between a central site and a branch site
93. ion should be performed by using the WXA Setup Wizard which is available by clicking the Wizards button in the top right corner of the NSA TZ series appliance s management interface However this is currently only available if running SonicOS 5 9 firmware If your NSA TZ series appliance is using 5 8 1 x or 6 1 x firmware use the procedures in this chapter for configuring TCP acceleratoin The TCP Acceleration service can be deployed in three different deployment scenarios including site to site VPN routed mode and layer 2 bridge mode This chapter explains how to permit and configure these deployment scenarios in the following subsections e Configuring TCP Acceleration on a Site to Site VPN page 47 e Configuring TCP Acceleration on a Non VPN Routed Mode page 49 e Configuring the TCP Acceleration gt Configuration Tab page 56 e Verifying the TCP Acceleration Configuration on page 59 Configuring TCP Acceleration on a Site to Site VPN Step 1 Step 2 Once your WXA series appliance is configured to permit TCP Acceleration see Configuring the TCP Acceleration gt Configuration Tab page 56 to finish configuring the TCP Acceleration service To permit the TCP Acceleration service for use in a site to site Virtual Private Network VPN follow the steps listed below Navigate to the VPN gt Settings page Settings Canc VPN Global Settings V Enable VPN Unique Firewall Identifier 0017C0516F55C VPN Polic
94. ist If the remote server is not in the list toggle the radio button and enter it manually in the text field Step 4 Enter a Local WXA Name WXA 4000 CS 1 Then add a period after the name This auto completes the fully qualified domain name Step 5 Click Apply The Update Domain Records pop up window displays Update Domain Records x Adds any missing domain records and removes stale records required for the comect functioning of WFS Acceleration Enter the username and password of a domain Administrator or other suitabhy qualified user Username Sd Update Records Cancel Step 6 Enter your Administrator credentials Step 7 Click the Update Records button This automatically creates all the necessary SPN Aliases and DNS entries 112 Dell SonicWALL WXA 1 3 User s Guide Add File Server 2 Step 1 Click the Add Server button The Add Server pop up window displays Add Server Remote Server Name Look Up A the WA appliance is not specifically trusted to present delegated credentials to the remote server server X wanoptDogfood local This may be corrected by using the Update Domain Records function Local WXA Name See o j Default Cache Enabled Default Cache Read Ahead 51 440 bytes Add All Shares 7 Update Domain Records Apply Cancel A Step 2 Enter the Remote Server Name Select File Server 2 from the drop down list If the remote server is not in the list toggle the r
95. istics Add Server Update Domain Records Domain Details Domain th2idcd sontcwvall com Hostname WXA TbhI0 RS Configured File Servers Domain Remowe Records File Server Name Signed SMB Setup Signed SMB Setup for the local site Signed SMB Configuration Mode Basit O Advanced Tools Description Add Server button Update Domain Records button Configures the WXA security appliance to share files on a remote server See on page 75 and on page 76 for details Updates any missing SPN aliases to the Domain Controller config ured remote servers to the Specific Trusted Host List on the com puter account and any missing DNS records It also removes unwanted or outdated records This button should be used when deleting servers as well as adding them As seen in on page 77 when this button is clicked you will be prompted to enter your Administrator s credentials File Servers to Show Local radio but Changes the management interface to configure local file servers ton File Servers to Show Remote radio Changes the management interface to configure remote file serv button ers Domain text field 74 Dell SonicWALL WXA 1 3 User s Guide Displays the name of the domain that the WXA series appliance is joined to Name Description Hostname text field Displays the default or created hostname for the WXA series appli ance File Server Displays the file ser
96. l 00 50 42 132 154 30 53 550 152 168 0 251 35 pre e a 00 50 42 132 154315 55 192 168 20251 156 e 00 50 42 132 154 30 53 oa 152 1658 20251 z339 p 00 50 42 152 158 30 59 4 132 158 230 251 iba 3 00 50 42 152 158 30 59 26 192 168 20 251 3 lt a J 00 50 42 152 158 30 59 315 132152051 3 70 50 42 152 158 3059 45 132 158 20 51 39156 r 70 50 42 152 158 30 55 G5 152 158 20251 3 00 50 42 152 158 30 59 CG 152168 A 251 ita lt 70 50 42 152 158 3059 HA 132 158 20 51 aa nmn _ 00 50 42 132 154 359 al 192 168 30251 49156 s 00 50 42 152 158 A 252 yi3 152 168 30255 49155 lt s 2 00 50 42 152 158 20251 as 152 168 30255 57 lt 00 50 42 132 154 30 53 J771 132 158 20 51 156 os pee l Description Remote Node Filters the table of connections based on the remote node the WXA series appli ance at the far end of the connection Entries Selects the number of entries to display in the Connections table Incl Non Intercepted Enables or disables the inclusion of non intercepted traffic to display in the Con nections table The definition of Non intercepted is traffic that is diverted from the NSA TZ series appliance to the WXA series appliance but is not accelerated Refresh Actions Refreshes the WAN Acceleration gt Connections tab The refresh interval can be entered in the text field The interval c
97. lable when using Moderate and Aggressive web caching strategies WXA Setup Wizard requires the NSA TZ series appliance to be running SonicOS 5 9 The WXA Setup Wizard in the SonicOS management interface guides you through the setup of the WXA series appliance allowing the user to easily enable TCP Acceleration WFS Acceleration unsigned and signed SMB and Web Caching If you choose to use signed SMB the WFS Setup Wizard is automatically launched from the initial WXA Setup Wizard This wizard enables WFS Acceleration support for signed SMB and walks the user through joining the domain and configuring file servers WAN Acceleration Client requires the NSA TZ series appliance to be running SonicOS 5 9 The WAN Acceleration Client WXAC gives remote users the benefit of WAN Acceleration when using SonicWALL NetExtender 16 Dell SonicWALL WXA 1 3 User s Guide Deployment Prerequisites The pre requisites for deploying the WAN Acceleration service are as follows A NSA TZ series appliance is required to deploy the Dell SonicWALL WXA series appliance Traffic passing through the Dell SonicWALL WXA series appliance requires Internet Protocol version 4 IPv4 The WAN Acceleration service is not compatible with IPv6 Deployment Considerations Consider the following when deploying the Dell SonicWALL WXA series appliance The WXA series appliance is supported to work with Dell SonicWALL E class NSA NSA or TZ series appliances ru
98. n Indicates the RAID status for the WXA 4000 only A green circle indi cates the RAID is ok A red circle indicates the RAID is inoperable unknown or degraded A yellow circle indicates the RAID is recovering initializing initializing paused verifying verifying paused rebuilding or rebuilding paused Refreshes the System Status tab The refresh interval can be entered in the box to the right of the Refresh symbol The interval can be increased to a maximum of 999 seconds Click the Refresh button to manually update the System Status tab Click the Pause button to stop updates on the page Downloads a diagnostics report file This file can be sent to Technical Support and reviewed for diagnostic help Power Off Button Shuts down the WXA series appliance Reboot Button Reboots the WXA series appliance Set Time Button 140 Dell SonicWALL WXA 1 3 User s Guide Resets the time on the appliance If using a time synchronization source domain controller or NTP server it will overwrite the time set manually Figure 30 Time Settings gt Time Synchronization Pop up Window Time Synchronization Choose between using the Domain Controller recommended for WFS and a Py a Er AEH E T T ets eee ATE Le ae a eee eee ep a speciied NTP Server as the source for ime synchronization on the WXA Use the Domain Controller for time synchronization NTP Server Apply Cancel e Use the Domain Controller
99. n A telerabed Corretores 250 eS it it 4 Name Description Display Drop Down Selects one of the following options Menu e Dest Port Displays the volume of data or Detemined By value com Show Top Drop Down Menu pared to the destination port numbers of the accelerated connections e Dest Address Displays the volume of data compared to the destination IP address of the accelerated TCP connections e Src Address Displays the volume of data compared to the source IP address of the accelerated TCP connections e Address on WAN Displays the volume of data compared to the destination address on the WAN of the accelerated TCP connections e Address on LAN Displays the volume of data compared to the destination address on the LAN of the accelerated TCP connections Note Connections can be initiated by a machine on the LAN or WAN Selects how many ports or IP addresses display in the graph Determined By Drop Down Menu Selects the criteria that displays in the graph Configure Button 44 Dell SonicWALL WXA 1 3 User s Guide Click the Configure button to access the advanced configuration options Advanced Options x Remote Node lt Gll gt gt mE CT Direction Threshold Total bytes Incl Nen Intercepted Connections L Apply Cancel Name Description Plot Graph Displays a graphical representation of the selected criteria Refresh Button
100. n the SSL VPN gt Server Settings page of the managing NSA TZ appliance s management interface Step 8 Click the Connect button Step 9 Once the NetExtender Client is connected click the WXAC tab and then click the Install WAN Acceleration Client button SonicWALL NetExtender User my vpn Connected 0 Days 00 00 21 a O amp Install WAN Acceleration Client x Disconnect 2 0 201 Dell If the WXAC is already installed there will be an option to upgrade to the latest version Step 10 Once the WXAC is installed click the Disconnect button The NetExtender Client login page displays SonicWALL NetExtender Server F Username Password Domain Connect Save user name amp password if server allows Ti iy E 2013 Dell Step 11 Enter the information from Step 4 in the text fields then click the Connect button This reconnects you to the server which is required in order to activate WAN Acceleration 166 Dell SonicWALL WXA 1 3 User s Guide Step 12 Once you are connected click the Properties button then select Acceleration from the left navigation menu The Acceleration screen displays NetExtender Properties a Connection Profiles Acceleration Settings 7 2 Connection Scripts Enable Acceleration 3 Proxy IP Address Port H Advanced PEREA eg 197 168 2 1 192 168 1 0 24 eg 21 Li Packet Capture Exclude Include Add Exclude Include IP Address Type
