SonicWALL SRA 1200/4200 Camera Accessories User Manual
Contents
1. To connect the SonicWALL SRA 1200 4200 using Scenario C perform the following steps 1 Connect one end of an Ethernet cable to an unused port on your LAN hub or switch 2 Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWALL SRA 1200 4200 The X0 Port LED lights up green indicating an active connection Continue to Chapter SonicWALL SRA 1200 4200 Getting Started Guide Page 19 Page 20 Connecting Your SRA 1200 4200 In th s Section This section provides instructions for registering your SonicWALL SRA 1200 4200 appliance e Creating a MySonicWALL Account page 22 e Registering Your SonicWALL SRA page 22 e Services and Licensing page 23 Note Registration is an important part of the setup process and is necessary to receive the benefits of SonicWALL services user licensing firmware updates and technical support Registering Your Appliance amp SonicWALL SRA 1200 4200 Getting Started Guide Page 21 Creating a MySonicWALL Account A MySonicWALL account is required for product registration If you already have an account continue to the following section Perform the following steps to create a MySonicWALL account 1 In your browser navigate to www mysonicwall com 2 Inthe login screen click the Not a registered user link Login to MySonicWALL Cais Forgot SONIGA Password E Not a registered user Reg2. Page 36 Scenario C SRA on the LAN Configuring SRA gt LAN Connectivity In order for users to access local resources through the SonicWALL SRA you must configure your gateway device to allow an outside connection through the SRA into your LAN 1 Navigate to the Network gt Address Objects page 2 Inthe Address Objects section click 3 Inthe Add Object dialog box create an address object for the XO interface IP address of your SonicWALL SRA then click OK Name for the SonicWALL SRA wooo e IP Address SonicWALL SRA s XO IP address 192 168 200 1 by default 4 Click OK to create the object 5 Click again to create an address object for the NetExtender range 6 In the Add Object dialog box create an address object for the XO interface IP address of your SonicWALL SRA then click OK Starting IP Address Start of the NetExtender IP address range 192 168 200 100 by default Ending IP Address End of the NetExtender IP address range 192 168 200 200 by default On the Network gt Address Objects page in the Address Groups section click addGrou In the Add Address Object Group dialog box create a group for the X0 interface IP address of your SRA and the NetExtender IP range then click OK SONICWALL gt Network Security Appliance Name Sonic WALL_SRA_Group All Authorized Access Points SRA_appliance All Interface IP SRA IP Pool All SonicPoints All U0 Management I
3. Source The address group you just created such as SonicWALL _SRA_Group Destination Any Allow Fragmented Packets 14 Click OK to create the rule Continue to Testing Your Remote Connection on page 39 Page 32 Scenario B SRA on an Existing DMZ Scenario B SRA on an Existing DMZ This section provides procedures to configure your gateway appliance based on Scenario B This section contains the following subsections Prerequisites e Connecting to a SonicWALL Security Appliance page 32 e Allowing WAN gt DMZ Connection page 33 e Allowing DMZ gt LAN Connection page 34 Connecting to a SonicWALL Security Appliance 1 Using a computer connected to your LAN launch your Web browser and enter the IP address of your existing SonicWALL security appliance in the Location or Address field 2 When the management interface displays enter your User Name and Password in the appropriate fields and click Login Note Remember that you are logging into your SonicWALL firewall not the SonicWALL SRA Allowing WAN gt DMZ Connection 6 On the Server Private Network Configuration page enter the following and click Next If you are already forwarding HTTP or HTTPS to an internal server and you only have a single public IP address you will ServerName Name for the SonicWALL SRA need to select different unique ports of operation for either the existing servers or for the SonicWALL SRA appliance because Server P
4. 3 Enter SRA in the Name field Select Public from the Security Type drop down menu 5 Un select the Allow Interface Trust checkbox P Page 28 Scenario A SRA on a New DMZ 6 Select the Gateway AV Intrusion Prevention Service and Anti Spyware checkboxes Click OK 7 On the Edit Interface window enter the IP address for this interface in the IP Address field For example 192 168 200 2 This should be the same address you created in Configuring the XO IP Address for Scenario B and Scenario C on page 14 8 Enter your Subnet Mask 9 On the Management area enable the desired management options 10 Click OK to apply changes Allowing a WAN gt SRA Connection To create a public server access rule for HTTP and HTTPS traffic 1 Click the Wizards icon in the top right corner of the management interface 2 On the Welcome page select the Public Server Wizard and then click Next 3 On the Public Server Type page select Services Create new group The Add Service Group dialog box appears 4 Inthe Add Service Group dialog box create a service group for HTTP and HTTPS Enter a name for the service Select both HTTP and HTTPS and click e Click OK when both the HTTP and HTTPS are in the right column SonicWALL SRA 1200 4200 Getting Started Guide Page 29 2 6 On the Server Private Network Configuration page enter the following and click Next Server Name Name fo