101. nable WFS Acceleration Cl Uneigned SMB E Support SMB Signing WES Acceleration Address LAN Primary IF WXA Series Appliance WXA TB20 RS Authentication Code RS35 R277 Joined Domain th20de3 soniewall com Name Description Configuration Tab Enables WFS Acceleration and allows user to choose the IP address to associate with the service See Configuration Tab on page 68 for details Statistics Tab Displays performance statistics for the WFS Acceleration service See Statistics Tab on page 70 for details Viewing the WFS Acceleration Page 67 Name Description Signed SMB Setup Tab Configures the WXA series appliance to match the details of the domain it is join ing This tab offers a simplified domain and file server configuration making it a quick and easy way to configure WFS Acceleration See Signed SMB Setup Tab on page 71 for details Tools Tab Provides diagnostic tools for the WFS Acceleration service See Tools Tab on Configuration Tab page 77 for details The Configuration tab allows you to enable the WFS Acceleration service configure SMB signing settings select an IP address object for the WXA series appliance and view info for the WXA series appliance hostname which can be configured if the WXA series appliance is unjoined authentication code and joined domain The WXA series appliance panel and Unsigned SMB checkbox may not display if the SonicOS firmware version is misma
102. ne Services page displays SonicWALL Network Security Appliance d Dashboard v F System Status Administration SNMP Certificates Time Schedules Settings Packet Monitor Diagnostics Restart be Network gt A 3c 4G Modem Manage Services Online Security Service Nodes Users 4pp Control Kaspersky Enforced Client Anti Virus and Anti Spyware McAfee Client Server Anti Virus Suite McAfee Enforced Client Anti irus and Anti Spyware App Visualization Gateway Anti Virus Anti Spyware amp Intrusion Prevention Service Deep Packet Inspection For SSL DPI SSL virtual Assist YPN Global VPN Client Global YPN Client Enterprise VPN SA SSL YPN WAN Acceleration Client WAN Acceleration Software Status Licensed Not Licensed Not Licensed Not Licensed Expired Expired Not Licensed Not Licensed Licensed Licensed Not Licensed Licensed Licensed Not Licensed Not Licensed RE Manage Service Activate Activate Activate Renew Activate Activate Upgrade Activate Upgrade Upgrade Activate Activate Click the Activate link in the Manage Service column for the WAN Acceleration Client Appendix B Configuring the NetExtender WAN Acceleration Client 161 Step 6 The License Management page displays SonicWALL Network Security Appliance bd Dashboard r System Licenses Status License Management Admristration WAN Acceleration Client Subscription SNMP Certificates pa Time WON Acceleration
103. ned 0 0 0 0 0 0 0 0 N A No link Fa F y5 Unassigned 0 0 0 0 0 0 0 0 N A No link p Add Interface Step 4 Click the Edit button in the row for the interface you want the WXA series appliance to connected to The Interface Settings gt General tab is displayed General Advanced Interface X5 Settings fone LAN hi Mode IP Assignment Static IP Mode T IF Address Subnet Mask comment Management W HTTP El HTTPS El Ping MI snme FI SSH User Login E Hurre El HTTPS Add rule to enable redirect from HTTP to HTTPS Ready OK Cancel Help Step 5 Enter and do the following e Zone Drop down LAN e Mode IP Assignment Drop down Static IP Mode IP Address Text Field Enter the IP Address for the port This example uses 10 203 30 162 e Subnet Mask Text Field Enter the subnet mask for the port This should be a subnet not already used on the network and private to the WXA series appliance 34 Dell SonicWALL WXA 1 3 User s Guide e Optional Comment Text Field Enter text that describes the device For example WXA connection e Optional Management checkboxes Select the management methods e Click OK Step 6 Navigate to the Network gt DHCP Server page Step 7 Under the DCHP Server Lease Scopes click Add Dynamic The Dynamic Range Configuration window is displayed General DAN SMINS Advanced Dynamic DHCP Scope Settings V Enable this DHCP Scope Range Start Rang
104. nel WES Acceleration WFS Acceleration Service Status on WHA Windows Domain Displays the following information for TCP Acceleration connec tions e Max The maximum number of TCP connections permitted at any instant e Peak The peak humber of TCP connections passing through the WXA series appliance during the period covered by the statistics e Current The current number of TCP connections passing through the WXA series appliance e New The number of new connections e Closed The number of closed connections Enabled for Signed SMB Running y x th20dc3 sonicwall com Since 5 13 2013 4 00 00 PM Total Data Reduction 0 0 WAN Capacity Increase Factor i Cache Size 94MB Name Description WFS Acceleration e Enabled Indicates that both the general WAN Acceleration ser vice and either of the specified WFS Acceleration Supporting Signed and Unsigned SMB switches are enabled e Disabled lIndicates that both the general WAN Acceleration ser vice and either of the specified WFS Acceleration Supporting Signed and Unsigned SMB switches are disabled Service Status on WXA Displays current status of the WFS Acceleration service reflecting both Unsigned and Signed SMB e Running Indicates the WFS Acceleration service on the WXA series appliance is accelerating wide area file sharing operations e Ready Indicates the WFS Acceleration service on the WXA series appliance is up and
105. network resources via SSL VPH technology Click a pre configured bookmark or create your own to gain secure Internet access to internal corporate resources Launch NetExtender to create an SSLVPH tunnel to your corporate network for full network access click NET to download Windows Mobile NetExtender Client cif here download Windows MetExtender Client NetExtender oy Virtual Assist Help gt gt Request Assistance oy Virtual Access Step 4 Click the Here link to download the NetExtender Client Step 5 Run the NetExtender Setup Wizard to install the NetExtender Client Refer to the SonicOS 5 9 Administrator s Guide for details on the NetExtender Setup Wizard Downloading Installing the NetExtender WXAC in the NetExtender Management Interface Step 6 Open the NetExtender Client SonicWALL NetExtender Server ES Username Password Domain Connect Save user name amp password if server allows m pa o 12012 Dell Step 7 Enter the following in the text fields Server the WAN IP address of the managing NSA TZ appliance that is on the site where the WXA appliance and server are located Enter a colon after the WAN IP address and then enter the server port number Username the username created by the Administrator Appendix B Configuring the NetExtender WAN Acceleration Client 165 Password the password created by the Administrator Domain the domain name displayed i
106. ng Active Directory Kerberos and NTLM for authentication and authorization WFS Acceleration using Signed SMB supports NTLM clients which provide credentials to the Dell SonicWALL WXA series appliance and are valid in the domain The Dell SonicWALL WXA series appliance obtains the Kerberos credentials through the Domain Controller This permits client devices which have not joined the domain to be used by users who on behalf of the client have valid domain credentials Create a DHCP scope on the managing NSA TZ security appliance before the WXA series appliance is physically connected If the branch offices have Domain Controllers and DNS Servers it is recommended that you use those DNS server addresses and domain DNS name in the DHCP scope Configure the Domain Name and Domain DNS server IP addresses in the configured DHCP scope The WXA appliance will auto discover Kerberos LDAP and NTP servers based on this type of information to assist in joining the appliance to the domain Review the LDAP Kerberos and NTP services In a multi site domain where sites and services are not explicitly configured the WXA series appliance might not choose the closest servers Introduction 17 Dell SonicWALL recommends that the WXA series appliance retrieve NIP updates from the Domain Controller Dell SonicWALL recommends that the DNS server accept secure updates Configure the zone properties of an interface to which the WXA appliance is connected a
107. ng the step by step WFS Acceleration configuration procedures Verify WFS Acceleration is working by using the Test Configuration tool available in Basic and Advanced modes Verifying WFS Acceleration in Basic Mode To verify that the WFS Acceleration service was successful using the WFS Acceleration gt Tools tab in Basic mode perform the following steps Step 1 Navigate to the WAN Acceleration gt WFS Acceleration Step 2 Click the Tools tab WAN Acceleration WES Accele rati on Signed SMB Configuration Mode Basic O Advanced Configuration Statistics Signed SMB Setup Tools Diagnostic Too Test WFS Configuration yt Test WFS Configuration Use Machine Account Credentials Run WFS Configuration Tests Step 3 In the Diagnostic Tools drop down select Test WFS Configuration Step 4 Click Run WFS Configuration Test Configuring WFS Acceleration 117 118 The results display when the test is complete Diagnostic Too Test WFS Conf iguration W Test WFS Configuration E Use Machine Account Credentials Run WFS Configuration Tests Results Used in Short Long Trusted for Accept Accepted Propagated Server Resolves To Share Config SPN SPN Delegation Delegation Connection Connection sInSSSveWEATEY sai pamase O gt O gt lt HQs2OeBconcnalicom 12188 20 o o wxa tb3ihhg tb 0de3 sonicwal com 192 158 20 1 e v ha Specific Hosts woa tb2rs thikdc3 sonicwall com 192 168 30 1 Local WKA o be
108. nly f Use any authentication protocol Expanded Add Remove Step 5 Select the setting Trust this computer for delegation to specified services only Step 6 Select the setting Use any authentication protocol Step 7 Click the Add button 154 Dell SonicWALL WXA 1 3 User s Guide Step 8 Step 9 Step 10 Multiple Names Found B l l ajx More than one object matched the name ESA Select one or more names from this list or reenter the name Matching names ih ESAES33X 559DA2 ESAES33X 559DA2S SonicWALL WES Accelera E ESAES33X 559F64 ESAES33X 559F6A SonicWALL WFS Accelera Select the computer account to which the WXA series appliance computer account can present delegation credentials For example if you were performing this configuration for a central site you would select the WXA series appliance computer account on the branch site This enables the branch site to connect to the central site and then onto the domain controller file server for accelerated sharing Select CIFS for the service Click the OK button The computer account properties window populates with the configured account ESAES33X 559F6A Properties x General Operating System Member Of Delegation Location ManagedBy Dian Delegation is a secunty sensitive operation which allows services to act on behalf of another user Do not trust this computer for delegation Trust this computer for delegation to a
109. nning SonicOS 5 8 1 0 or higher firmware Some WXA features are not supported unless running SonicOS 5 8 1 11 or higher firmware The WFS Acceleration service and Web Cache feature are not supported when running the WXA 500 Live CD in Memory mode Typically the WXA series appliances are deployed in a site to site VPN configuration through their respective NSA TZ series appliances However you can also use routing or L2 Bridge Mode refer to the SonicOS 5 8 1 Administrators Guide for details If a WXA series appliance is used in a high availability configuration a switched connection to both appliances high availability pairs is required The initial configuration of the WXA series appliance should be performed by using the WXA Setup Wizard which is available by clicking the Wizards button in the top right corner of the NSA TZ series appliance s management interface However this is currently only available if running SonicOS 5 9 firmware If your NSA TZ series appliance is using 5 8 1 x or 6 1 x firmware use the procedures in this chapter for the initial configuring of the WXA series appliance For more information on the WXA Setup Wizard refer to the SonicOS 5 9 Administrator s Guide Encrypted traffic is highly randomized and does not materially benefit from the WXA series appliance s WAN Acceleration service Therefore SSL and TLS traffic types are not accelerated WFS Acceleration using Signed SMB supports Windows file services usi
110. nosing and Testing Performance of the Web Cache on page 135 Configuring the Web Cache 131 Configuring the Web Cache Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 To configure the Web Cache page perform the following Login to the managing NSA TZ series appliance and then navigate to the Network gt Web Proxy page Select the Divert traffic to the WXA series appliance s Web Cache checkbox This enables the use of the associated WXA series appliance as a caching web proxy Selecting this option automatically fills in the Proxy Web Server and Proxy Web Server Port text fields NAT rules are automatically created for directing traffic via the WXA series appliance Click the Accept button Network Web Proxy Cancel Automatic Proxy Forwarding Web Only Proxy Web Server name or IP address 10 10 10 245 Proxy Web Server Port 3128 Bypass Proxy Servers Upon Proxy Server Failure i Forward Public Zone Client Requests to Proxy Server Divert traffic to the WXA series appliance s Web Cache Client Inclusion Address Object Any z Server Exdusion Address Object None T Note To enable Web Proxy please enable CFS on the related zones where clients are from this is not necessary when using the WXA s Web Cache Navigate to the WAN Acceleration gt Web Cache page Select the Enable Web Cache checkbox WAN Acceleration Web Cache Status Statistics Tools Apply Changes Restart Web Cache Flush Cache Admin Email
111. ny service Kerberos only Trust this computer for delegation to specified services only Use Kerberos only Use any authentication protocol Services to which this account can present delegated credentials Appendix A Configuring the WXA to the Domain Without Using the WXA Management Interface 155 If you typed SELF in the computer account for step 3 perform steps 11 and 12 Step 11 Open a cmd exe window Step 12 Set the password for the computer account where ABCD EFGH is the auth code cs Administrator C Windows system32 cmd_exe Microsoft Windows Version 6 1 7600 Copyright c 2009 Microsoft Corporation All rights reserved C Users Administrator gt C Users Administrator gt C Users Administrator gt C Users Administrator gt C Users Administrator gt C Users Administrator gt 3 a C a Users Administrator gt Users Administrator gt Users Administrator gt Users Administrator gt Users Administrator gt net user fastboxhq ABCD EFGH domain Note The password for the computer account must be the auth code found on the WAN Acceleration gt Status page on the NSA TZ security appliance Configuring Custom Zones for WXA Dell SonicWALL recommends setting a LAN zone for the zone properties of the interface to which the WXA appliance is connected to Setting the WXA appliance to a LAN zone is recommended because the default access rules associated with that zone allow traffic between the W
112. og The Log page provides a detailed list of log event messages and provides multiple options to change how the log messages display The Minimum Priority and Categories drop down menus are used to determine which logs are retrieved from the WXA The filters at the bottom of the table then determine which of those entries are actually shown on the screen Use the scroll function to load more log entries as you scroll down the page Log Minium Prigeity an W categoria zmir l Export as CSW S aireak 8 00 i Time Priority 4 07 55 2M Notice 4 07 45 PH Hie 27 28 Notice 4 06 45 P Hiie 4 10 44 PH Notice 4 06 43 PM Notice 4 05 45 PM Nols 05 26 Notice 4 05 43 PM Notice S 06 45 26 Notice eS PM Notice 4 8 3 PM Notice 4 05 45 PM Notice 205 P Notice 4 06 45 PM Notice S02 PM Notice 4 A pP jeri Fong 1 fo 20 of 100 eire Action Items Name DOANE sume update 192168901 as whas hka T DOKE suocess update WXA TEAHASI 1k sowan a 192 168 30 1 DAE sume update weeds l la hakkam a 192 168 30 1 DORE succes update 192 168 90 1 as weet 1 1 hka com DHE suooes update WOh TEAHAS1 1 tides sowan a 19215 DONE suo Update weefiaes1 le tikkima a 192 168 30 1 DORE succes update 192 168 50 1 a weet 1 1 iid socwall com 3 DDRS success upise WA TRAHRS1 Libdkkisonmcwalorn as 192 168 30 1 T DONE sume update weeds 1 la tikkan a 192168301 DONE succes update 192168301 as vbs iid sonicwall com DONE success update WiL TEAPRS1 1 iia
113. ogs as comma separated values for the time priority category and message fields Name Description Time Displays the time the event was logged Priority Organizes the log entries by priority Category Organizes the log entries by category Message Displays the log message Dell SonicWALL WXA 1 3 User s Guide Appendices 152 Dell SonicWALL WXA 1 3 User s Guide Appendix A Configuring the WXA to the Domain Without Using the WXA Management Interface This appendix contains procedures to configure the WXA series appliance to the domain without using the WAN Acceleration management interface Note Although this type of configuration is supported Dell SonicWALL does not recommend configuring the domain this way This appendix contains the following subsections e Automatically Joining the Domain on page 153 e Configuring Custom Zones for WXA on page 156 e Configuring Reverse Lookup on page 157 e Manually Adding SPN Hostnames in DNS on page 158 Automatically Joining the Domain To automatically join the WXA series appliance to the domain perform the following steps Step 1 Access the domain controller and create a computer account The computer account must use the default hostname or a hostname specified in the Domain Details tab the name of the WXA series appliance If anew hostname is entered in the Domain Details tab in the WAN Acceleration management interface it overrides the default hostname
114. omain controller To edit the server name you must first unjoin the domain and then click the Edit button The Kerberos Server pop up window appears see on page 86 for details LDAP Server Sets the Lightweight Directory Access Protocol LDAP server on the network The port number defaults to 389 This server is typically the domain controller Joined Domain Checkbox Machine Account Exists Checkbox Read only Indicates the device has joined the domain Read only Indicates an account matching the hostname of the device is found on the domain The computer account password is set to the authorization code Trusted for Delegation Read only Indicates that the computer account of the WXA series appliance on the Domain Controller is trusted for delegation This is a necessity and requires the administrator to configure the domain controller to confirm that the WXA series appli ance can be trusted for delegation Note This field is updated by clicking the Update Domain Records buiton It can also be updated directly on the domain controller Trusted for Delegation to Reverse DNS Lookup Read only Displays a list of all the trusted remote servers and WXA series appli ances Note This field is updated by clicking the Update Domain Records buiton It can also be updated directly on the domain controller Displays DNS info if the WFS Acceleration address is correctly resolved to the WXA series ap
115. on WXA Interface WXA IP Address 10 0 30 131 Step 12 In the WXA Appliance Configuration panel click the WXA Interface drop down list and select the X5 interface Step 13 Select the Enable WAN Acceleration checkbox Step 14 Click the Apply Changes button Step 15 Confirm that the NSA TZ series appliance has a DCHP lease for the WXA series appliance Navigate to the Network gt DHCP Server page DHCP Server Bacen cone DROP 4 Serre Leare SOOME mmi Joaca E e ea j Ol i remie Range 00W 10 0305 x Ej FR Fz tremi Range 100305 100 30 5 a j FNR O Trame Range 197 165 30 7 15716230254 xo ca Fi Add Onamiz Add Static Dea Daine AJ O 1 Dam SOLE L ELES GSS ALE Dynamic Kx 36 Dell SonicWALL WXA 1 3 User s Guide Step 16 Navigate to the WAN Acceleration gt Status page WAN Acceleration Status Status Settings Apply Changes Probe for WXA Create static DHCP lease for WXA WXA Appliance Configuration Enable WAN Acceleration WEA Interface 7 WA IP Address 10 0 30 131 Step 17 Click the Settings tab Step 18 Click Create static DHCP lease for WXA A DHCP lease will be set for the WXA series appliance Step 19 Verify that the lease was created Navigate to the Network gt DHCP Server page A dynamic range is set for the WXA appliance Network DHCP Server Accept Cancel DHCP Server S
116. on page 92 When the Edit button is clicked the Edit Server Details window is displayed see on page 93 Add New Share Link Adds a new share to a remote server When clicked the Add Share Pop up window is displayed see on page 94 Viewing the WFS Acceleration Page 91 92 Name Description Name Column Displays the name of the shares set on the server Cache Enabled Column Indicates whether caching is enabled checked or disabled unchecked Cache Read Ahead Column Displays the size of the read ahead buffer Configure Column Displays an Edit and Delete button Click the Edit button to modify the configuration of the share Click the Delete button to remove the share from using the server When the Edit button is clicked The Edit Share Details pop up window is displayed see on page 94 Figure 26 Delete a Server Delete Server a Are you sure you want to delete the selected server from the configuration This will albo remove all of the associated shares Update Domain Records Lv H Delete Cancel Name Description Update Domain Records Removes any domain records that are no longer needed as a result of remov checkbox ing the file server from the configuration Delete Deletes the file server from the configuration Cancel Cancels the delete server request and closes the pop up window Dell SonicWALL WXA 1 3 User s Guide Figure 27 Add Server and Edit Server Details Pop up Win
117. on tab using Unsigned SMB gives you the options to enable the WFS Acceleration service and configure Server Message Block SMB signing settings Name Description Apply Changes Button Applies the latest configuration settings Bypassed Displays a pop up window with a list of connections that have either been Enable WFS Acceleration Checkbox excluded from the acceleration process or failed Bypassed Addresses x a o IP Address Port Reason Lifetime Created Updated Expires 192 168 20 100 445 Traffic not compressing wel 300 10 10 2012 10 10 2012 10 10 2012 12 59 41 12 59 51 13 04 51 Close Enables the WFS Acceleration service on the WXA series appliance This checkbox is enabled when the Unsigned SMB checkbox is enabled Unsigned SMB Checkbox Support SMB Signing Check box Enables transparent WFS Acceleration on networks that do not use SMB signing This checkbox is enabled by default Enables support for SMB signing This requires the WXA series appliance to be joined to the domain This checkbox is disabled by default For more information refer to the WFS Acceleration Page Using Signed SMB on page 67 Note If this checkbox is disabled the WXA series appliance panel is hidden Viewing the WFS Acceleration Page 65 Statistics Tab The Statistics tab displays performance statistics for the WFS Acceleration service Note The WFS Cache statistics displayed in this page only represent Signed SMB traffic If yo