5. change SonicWALL offers flexible options when it comes to adding additional licenses The ability to purchase a convenient number of additional licenses allows you to plan sensibly for the future or provide immediate scalability when you need it most Appliance SRA 1200 SRA 4200 Additional Per User License Packages Maximum Concurrent User Sessions Allowed Page 24 Services and Licensing Activating Services and Software If you purchase a service subscription or upgrade from a sales representative you will receive an activation key This key is emailed to you after online purchases or is on the front of the certificate that was included with your purchase To activate existing licenses perform the following tasks 1 Navigate to the My Products page and select the registered product you want to manage 2 Locate the product on the Service Management page and click Enter Key in that row a Applicable Services i 5 a Service Name Download Status Count xpirablon Action T GATLWAT ELEVICLS DESKTOP amp Stayt SOFTWARE Webs Apple lien Hirr SUPPORT SERVICES Dyramie Sun B5 Sled beer and Ree ligelal a read In the Activate Service page type or paste your key into the Activation Key field and then click Submit Once the service is activated you will see an expiration date or a license key string in the Status column on the Service Management page Activate Service Virtual Assist Acti
6. minimal impact on overcurrent protection and supply wiring Appropriate consideration of equipment nameplate ratings must be used when addressing this concern Reliable grounding of rack mounted equipment must be maintained Particular attention must be given to power supply connections other than direct connections to the branch circuits such as power strips Lithium Battery Warning The Lithium Battery used in the SonicWALL Internet security appliance may not be replaced by the user The SonicWALL must be returned to a SonicWALL authorized service center for replacement with the same or equivalent type recommended by the manufacturer If for any reason the battery or SonicWALL Internet security appliance must be disposed of do so following the battery manufacturer s instructions Cable Connections All Ethernet and RS232 Console cables are designed for intra building connection to other equipment Do not connect these ports directly to communication wiring or other wiring that exits the building where the SonicWALL is located Page 54 SonicWALL SRA 1200 4200 Appliance Regulatory Statement and Safety Instructions Weitere H nweise zur Montage Das SonicWALL Modell ist f r eine Montage in einem standardm igen 19 Zoll Rack konzipiert F r eine ordnungsgem e Montage sollten die folgenden Hinweise beachtet werden Vergewissern Sie sich dass das Rack f r dieses Ger t geeignet ist und verwenden Sie das vom Rack Herstel
7. 3 3 1995 A1 2001 A2 2005 EN 60950 1 2006 National Deviations AR AT AU BE BR CA CH CN CZ DE DK Fl FR GB GR HU IL IN IT JP KE KR MY NL NO PL SE SG SI SK US Page 56 SonicWALL SRA 1200 4200 Appliance Regulatory Statement and Safety Instructions BMSI Statement Class A KARA SEP RH RAE ABE BE P RA AF o THeSERH ATE ABER RAE HE RAR BALM EMH R TORE VIAAMMRAEERTT ORBERERRCRATS CRRMBESSROTCEPHVET COMSCLERAPRIEHR emo OLDRKENSCEPHWVET VCCI A Regulatory Information for Korea Ministry of Information and Telecommunication Certification Numbers SWL 1RK23 07C and SWL 1RK23 088 All products with country code blank and A are made in the USA All products with country code B are made in China All products with country code C or D are made in Taiwan R O C All certificates held by Secuwide Corp SonicWALL SRA 1200 4200 Getting Started Guide Page 57 Copyright Notice 2010 SonicWALL Inc All rights reserved Under the copyright laws this manual or the software described within can not be copied in whole or part without the written consent of the manufacturer except in the normal use of the software to make a backup copy The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original This exception does not allow copies to be made for others whether or not sold but all of the material pu