118. on the DC and DNS servers For PTR records to be updated relevant Reverse Lookup Zones must be configured on the DNS servers Networks used for Reverse Lookup Zones depend on whether WFS acceleration is using NAT If using NAT the WXA appliance uses the NAT IP for WFS services and only the X0 subnets are used as networks in Reverse Lookup Zones If the WXA appliances are not using NAT the Reverse Lookup Zone network must also be configured for WXA subnets on both locations To add a PTR record perform the following steps Step 1 Navigate to your DNS on the data center and remote locations Step 2 Expand the Reverse Lookup Zones folder Step 3 Right mouse click on the subnet you want to add a new PTR Step 4 Select New Pointer PTR in the pop up menu The New Resource Record window appears Step 5 Enter the subnet in the Host IP number field Step 6 Enter the Host A record name in the Host name text field and then click OK Step 7 Verify that the PTR record is created in the Reverse Lookup Zone folder Appendix A Configuring the WXA to the Domain Without Using the WXA Management Interface 157 Manually Adding SPN Hostnames in DNS In the event that SPN hostnames are not added automatically the Domain Administrator can manually add SPN hostnames in the DNS Perform the following steps Step 1 Navigate to the DNS on the central and branch sites Step 2 Expand the Forward Lookup Zones Step 3 Right click on the subnet you wi
119. onfigured to use Unsigned and or Signed SMB Unsigned SMB is used for networks that do not require traffic signing Signed SMB is used for networks that require traffic signing for security reasons and provides two configuration modes for the WFS Acceleration service Basic or Advanced The Basic configuration mode provides basic WFS Acceleration configuration options for a quick and easy deployment of the WFS Acceleration feature The Advanced configuration mode provides detailed WFS Acceleration configuration options for the domain details and file shares Part 5 Web Cache Covers the management interface functions and configuration procedures for the Web Cache page Configure monitor and diagnose the Web Cache feature using the Status Statistics and Tools tabs Part 6 System Details the System page describing the management interface functions and configurations procedures for the System Status Interface Status Management Settings and Firmware tabs Part 7 Log Covers the Log page which displays a detailed list of the Dell SonicWALL WXA series appliance s log event messages This page has multiple options to customize how log event messages are viewed Part 8 Appendices This part contains appendices for configuring the WXA series appliance to join the domain without using the WAN Acceleration management interface and for configuring the NetExtender WAN Acceleration Client WXAC 10 Dell SonicWALL WXA 1 3 User s Guide Guid
120. onicOS 5 9 Administrator s Guide The WXA series appliance should automatically discover the domain details if 1 The DNS server can reverse resolve its own address into a hostname within the domain 2 The domain is specified using DHCP and the DNS server resolves that to the address of a Domain Controller Specifying the domain using DHCP is not directly considered auto detecting and it is nota requirement for the DNS server to be a Domain Controller although it is most common However it is required for the DNS server to be a domain DNS server problems can occur if any non domain DNS server is used Also some types of independent DNS caches and servers might cause issues If the WXA series appliance has not joined the domain the Signed SMB Setup tab displays a Join Domain button and a note that the WXA series appliance has not yet joined the domain Figure 3 WFS Acceleration gt Signed SMB Setup Domain Not Joined WAN Acceleration WFS Acceleration Signed SME Configuration Mode Basic Advanced Configuration Statistics Signed SMB Setup Tools Join Domain Domain Details Domain th20dc3 sonicwall com A The WXA series appliance has not yet joined the domain Hostname WXA TB20 R5 F ix Name Description Join Domain button Joins the WXA series appliance to the domain Your Administrator s credentials must be entered to join the domain Domain read only Displays the domain your WXA series applian
121. op updates on the page Status Panel Statistics Panel Displays the following Read Only information e IP Address e Default Gateway e Primary DNS Server e Secondary DNS Server e MAC e MTU DHCP is used to obtain some of this information You can also configure the MTU in this panel see on page 143 Displays the following Read Only information Packet flow information using active flows Number of bytes Packet Count Packet Errors Dropped Packets Collisions Actual MTU Ping Gateway Sends a ping request to the NSA TZ series appliance The WXA series appli ance uses Address Resolution Protocol ARP to ping the gateway Renew DHCP Lease 142 Dell SonicWALL WXA 1 3 User s Guide Renews the DHCP lease for the WXA series appliance Note This can drop existing accelerated connections if a static lease has not been configured or has been changed and the WXA address changes as a result Figure 31 Maximum Transmission Unit Maximum Transmission Unit MTu 1500 Cancel e MTU Text Field The Maximum Transmission Unit MTU e Apply Button Applies all changes e Cancel Button Cancels the operation Management Tab system System States Apply Changes SNMP O Bashe SHMI Communities 444 Mew Community ame SNMP Name Management Settirgs Finmware Syslog Server Server TP Stute Corfiyure Description SNMP Panel Enables the simple network monitoring
122. ote file server from the drop down list Local WXA Name text field Enter a name for your local WXA series appliance Adding a dot at the end of the name auto completes the name with that of the domain Apply button Adds the file server to the WXA series appliance for sharing After clicking the Apply button an SPN Alias is created using the local WXA name and the domain records are added to the server requiring the Administrator s credentials Cancel button Cancels the information entered and closes the Add Server pop up window 76 Dell SonicWALL WXA 1 3 User s Guide Figure 10 Update Domain Records Pop up Window Update Domain Records x Adds any missing domain records and removes stale records required for the oome functioning of WFS Acceleration Enter the username and password of a domain Administrator or other suitabhy qualified user Username Password Update Records Cancel A Name Description Username text field Enter your Administrator s username Password text field Enter your Administrator s password Update Records button Updates any missing domain records required for the WFS Accelera tion feature to function correctly Cancel button Cancels any information entered and closes the Update Domain Records pop up window Tools Tab The Tools tab provides diagnostic tools for the WFS Acceleration service WAN Acceleration WES Acceleration Signed SMB Configuration Mode
123. our Administrator credentials Step 8 Click the Update Records button 106 Dell SonicWALL WXA 1 3 User s Guide Add File Server 2 Step 9 Click the Add Server button The Add Remote Server pop up window displays Add Remote File Server x Select a remote file server from those discovered on the network The remote server should be a Windows file server hosting shared folders and files The WXA will attempt to discover the next hop WXA configured to provide accelerated access to that server Type a unique name or ates for the local WXA adding a dot will auto complete the name with that of the domain This is the name that should then be used in paths to folders and files on the remote server in order for file sharing operations to benefit from WFS Acceleration For example if the current path is remote_server docs under WFS Acceleration it will become local_ wxa docs After adding the server you will be prompted for an Administrator s credentials so that the necessary records can be created on the domain File operations to all of its shared folders and documents will be accelerated If you wish to limit WES Acceleration to specific shares this can be configured on the WFS Shares page in Advanced Configuration Mode File Server File Server 2 Local WXA Name WXA 2000 R5 2 Apply Cancel f Step 10 Click the File Server drop down list and then select name of the remote file server hosting the shares
124. page 90 detailing the results of the procedure Auto discovered Domain Panel the panel name changes depending on whether the domain is auto discovered or configured Fully Qualified Domain Name The fully qualified domain name FQDN of your Windows domain that the WXA series appliance joins To change the FQDN you must unjoin the domain Click the Edit button to modify the FQDN see on page 85 for details NETBIOS Domain If you configured the FQDN at initial setup and join or tired to join the domain the WXA series appliance should auto discover the corresponding NETBIOS domain Click the Edit button to configure the FQDN and the NETBIOS Domain see on page 85 for details Changing the FQDN or the NETBIOS Domain after joining the Windows domain requires the device to rejoin the domain Hostname Displays the hostname for the WXA series appliance Click the Edit button to modify the hostname see on page 85 for details Changing the hostname requires the old computer account to be manually deleted from the domain controller Kerberos Server The FQDN of the Kerberos server or an IP address not recommended on the Win dows Domain Joining the domain with the Kerberos server specified as an IP address causes a failure unless reverse DNS lookups have been configured on the DNS server The alternative is to provide the name of the Kerberos server The port number defaults to 88 This server is typically the d
125. pliance s hostname Other System Settings Panel Time Synchronization Source Displays the server that the WXA series appliance will synchronized its clock with This server is usually the Domain Control because the WXA series appliance s clock must closely match that of the Domain Controller s clock Click the Edit button to modify the server see on page 87 Primary DNS Server Read only Displays the current primary DNS server IP address which must be a domain DNS server for WFS Acceleration to function properly Secondary DNS Server Dell SonicWALL WXA 1 3 User s Guide Read only Displays the current secondary DNS server IP address This must also be a domain DNS server for WFS Signed acceleration to function properly Figure 17 Configure Domain Pop up Window Configure Domain J a J scovered domain wafs wanopt jdtest ace Fully Qualified Domain Name E Use Discovered value for NETBIOS Domain NETBIOS Domain R Name Apply Cancel Description Fully Qualified Domain Name The FQDN for the Windows domain that the WXA series appliance will join Use Discovered value for NETBIOS Domain Checkbox When checked enabled uses the NETBIOS name that is derived from the discovered domain NETBIOS Domain Text Field Enter the NETBIOS name for the domain Note Not necessary if the checkbox is selected Apply Button Cancel Button Applies all changes
126. ration Page 89 Figure 24 Update Domain Records Pop up Window Update Domain Records x Summary of Results Successfully updated domain records Details 1 li a E a 1 T wn 1 1 1 i 1 i i l 1 r oe Check domain controler name for toida tobora sonit walom lny ENPE EO Pee ee ririn ee hle ee ee oe ee eee a Lae COTS CONOR Scenes TOE COLAC SA DOs ST Sl ODE e082 880900 0880 m m 5 Name Description Summary of Results Read only Displays a summary of results after the WXA series appliance runs the Update Domain Records feature Details Read only Details the steps performed in the Update Domain Records pro cedure A green circle indicates a pass and a red circle indicates a failure 90 Dell SonicWALL WXA 1 3 User s Guide Shares Tab The Shares tab configures the WXA series appliance to accelerate specific shares and servers This tab is only available in Advanced configuration mode Note Basic mode is the preferred way to configure WFS Acceleration only use Advanced mode if you need to specifically define the server or share name Figure 25 WFS Acceleration gt Shares WE S AC ce e rati on Signed SMB Configuration Mode Basi advanced Configuration Statistics Domain Details Shares Tools Apply Changes Add Server Update Domain Records Default Default Remote Server Name Local WXA Name Cache Cache Configure Enabled Read Ahead thiddicd de wis WHA TB20
127. re names The preferred way to configure WFS Acceleration is to use the Basic configuration mode While in the Domain Details or Shares tab you can select the Basic radio button at any time directing you to the Signed SMB Setup Tab on page 71 if you wish to use the simplified configuration procedure for the domain Note Servers configured in Advanced mode may not be visible in the WFS Acceleration gt Signed SMB Setup tab in Basic mode due to the specific naming convention used in Basic mode However the servers are still part of the configuration and file operations will still be accelerated I Ak eee ee 17 WAN Acceleration WFS Acce le rati on Signed SMB Configuration Mode Basic Advanced Configuration Statistics Domain Details Shares Tools Apply Changes WFS Acceleration E Enable WFS Acceleration Cl Unsigned SMB E Support SMB Signing WES Acceleration Address LAN Primary IP t WXA Series Appliance Hostname WXA TB2D RS Authentication Code RS3S R277 Joined Domain th20dc3 sonicwall com Name Description Domain Details Tab Configures the WXA series appliance to match details of the domain it is joining This tab offers advanced configuration procedures for joining the domain See the Domain Details Tab page 82 for details Shares Tab Configures the WXA series appliance to accelerate specific servers and shares Available only when using the Advanced configuration mode See the Share
128. rformance of your Dell SonicWALL WXA series appliance 18 Dell SonicWALL WXA 1 3 User s Guide Navigating the Management Interface Navigating the WAN Acceleration management interface includes a hierarchy of menu buttons on the navigation bar left side of your browser window When you click a menu button related management functions are displayed as submenu items in the navigation bar aie al If the navigation bar continues below the bottom of your browser an up and down arrow symbol appears in the bottom right corner of the navigation bar Mouse over the up or down arrow to scroll the navigation bar up or down f Aa 36 Modem b sonicPoint p g Firewall e Gel Firewall Settings 6 vor FL Anti Spam b Lii SSL VPN b amp Users b High Availability d y Security Services Status TCP Acceleration WES Acceleration Web Cache System Log P b Eoy Log w Common Icons in the Management Interface Status Bar The following describe the functions of common icons used in the WAN Acceleration management interface e Clicking on the edit icon displays a window for editing the settings e Clicking on the delete jx icon deletes a table entry e Moving the pointer over the Tooltip icon displays a description of the component The Status bar at the bottom of the management interface window displays the status of actions executed in the management interface Status Ready Introduction 19 Appl
129. s Operational Service Status on WHA Running Uptime 64 days 23 hrs Since 6 6 2013 11 00 00 AM Model Number WA 4000 Total Data Reduction 48 4 Serial Number OOI7CS554134 WAN Capacity Increase Factor 1 3 Authentication Code 328G FCFS Coumedi Firmware Version 1 2 1 1 2 Hax 1200 7 i Carrel g New 11 11 WFS Acceleration Web Cache WFS Acceleration Enabled for Signed SMB Web Cache Enabled Service Status on WXA Running Service Status on WA Running Windows Domain hik iao Since 5 13 2013 11 00 00 AM Since 5 13 2013 12 00 00 PM Total Data Reduction 100 0 Total Data Reduction Y0 D0 WAN Capacity Increase Factor E WAN Capacity Increase Factor 10 Cache Size 16 93 MB Cache Size 94 MB Cache Free Space 62 48 GE al Number of Cached Objects 13 Name Description Action Items Provides the options to Refresh and Probe for the WXA series appliance WXA System Information Panel TCP Acceleration Panel See Action Items on page 27 for details Displays system details of the WXA series appliance See WXA System Information Panel on page 27 for details Displays the status of the TCP Acceleration feature See the TCP Acceleration Pane on page 28 for details WES Acceleration Panel Displays the status of the WFS Acceleration feature See the WFS Acceleration Pane on page 29 for details Web Cache Panel Dell SonicWALL WXA 1 3 User s Guide Displays the status of the Web Cach
130. s Tab on page 91 for details Viewing the WFS Acceleration Page 81 82 Domain Details Tab The Domain Details tab offers an advanced configuration of the domain providing more options and details than the Basic mode s Signed SMB Setup tab The WXA series appliance may automatically discover the domain details if the DNS server configured on the NSA TZ series appliance is a domain controller and the DNS server is correctly configured in the domain If the domain name is not auto discovered the Domain Details tab requires you to enter the basic details for a domain Figure 15 WFS Acceleration Name Not Auto discovered reler WAN Acceleration WFS Acceleration Signed SMB Configuration Mode O Basic Advanced A e A Windows domain has not been discovered or configured Configure a domain for the appliance to join on the Domain Details page You must then configure the servers and shares to which acceleration will be applied see Shares page Configuration Statistics Domain Details Shares Enter Domain Details No domain details can be discovered from the network You can configure a domain manually by completing the following form and applying the changes Fully Qualified Domain Name Hostname ESAES33x 7F5108 i Kerberos Server 88 s Apply Changes Dell SonicWALL WXA 1 3 User s Guide If the domain name is auto discovered the Domain Details tab displays the configured domain details and option
131. s a LAN zone Refer to the following KB articles for more information httos www fuzeqna com sonicwallkb ext kbdetail aspx kbid 10781 httos www fuzegqna com sonicwallkb ext kbdetail aspx kbid 10738 Supported Platforms WAN Acceleration is currently available in the SonicOS Management Interface on the following appliance models NSA E Series appliance NSA Series appliance TZ Series appliance WXA Series Appliance Management Interface User Interface The Dell SonicWALL WXA series appliance s Web based management interface provides an easy to use graphical interface for configuring your Dell SonicWALL WXA series appliance All configuration procedures for the Dell SonicWALL WXA series appliance are performed through the Dell SonicWALL NSA TZ series appliance s management interface The following sections provide an overview of the key management interface objects User Interface on page 18 Navigating the Management Interface on page 19 Common Icons in the Management Interface on page 19 Status Bar on page 19 Applying Changes on page 20 Tooltips on page 20 Getting Help on page 21 Table statistics and log entries update within the user interface without requiring users to reload their browsers This lightweight user interface is designed to have no impact on the Web server CPU utilization bandwidth or other performance factors You can leave your browser window on an updating page indefinitely with no impact to the pe
132. s about the current firmware and the steps for upgrading See the Firmware Tab on page 145 for details Viewing the System Page 139 System Status Tab system Sysbem Status Interface Status Marae cont Sethrigs Finmware Diagnostics Report Power Off eboot Set Time m c i System Information Time Settings Medel Humber WA 4000 Time Synitchreniaton aids Gemain 2 z cores E Soue dbk sowa o Controler Serial Number M017 CS55410E z A 23 441 0A 20412 re Firmware Version 110011 Sita lian 18 23 41 06 2012 16 23 41 08 2012 Leta Time cori Ciiert Fon Jan 16 15 42 24 2012 System Statistics RAID Load ye Status F Uphme 3 irs 2 Preteen Name Description System Information Panel Read only Displays the following information e Model Number e Serial Number e Firmware Version Time Settings Panel System Statistics Panel Configure the time synchronization source refresh the UTC time or view the local time on client It is recommended to synchronize the time between the WXA series appliance and the domain controller However you can configure an NTP server to synchronize time with the WXA series appliance if WFS Acceleration Signed SMB is not required NTP servers issue time as UTC and time zones do not affect the time received by the NTP servers Read only Displays the following information e Load e Uptime e Number of processes RAID Panel Refresh Button Diagnostics Report Butto
133. s and configured servers panels Click the Local radio button to configure servers on the local site and the Remote radio button to configure servers on a site that is remote from the location of the local site Note The central site s administrator should configure their local servers first before the branch site administrator configures their remote servers For example if you are at the central site you would configure the local File Servers so that they can be accessed from the branch sites Viewing the WFS Acceleration Page 73 The configured servers information changes when toggling between the Local and Remote radio buttons as seen in the two figures below Figure 6 tion a ie WFS Acceleration Configuration Statistics Add Server Update Domain Records Domain Details Domain tb2idc3 sonicwall oom Hostname WXA ThMI RS Configured File Servers Signed SMB Setup Signed SMB Setup for the remote site Signed SMB Configuration Mode Basic O Advanced Tools File Servers to Show C Locs Remote 3 Domain il Via Next Hop WNA l A Man TT File Serwer ia op Local WXA Name penan Remowe thAidc3dc tb2idc3 sonicwall com thAid 3dc via WXA TEA H Q thitdcd sonicwall com wea th2QHs thifde sonicwrall con x TE20DC3 F5 tb20dc3 sonicwallcom TE200C3 F5 wia WXA TB2 HQ tb2idc3 sonicwalloom wxa tb2l rs1 tb2kic3 sonicwall oum ot Figure 7 WF BETZ S Acceleration Configuration Stat