8. Address group you just created Aime SRAIP Pool such as SonicWALL_SRA_Group All SonicPoints All UO Management IP i All U1 Management IP gt Destination Any All WAN IP A All XO Management IP AIIX1 Management IP Users Allowed AIX2 Management IP All 3 Management IP Ready Navigate to the Firewall gt Access Rules page ERNEST On the Firewall gt Access Rules page in the matrix view click the DMZ gt LAN icon 12 Click OK to create the rule On the resulting Firewall gt Access Rules page click Add Continue to Testing Your Remote Connection on page 39 lt SonicWALL SRA 1200 4200 Getting Started Guide Page 35 Scenario C SRA on the LAN This section provides procedures to configure your gateway appliance based on Scenario C This section contains the following subsections e Connecting to a SonicWALL Security Appliance page 36 e Configuring SRA gt LAN Connectivity page 36 e Setting Public Server Access page 38 Connecting to a SonicWALL Security Appliance 1 Using a computer connected to your LAN launch your Web browser and enter the IP address of your existing SonicWALL security appliance in the Location or Address field 2 When the management interface displays enter your User Name and Password in the appropriate fields and click Login Note Remember that you are logging into your SonicWALL security appliance not the SonicWALL SRA
9. B SRA on an Existing DMZ or Scenario C SRA on the LAN you need to reset the IP address of the XO interface on the SRA to an address within the range of the existing DMZ or the existing LAN To configure the XO IP address for either of these scenarios 1 Navigate to the Network gt Interfaces page 2 Click the Configure icon for the XO interface from the Interfaces table Network gt Interfaces Interfaces Name IP Address Subnet Mask IPv6 Address Status Configure xo 192 168 200 1 255 255 255 0 fe80 217 c5ff fe66 1514 64 1000 Mbps Full Duplex Auto V4 xi 192 168 201 1 255 255 255 0 fe80 217 c5ff fe66 1515 64 No link 2 3 In the Interface Settings dialog box set the IP address and subnet mask to Configuring a Default Route Refer to the following table to correctly configure your default route If you do not know your scenario refer to Selecting a If you are using scenario B SRA on an Existing DMZ IP Address An unused address within your DMZ subnet for example 10 1 1 240 Subnet Mask Must match your DMZ subnet mask C SRA on the LAN IP Address An unused address within your LAN subnet for example 192 168 168 200 Subnet Mask Must match your LAN subnet mask Click OK Note that you will lose connection to the SRA Reset the management computer to have a static IP address in the range you just set for the XO interface for example 10 1 1 20 or 192 168 200 20 Log into the SRA
10. SonicWALL Virtual Office screen appears in assistance your Web browser SONICWALL Virtual Office Tips Help a Welcome to the Sone WALL Virtual Office NER Fuad TER Arena Bay ar Secure remat What is MetEstender hetE sender creat a What ia Fee Shares File Shares gipar wou t What it Varma Agrit A eek bin Denia Weh lima SonicWALL SRA 1200 4200 Getting Started Guide Page 39 Page 40 Testing Your Remote Connection In th s Section This section provides procedures for upgrading an existing SRA SSL VPN image on a SonicWALL SRA 4200 1200 to a newer version e Obtaining the Latest SRA SSL VPN Image page 42 e Exporting a Copy of Your Configuration Settings page 42 e Uploading a New SRA SSL VPN Image page 43 e Resetting the Appliance Using SafeMode page 44 Upgrading Your Appliance SonicWALL SRA 1200 4200 Getting Started Guide Page 41 Obtaining the Latest SRA SSL VPN Image To obtain anew SRA SSL VPN image file for your SonicWALL security appliance connect to your mysonicwall com account at lt http www mysonicwall com gt Note f you have already registered your SonicWALL SSL VPN appliance and you selected Notify me when new firmware is available on the System gt Settings page you are automatically notified of any updates available for your model Copy the new SRA SSL VPN image file to a directory on your management station For the appliances this is a file ending in sig a s
11. and security devices This title is available in hardcopy at fine book retailers everywhere or by ordering directly from Elsevier Publishing at lt http www elsevier com gt aping Slane D ja YH 4omMjonN SSO Oana s21nDoZ SonicWALL m Secure Wireless Network Integrated Solutions Guide TIT MASIUuoS SonicWALL SRA 1200 4200 Getting Started Guide Page 51 Page 52 SonicWALL Secure Wireless Network Integrated Solutions Guide Safety and Regulatory Information In th s Section This section provides safety and regulatory information for the SonicWALL SRA 1200 4200 appliances e SonicWALL SRA 1200 4200 Appliance Regulatory Statement and Safety Instructions page 54 e Copyright Notice page 58 e Trademarks page 58 SonicWALL SRA 1200 4200 Getting Started Guide Page 53 SonicWALL SRA 1200 4200 Appliance Regulatory Statement and Safety Instructions Regulatory Model Type Product Name 1RK23 088 SonicWALL SRA 1200 1RK23 07C SonicWALL SRA 4200 This regulatory information can also be found in the electronic file SonicWALL_SRA_Regulatory_Statement pdf located on the SonicWALL Web site lt http www sonicwall com gt The above SonicWALL appliances are designed to be mounted in a standard 19 inch rack mount cabinet The following conditions are required for proper installation Use the mounting hardware recommended by the rack manufacturer and ensure that the rack is adequate for the a