134. s for configuring the domain Figure 16 ETI W FS Acceleration Confiq uratani Stabs Advanced Options Rejoin Domain WFS Acceleration Name Auto discovered Signed SMB Configuration Mode eric C advanced Ceemain Details Shares Testes Unjoin Domain Test Configuration Restart WFS Update Domain Records Auto Discovered Domain The information shonn in Ge table hes Been diecowered from Ge network Certan feels can be qwenikden by beng configured manually Hoever pou will fewe fo fene the a Rell Gre NETEDOS mame o Fe mance jan tite danan in onder fo change sie fhe doman apime heime Aier which re agoiience wall need fo join fhe domain again Fully Qualified Dom n Mame fatOde3 sorcwall caom Diiia b NETRIOS Dumain TEZO Discovered Hostname WA TEARS Configured b Kerberos Serner hakk Hikihiki oiiaao 34 Dictee F i LDAP Semer hakke tikk sonicwvallcom 389 Discowered j Jcired Domain G i Machine Account Exists Trested for Delegation Specific Heis Al Prios i Trusted for Delegation bi j Dadi WA TESHD a E r TEI A TEA Ak awal om Reverse DNS Leckup G be 152 168 5901 conectly reves bo aabaki soncwall oom Other System Settings Othe system sing heal also affect te functioning of Che WPS Accelersiion module are shonn below Time Syinchroniza bon Source fia hsidcSsonicwallocom Dem aan Conmbroler a Pomary DAES Server 192 168 30251 DHCP a 4 Secondary DMS Server Name
135. s i G 0 gt Rewerse DNS 192 158 30 1 comecthy resolves to wea thaders tb2tdc3 sonicwall com The Test WFS Configuration page displays the test results for the WFS Acceleration service A green circle indicates a successful configuration and a red circle indicates an error Hover over the circle icons to display the details for that configuration The results are listed in a table with the following columns Name Description Server Display the remote server or local WXA names Resolves To Displays the IP address that the WXA series appliance is resolved to Used in Share Config Displays the server that is used for sharing This can be an actual server or a WXA series appliance Short SPN Verifies a short SPN is present on the machine account Long SPN Verifies a long SPN is present on the machine account Trusted for Delegation Lists the general server or specific hosts that are trusted for delegation by the WXA series appliance Accept Delegation Displays the hosts that are trusted to present delegated credentials to the WXA series appliance Accepted Connection Verifies the server accepted an authenticated connection Propagated Connection Verifies the server propagated an authenticated connection Reverse DNS Dell SonicWALL WXA 1 3 User s Guide Displays the Reverse DNS address path Verifying WFS Acceleration in Advanced Mode Step 1 Step 2 Step 3 To v
136. s to get accelerated access to remote shares A different local name alias should be used for each remote server Note If the Update Domain Records checkbox is enabled the WXA series appliance will attempt to create a DNS record for each of the service principal name SPN aliases The local device name must resolved to the public IP address The DNS Server IP address is identified on the Domain Details Tab page 82 of this WXA These records can also be added later by clicking the Update Domain Records button Default Cache Enabled Checkbox When enabled checked shares are stored in the default cache This option is enabled by default When a file is requested that is also available in the cache the WXA series appliance serves the data from that cache as long as the cache file is valid If the original file has changed the parts of the cache that are still valid may be used This process reduces the need for data to be sent over the network This option can be overridden for individ ual shares Default Cache Read Ahead Text Field Add Server Pop up only The default size measured in bytes for read ahead speed in the cache The default cache read ahead value is 61440 bytes To calculate this value multiply the link latency in milliseconds by the measured site to site bandwidth in kilobytes per second and divide that by the number of simultane ous file access users This option can be overridden for individual shares
137. server is not in the list toggle the radio button and enter it manually in the text field Step 3 Enter a Local WXA Name WXA 2000 RS 2 Then add a period after the name Step 4 Click Apply The Update Domain Records pop up window displays Update Domain Records x Adds any missing domain records and removes stale records required for the comect functioning of WFS Acceleration Enter the username and password of a domain Administrator or other suitabhy qualified user Username Sd Update Records Cancel Step 5 Enter your Administrator credentials Step 6 Click the Update Records button Configuring WFS Acceleration 115 116 The Shares tab displays the configured file servers HA A a WAN AS SLAI WFS Acceleration Configuration Apply Changes Remote Server Name WEA OO0 05 1 Dell SonicWALL WXA 1 3 User s Guide Add Server Configuration Mode D Besi Domain Details Shares Tools Add Domain Records Default Cache Enabled WERA 2O0O R3 1 g WE A 2 OU RS 2 Adv Configure Shares Add New Share Cache Enabled ALL FE SHARES Shares Add New Share Cache Enabled EF Cache Read Ahead 61440 Configur FIK Verifying the WFS Acceleration Configuration This section details how to verify that the WFS Acceleration service is configured correctly Note These verification procedures only apply to systems using Signed SMB After completi
138. sh to add a new Host A record Step 4 Select New Host A in the pop up menu The New Host window is displayed Step5 Enter the hostname for the central and remote DNS servers Note The newly created hostname for the central and branch sites should be updated with the NAT IP of the XO interface on the NSA TZ series appliance that is located at the central and branch site respectively Central Site Branch Site ST 2x aixi e uses parent domain name if blank Mame 5 parent domain name if blank Weie 000 65 Vesa 2000 SPi5 Fully qualified domain name FQDN J Fully qualified domain name FOON Wit4 4000 GM5 utm soniclab us I Create associated pointer PTR record Tallow any authenticated user to update DNS records with the samne OWE name Step 6 Wr A 2000 GM5 utm soniclab us IP address faz 168 240 1 W Create associated pointer PTR record Allow any authenticated user to update DNS records with the same owner name Ping the IP addresses at the central and branch sites to verify correct connectivity E g The WXA 4000 resolves to X X 1 100 and the WXA 2000 resolves to A A 240 1 158 Dell SonicWALL WXA 1 3 User s Guide Overview Appendix B Configuring the NetExtender WAN Acceleration Client This appendix provides configuration procedures for activating installing and enabling the NetExtender WAN Acceleration Client WXAC The configuration procedures are split into two p
139. size total data reduction WAN capacity increase factor cache size cache free space and number of cached objects See Statistics Tab on page 126 for details Tools Tab Offers DNS Name Lookup and Web Request diagnostics tools to test the Web Cache performance See Tools Tab on page 129 for details Viewing the Web Cache Page 123 Status Tab 124 WAN Acceleration Web Cache Status Statistics Tools Apply Changes Restart Web Cache Flush Cache Admin Email a Web Cache Enable Web Cache Client Inclusion Address Object Any 7 Server Exclusion Address Object None 7 Caching Strategy Moderate Note enabling the WXA Web Cache affects settings on the Network Web Proxy page Cache Status Operational Status Web Cache service is running normally Web Requests ie Response Time 4 01 seconds i Cache Size 0 00 KE Cache Free Space 59 57 GB Number of Cached Objects D Name Description Apply Changes Button Applies the latest configuration changes Restart Web Cache Button Restarts the Web Cache service This disconnects any currently open connections Flush Cache Button Removes all the data from the Web Cache This also restarts the Web Cache service disconnecting any open connections Admin Email Button Configures the Administrator s Email address The Administrator s Email address is shown in the Web Cache error pages these are pre sented to a network user in the event of an error Refresh Bu
140. socwallcom as 192 168 30 1 DORE sume update weet 1 la hakkam a 192 168 3 1 DOE suns update 192168301 as wef 1 1 id sonicwalll com DONS success update WOL4 TE ARES I 1 ae socwalloom a 192 168 3 1 F DORE suns update weeiiahes1 laliideS socwalllcom a 152 168 3 1 DEE success upise 192 168 30 1 m weet 1 3 sowan MER meee viata WEA TENITI NT ennall em ae 157 148 Yt x Description Minimum Priority Displays the log entries of the selected priority or higher by using severity Categories Displays the log entries of the selected categories Entries Selects the number of entries retrieved and displayed in the logs list Depending on the number selected you may need to scroll through the table to view all the log entries Refresh Refreshes the WAN Acceleration gt Logs page The refresh interval can be entered in the box to the right of the Refresh symbol The interval can be increased to a maximum of 999 seconds Click the Refresh button to manually update the Logs page Click the Pause button to stop updates on the page Viewing the Log Page 149 150 Name Description Filter by Filter the results by selecting from the drop down lists and entering text into the priority category and message text fields The filters you select determine which of the log entries retrieved from the WXA series appliance are displayed on the Log screen Export as CSV Column Headings Download all l
141. t Licenses page in the SonicOS management interface Manage Services Online Security Service Status Manage Service Nodes Users Licensed 4pp Control Not Licensed Kaspersky Enforced Client Anti Virus and Anti Spyware Not Licensed Activate McAfee Client Server Anti Virus Suite Activate McAfee Enforced Client Anti Virus and Anti Spyware Not Licensed Try Activate App Visualization Expired Gateway Anti Virus Anti Spyware amp Intrusion Prevention Service Expired Renew Deep Packet Inspection for SSL DPI SSL Not Licensed Try Activate Virtual Assist Not Licensed Try Activate YPN Licensed Global YPN Client Licensed Upgrade Global YPN Client Enterprise Not Licensed Activate VPN SA Licensed Upgrade SSL VPN Licensed Upgrade WAN Acceleration Client Not Licensed Activate WAN Acceleration Software Not Licensed Activate Chapter 4 Configuring the WXA Series Appliance Configuring Network Interfaces The initial configuration of the WXA series appliance should be performed by using the WXA Setup Wizard which is available by clicking the Wizards button in the top right corner of the NSA TZ series appliance s management interface However this is currently only available if running SonicOS 5 9 firmware If your NSA TZ series appliance is using 5 8 1 x or 6 1 x firmware use the procedures in this chapter for the initial configuring of the WXA series appliance For more information on the WXA Setup Wizard refer to the SonicOS 5
142. t Licensed Activate Licensed Upgrade Licensed Upgrade Licensed Upgrade Mot Licensed Activate Users Unlimited 10 Configuring SSL VPN for the NetExtender WXAC Connection Step 7 Navigate to the SSL VPN gt Server page and then configure the server settings Step 8 Navigate to the SSL VPN gt Client page and then configure the client settings Refer to the SonicOS 5 9 Administrator s Guide for details on configuring the server and client settings Configuring the User Credentials for the NetExtender WXAC Step 9 Navigate to the Users gt Local Users page and configure user credentials for the clients that will be using the NetExtender WXAC Refer to the SonicOS 5 9 Administrator s Guide for details on configuring user credentials Enabling WXAC on the WXA Appliance Step 10 Navigate to the WAN Acceleration gt Status page Step 11 Click the Settings tab WAN Acceleration Status Status Settings Apply Changes Probe for WXA Create static DHCP lease for WAA WXA Appliance Configuration V Enable WAN Acceleration WXA Interface X2 WXA IP Address 192 168 10 24 WXAC V Enable NetExtender WAN Acceleration Client WXAC Active Licenses Currently in Use 53 Step 12 Select the Enable NetExtender WAN Acceleration Client WXAC checkbox Step 13 Click the Apply Changes button Appendix B Configuring the NetExtender WAN Acceleration Client 163 Configuring WXAC on a Remote PC This section shows t
143. tched Figure 2 WFS Acceleration gt Configuration WWAN WES Acceleration Signed SMB Configuration Mode C kei C Advanced Contiquratori Stathers Sigord SMB Sebup Tirolis WFS Acceleration Enable WFS Acockeration Ol unsigned see Support SME Syring WFS Acceleration Address LAN Primary IP WXA Series Appliance Hostname WHA TEAERS Authentication Code RERIT Joined Domain thak soniewall com Name Description Apply Changes Button Applies the latest configuration settings Enable WFS Acceleration Checkbox Enables the WFS Acceleration service on the WXA series appliance Ena bled when Support SMB Signing checkbox is enabled Unsigned SMB Checkbox Enables transparent WFS Acceleration on networks that do not use SMB signing Enabled by default for more information refer to the WFS Accel eration Page Using Unsigned SMB on page 65 Support SMB Signing Check Enables support for SMB signing This requires the WXA series appliance box to be joined to the domain This checkbox is enabled by default Note If this checkbox is disabled the WXA series appliance panel is hidden WFS Acceleration Address Sets the address object that represents the IP address that the WXA series Drop down Menu 68 Dell SonicWALL WXA 1 3 User s Guide appliance will use when connecting to servers and clients Name Description Hostname Displays the hostname of the WXA series appliance
144. te Once both routing policies have been created and configured to permit TCP Acceleration see Configuring the TCP Acceleration gt Configuration Tab page 56 to finish configuring the TCP Acceleration service The illustration below displays the configuration between two non VPN sites Refer to this Illustration as an example for the steps in the following sections e Configure Routing Policies for Outgoing Traffic on page 50 e Configure Routing Policies for Incoming Traffic on page 53 Internet Router we 10 12 10 0 10 26 55 0 NSA TZ series appliance NSA TZ series is Bae 192 168 10 0 192 168 20 0 Switch Switch WXA series WXA series appliance appliance of PC Central Site Branch Site Configuring TCP Acceleration 49 Configure Routing Policies for Outgoing Traffic Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 On the central site configure a routing policy for outgoing traffic to the branch site On the branch site configure a routing policy for outgoing traffic to the central site The steps in this section are an example of configuring a routing policy on the branch site for traffic going to the central site outgoing Navigate to the Network gt Address Objects page Items 1 to 27 of 27 sai Address Objects Go to Address Groups Add Refresh All Purge All Delete All F Name Address Detail Type Zone Config
145. tics Tools Diagnostic Tool ONS Name Lookup DNS Name Lookup Primary DNS 192 168 20 251 Secondary DNS Lookup Name or IP Results Address techpubs sonicwall com DNS Server 192 168 20 251 Resolved Resolved Approx Time 7881 ms Name Description Diagnostic Tool gt DNS Name Lookup Selects the tool type from the Diagnostic Tool drop down menu Primary DNS read only Displays the primary DNS IP address Secondary DNS read only Displays the secondary DNS IP address Lookup Name or IP Text Field Enter the DNS name or IP address you wish to look up Go Button Initiates the search for the DNS name or IP address entered in the Lookup Name or IP text field This button is greyed out until a DNS name or IP address is entered into to Lookup Name or IP text field Results Display the following results for the IP Name Lookup e Address e DNS Server e Resolved e Approximate Time Viewing the Web Cache Page 129 130 WAN Acceleration Web Cache Status Statistics Tools Diagnostic Tool Web Request wt Web Request Request URL http 0 Results Request URL google com HTTP Response 200 OK Time 0 25 File Size 15 78 KB Download Rate 105 KB s Name Description Diagnostic Tool gt Web Request Selects the tool type from the Diagnostic Tool drop down menu Request URL http Text Field Enter the URL you wish to test Go button Initi
146. to configure TCP Acceleration Windows File Sharing Acceleration WAN Acceleration refers to a wide range of technologies that are aimed at accelerating applications improving throughput and reducing latency Windows File Sharing WFS Acceleration is a subset of WAN Acceleration The use of WFS Acceleration within your network reduces the impact of high latency and low bandwidth links by approximating streaming behavior through the use of read ahead and write behind functionality and differential file transfer to avoid re transferring parts of files that have not changed WFS Acceleration allows branch users to access and share commonly used files at near LAN speeds over the WAN Distributed enterprises that deploy WFS Acceleration solutions are often able to consolidate storage to corporate central sites eliminating the need to back up and manage data that previously resided in their branch sites 14 Dell SonicWALL WXA 1 3 User s Guide Web Cache The WXA series appliance offers WFS Acceleration for Unsigned SMB and Signed SMB traffic In a network that Supports unsigned SMB traffic the WFS Acceleration service configuration is greatly simplified The reason for this is Unsigned SMB traffic does not have a security layer so the WXA series appliance can intercept the traffic without joining the domain eliminating the need to configure custom zones configuring reverse lookup and add file shares In a network that supports SMB signing
147. tor specified It is used to verify the connection between the WXA series appliance and the server and that a list of shares can suc cessfully be obtain from that server Viewing the WFS Acceleration Page 79 80 Figure 13 Diagnestic Too Test WFS Configuration w Test WFS Configuration Test WFS Configuration Option E Use Machine Account Credentials Run WFS Configuration Tests Results Server th2dic3 de vis WXA TB20 HQ th20dc3 sonicwvall com TB20DC3 FS via WXA TE20 HG th2ide3 sonicwall com wexa th20 hq th20de3 sonicwall com wee th2Q s th20ded sonicwall com Rewerse DHS Used in Short Long Trusted for Accept Accepted Propagated Resolves To Share Config SPN SPN Delegation Delegation Connection Connection 192 168 30 1 Remote Sever E 132 188 20 1 Ga 192 168 20 1 Da VE 9 Specific Hosts 192 168 30 1 f Specinc Host o 182 168 30 1 Local WKA o a pacific Hosts Q 192 168 30 1 comecth resolves to we th20 s th20dc3 sonicwall com The Test WFS Configuration Panel provides the following configuration options Name Description Use Machine Account Credentials Checkbox Checks the shares available on the share entered in the Host text field using the WXA series appliance s machine account credentials Username Text Field The username for the user s account This is only visible required if the WXA series appliance does not have its own machine account with
148. tton Refreshes the Web Cache status information Dell SonicWALL WXA 1 3 User s Guide Name Description Web Cache Panel Enable or Disable directing web traffic passing through the NSA TZ series appliance to the WXA Web Cache via the Enable Web Cache checkbox When the Web Cache is enabled NAT polices are automatically cre ated If they cause any problems in your network you can include or exclude objects to fix it by using the following options e In the Client Inclusion Address Object drop down menu you can select the Address Object or Group that represents the local subnets whose web traffic should be diverted via the Web Cache You can also choose Any and the traffic from any source IP address is forwarded to the WXA e In the Server Exclusion Address Object drop down menu you can select the Address Object or Group that contains the destination address of web servers for which traffic should not be diverted via the Web Cache If you select None no web server is excluded and all appropriate traffic is sent via the WXA The Caching Strategy determines which objects are placed into the web cache and how long they stay there Three options are available for the Caching Strategy Minimal Moderate and Aggressive The fol lowing describes the different Caching Strategies e Minimal All objects are cached unless the HTTP header specifi cally says not to such as no cache or an expire time that occurs in
149. u are using Unsigned SMB the WFS Cache statistics do not apply WAN Accelera WES Acceleration Coevfquara tent Statebes Chart Summary t c Refresh B00 se il Total Data Reut a7 14 aas Fram Thursday October 11 3072 3 00 00 PM WAH Capecty Increase Fach 54 a Tai Monday Diode 22 2012 10 35 52 4h Cache Size 1g Cache Pree Space 3165 Egress E 55 ca 1 ca L5 Ge 20 Ga 25 Ga 3 Ga 5 Ga 40 Ga 45 Ga Ge Name Description Covering Period Drop down Click the Covering Period drop down list and select the period of time the data displays on the Statistics tab Chart Drop down Selects the graph style used to display the WFS Acceleration data Refresh Actions Refreshes the current page The refresh interval can be entered in the text field The max imum time interval that can be set is 999 seconds Click the Refresh symbol to manually update the page Click the Pause symbol to stop updates on the page Overview Table Displays read only data for the following Total Data Reduction percentage e WAN capacity increase factor e Cache Size e Cache Free Space Egress Charts Displays the egress out going sent and conveyed traffic in Bytes Ingress Charts Displays the ingress incoming sent and conveyed traffic in Bytes 66 Dell SonicWALL WXA 1 3 User s Guide WFS Acceleration Page Using Signed SMB Clicking the Support SMB Signing checkbox displays the Basic recommended and A
150. ult Default x Local WXA Name Cache Cache Configure iii Enabled Read Ahead Ao wxa tb20 wxa th20 rs F 51440 AR hq th20dc3 sonicwall com This section contains an example of configuring shares in a typical WXA deployment If your WXA deployment is different you can still use this example as a guide to add file shares the basic principals are the same In this example we are going to add shares that are hosted on File Server 1 and File Server 2 use this network diagram as a reference and perform the following steps Internet NSA TZ series NSA TZ series appliance appliance Domain File File WXA 2000 RS Controller Server 1 Server 2 Central Site Branch Site Configuring WFS Acceleration 111 Configure the WXA 4000 appliance on the Central Site Add File Server 1 Step 1 Navigate to the WAN Acceleration gt WFS Acceleration gt Shares tab Step 2 Click the Add Server button The Add Server pop up window displays Add Server x Remote Server Name Look Up me WXA appliance is not specifically trusted to present delegated credentials to the remote server seryer wanoptDogfood local This may be corrected by using the Update Domain Records function Local WXA Name Default Cache Enabled Default Cache Read Ahead E 1440 bytes Add All Shares Update Domain Records Apply Cancel E Step3 Enter the Remote Server Name Select File Server 1 from the drop down l
151. ure Comments 1 XO IP 192 168 168 168 255 255 255 255 Host LAN X0 Subnet 192 168 168 0 255 255 255 0 Network LAN X1 IP 10 203 28 40 255 255 255 255 Host WAN 4 X1 Subnet 10 203 28 0 255 255 255 0 Network WAN Click the Add button The Add Address Object Group pop up window displays SONICWALL Network Security Appliance Name Central Site fone Assignment WAN bi Type Network Network 192 168 10 0 Netmask 255 255 255 0 Add Close Enter a name Central Site for the address object in the Name text field Click the Zone Assignment drop down select WAN Click the Type drop down select Network Enter the LAN IP address of the Central Site 192 168 10 0 in the Network text field Enter the netmask IP address 255 255 255 0 in the Netmask text field Click the Add button 50 Dell SonicWALL WXA 1 3 User s Guide Route Policies View Style Step 9 Navigate to the Network gt Routing page Al Policies Custom Policies Source Destination Any 255 255 255 255 32 Any xi Default Gateway Any Data Center Any XO Subnet Any x1 Subnet Any x5 Subnet X1IP Any Any 0 0 0 0 0 Add Default Policies Service Any Any Any Any Any Any Any Any Step 10 Click the Add button Gateway 0 0 0 0 0 0 0 0 xi Default Gateway 0 0 0 0 0 0 0 0 0 0 0 0 xi Default Gateway 10 203 28 1 Interface xO xi xi xO xl MS xi xi Metric 20 20
152. ut this Guide Welcome to the WXA 1 3 User s Guide This manual provides the information you need to successfully activate configure and administer a WXA series appliance Note Always check htip www sonicwall com us support htm for the latest version of this manual as well as other Dell SonicWALL products and services documentation Organization of this Guide The WXA 1 3 User s Guide organization is structured into the following parts that parallel the WAN Acceleration Web Management Interface Within these parts individual chapters correspond to the Dell SonicWALL WXA series appliance management interface layout Part 1 Introduction Provides an overview of new Dell SonicWALL WXA series appliance features guide conventions support information and an overview of the WXA series appliance management interface Part 2 Status An overview of the Status page providing a dashboard view of the System Information TCP Acceleration WFS Acceleration and Web Cache of your Dell SonicWALL WXA series appliance Part 3 TCP Acceleration Details the TCP Acceleration page providing options to configure and monitor the TCP Acceleration service This section details the functions of the Configuration Statistics Statistics breakdown and Connections tabs Preface 9 Part 4 WFS Acceleration Covers the management interface functions and configuration procedures for the WFS Acceleration page The WFS Acceleration service can be c
153. uthenticated connection Reverse DNS Displays the Reverse DNS address path If the WFS Acceleration service is not functioning properly refer to WAN Acceleration gt WFS Acceleration on page 97 and check the configuration settings Dell SonicWALL WXA 1 3 User s Guide Web Cache 122 Dell SonicWALL WXA 1 3 User s Guide Chapter 9 Viewing the Web Cache Page WAN Acceleration gt Web Cache This chapter is an overview of the WAN Acceleration gt Web Cache management interface page The Web Cache page offers the Status Statistics and Tools tabs for configuring and testing the Web Cache service WAN Acceleration Web Cache Status Statistics Tools Apply Changes Restart Web Cache Flush Cache Admin Email Sy Web Cache Enable Web Cache Client Inclusion Address Object Any 7 Server Exclusion Address Object None 7 Caching Strategy Moderate 7 Note enabling the WXA Web Cache affects settings on the Network Web Proxy page Cache Status Operational Status Web Cache service is running normally Web Requests F Response Time 4 01 seconds i Cache Size 0 00 KE Cache Free Space 59 57 GB Number of Cached Objects D7 Name Description Status Tab Displays the Web Cache status and provides configuration options to enable restart flush and select the caching strategy for the web cache See Status Tab on page 124 for details Statistics Tab Displays data and graphs detailing the Web Cache data
154. ver s configured to the WXA series appliance Via Next Hop WXA Displays the auto generated name of the WXA series appliance on the local site that is configured the local file server Local WXA Name Displays the name of the local WXA series appliance Domain Records Remove button Displays a green circle if the domain records are configured cor rectly and a red circle if they are not Click the Update Domain Records button to add any missing records and remove stale records Removes the server from the configured list Note It is recommended to use the Update Domain Records button after removing a server this deletes any unwanted domain records Figure 8 Add Local File Server Pop up Window Add Local File Server x Select a local file server from those discovered on the network After adding the server you will be prompted for an Administrator s credential so that the necessary records can be crested on the domain File operstions to all of its shared folders and documents from remote sites will be accelersted If you wih to limit WES Acceleration to specific shares this can be configured on the WFS Shares page in Advanced Configuration Mode File Server File Server 1 Apply Cancel Name Description File Server text field Selects the local file server from the drop down list Apply button Adds the file server to the WXA series appliance for sharing After clicking the Apply button
155. work gt DNS page or Network gt DHCP Server gt Edit gt DNS WINS tab Allows you to search for available DNS names or IP addresses Click Go to initiate the search A response will be received from the DNS server It is used to verify whether the WXA series appliance can reach the DNS server Note Lookup of IP addresses only works if the DNS server has reverse lookup zones configured Note The DNS servers in the DNS Name Lookup should all be domain DNS servers Non domain DNS servers can cause issues Dell SonicWALL WXA 1 3 User s Guide Figure 12 Available Shares Panel Available Shares Hist Cl Use Machine Aoosunt Credentiak User Pasting The Available Shares Panel provides the following configuration options Note If the WXA series appliance has already joined the domain you can use the WXA series appliance credentials the username password do not need to be entered Name Description Host Text Field The name of the server that the shares reside Use Machine Account Credentials Checkbox Checks the shares available on the share entered in the Host text field using the WXA series appliance s machine account credentials Username Text Field The username for the user s account Password Text Field The password for the user s account Go Button Initiates the search This displays a list of shares available on the server that the system administra
156. y Services Online SMP Synchronize licenses with waw mysonicwall com Synchronize Certificates To 4ctivate Upgrade or Renew services click here Time To manage your licenses go to www mysonicwall com Schedules Step 3 Scroll down to the Manage Security Services Online section then click the link to Activate Upgrade or Renew services 160 Dell SonicWALL WXA 1 3 User s Guide Step 4 Step 5 The License Management page displays bout SonicWALL Network Security Appliance b Dashboard r System Status SNMF Certificates Time Schedules Settings Facket Monitor Diagnostics Festart p Network P o 36 46 Modem gt jb SonicPoint P g Firewall Wo Enter your MySonicWALL credentials then click the Submit button Administration Licenses License Management mySonicWALlL com Login myvSonicw4LL com is a one stop resource For registering all your DELL SonicWALL Internet Security Appliances and managing all your DELL SonicWALL security service upgrades and changes mySaonicwALL provides you with an easy bo use interface to manage services and upgrades For multiple DELL SonicWALL appliances For more information on my SonicWALL please visit the FAQ IF you do not have a my Sonicwall account please click here to create one Please enter your existing my SonicWALL com username Cor email address and password below Username Email Password The Manage Onli
157. ying Changes Clicking the Apply Changes button saves any configuration changes you made on the page Anply Changes If the settings are contained in a secondary window within the management interface when you click Apply the settings are automatically applied to the WXA series appliance Time Synchronization x Choose between using the Domain Controller recommended for WFS and a specified NTP Server as the source for time synchronization on the WXA Apply Cancel pA Tooltips Tooltips are small pop up windows that are displayed when you hover your mouse over a Ul element They provide brief information describing the element Tooltips are displayed for many forms buttons table headings and entries Configuration Statistics Statistics Breakdown Connections Apply Changes V Enable TCP Acceleration TCP Acceleration Mode Bree ey Aroren by ae e excluded by default j x TCP Acceleration Service Obj PP ance Address Object always excluded x from TCP Acceleration None I Note Not all Ul elements have Tooltips If a Tooltip does not display after hovering your mouse over an element for a couple of seconds you can safely conclude that it does not have an associated Tooltip 20 Dell SonicWALL WXA 1 3 User s Guide Getting Help Each Dell SonicWALL WXA series appliance includes Web based online help available from the management interface Clicking the question mark button on the top right corner o
158. ying the TCP Acceleration Configuration After you complete the TCP Acceleration configuration procedures verify TCP Acceleration is working by checking the TCP Acceleration gt Statistics Tab Step 1 Navigate to the TCP Acceleration gt Statistics Tab AN Aocaierstion TCP Acceleration Conquer Stet Stadt Breakdown Cirerer ae oe hil Egress Ingress Achsal Period Total Data Reduction 40 5i so From Thurzdsy January 05 2012 1 00 00 PM WAN Capacity Increase Factor ii 15 To 9 Tuesdisy January 17 2012 3 24 42 PH New Connections 2555 747 Chised Connections 4590 714 Peak Conumeschicnes F a Step2 View the statistics data and graphs to verify TCP Acceleration This indicates if the WXA series appliance is using TCP Acceleration for data transfer If the Statistics tab data and graphs do not display any information TCP traffic is not being accelerated The TCP Acceleration feature is not configured correctly or is disabled Refer to the Configuring the TCP Acceleration gt Configuration Tab on page 56 and check the TCP Acceleration configuration Configuring TCP Acceleration 59 60 Dell SonicWALL WXA 1 3 User s Guide WES Acceleration 62 Dell SonicWALL WXA 1 3 User s Guide Chapter 7 Viewing the WFS Acceleration Page WAN Acceleration gt WFS Acceleration This chapter describes the management interface features and options that are available on the WAN Acceleration gt WFS Acceleration
Download Pdf Manuals
Related Search