12. management interface again using the IP address you just configured for the XO interface For example point your browser to http 192 168 168 200 Set the XO interface to Deployment Scenario on page 7 If you are using scenario B SRA on an Existing DMZ C SRA on the LAN Your upstream gateway device will be The existing DMZ interface The LAN gateway A SRA on a New DMZ The DMZ interface you will create To configure a default route Navigate to the Network gt Routes page Enter the IP address of your upstream gateway device in the Default Gateway field Select XO in the Interfaces drop down list Network gt Routes Accept Default Route Default IPv4 Gateway 192 168 200 2 Interface x0 v Default IPv6 Gateway Interface x0 v Click Accept SonicWALL SRA 1200 4200 Getting Started Guide Page 15 Adding a NetExtender Client Route NetExtender allows remote clients to have seamless access to resources on your local network You can also enable Tunnel All Mode so that when NetExtender clients connect all the traffic will be tunneled through the NetExtender connection To configure a NetExtender client route 1 Navigate to the NetExtender gt Client Routes page NetExtender gt Client Routes Accept Tunnel All Mode Disabled Destination IPv4 Network Subnet Mask Delete 192 168 200 0 255 255 255 0 x Destination IPy amp Network Prefix Delete No Entries Add
13. through the gateway where it is encrypted and sent to the client Scenario Overviews Scenario A SRA on a New DMZ SonicWALL UTM Appliance F A A A A Router Switch Remote Users ff ff ff SONICWALL a SRA Appliance WAN DMZ LAN SonicWALL SRA 1200 4200 Getting Started Guide Page 7 Scenario B SRA on an Existing DMZ SonicWALL UTM Appliance ae ERBE X1 OPT X2 etc ne ne A A A A Router Switch Remote Users CWALL gt SONICWALL a i SRA Appliance Scenario C SRA on the LAN Existing Gateway Device or Switch Hub A A Internet Router Remote Users X0 A A Switch DMZ LAN Port e e e i ff ff m a SRA Appliance WAN Page 8 Selecting a Deployment Scenario Network Nodes LAN LAN SonicWALL SRA 1200 4200 Deployment Scenarios Gateway Device Deployment Scenario Conditions or Requirements SonicOS Enhanced SRA on a New DMZ OPT or unused interface 3 1 or higher New DMZ configured for i 7 a NAT or Transparent Mode NSA E Class SRA on Existing No unused interfaces Sa DMZ One dedicated interface in U ln NSA Series use as an existing DMZ SonicOS SRA on the LAN No unused interfaces 5 0 No dedicated interface for a DMZ SonicOS Standard SRA on a New DMZ O
14. A A A Router Switch Remote Users Network Nodes e _ ff N ff am 7 SRA Appliance WAN DMZ LAN To connect the SonicWALL SRA 1200 4200 using Scenario A perform the following steps 1 Connect one end of an Ethernet cable to the OPT X2 or other unused port on your existing SonicWALL security appliance 2 Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWALL SRA 1200 4200 The XO Port LED lights up green indicating an active connection Continue to Chapter Scenario B Connecting Your Network Interfaces Scenario B SRA on an Existing DMZ SonicWALL UTM Appliance D aa EIER 2 X1 x0 OPT X2 etc ne ne A A A A Switch Switch Network Nodes gt ME LLIA SRA Appliance DMZ LAN To connect the SonicWALL SRA 1200 4200 using Scenario B perform the following steps 1 Connect one end of an Ethernet cable to an unused port on your DMZ either directly to the OPT or X2 on your existing SonicWALL security appliance or to a hub or switch on your DMZ 2 Connect the other end of the Ethernet cable to the X0 port on your SonicWALL SRA 1200 4200 The X0 Port LED lights up green indicating an active connection Continue to Chapter Scenario C Connecting Your Network Interfaces Scenario C SRA on the LAN Existing Gateway Device or Switch Hub LAN Port A A Internet Router Remote Users
15. Client Route Note The NetExtender Client Routes are passed to all NetExtender clients and determine which private networks the remote user can access via the SSL YPN connection 2 To force all SRA client traffic to pass through the NetExtender tunnel select Enabled from the Tunnel All Mode drop down list 3 Click Add Client Route Page 16 Configuring Your SRA 1200 4200 Enter the IP address of the trusted network to which you would like to provide access with NetExtender in the Destination Network field For example if you are connecting to an existing DMZ with the network 192 168 50 0 24 and you want to provide access to your LAN network 192 168 168 0 24 you would enter 192 168 168 0 Enter your subnet mask in the Subnet Mask field NetExtender gt Client Routes gt Add Client Route Destination Network Subnet Mask Prefix Click Add to finish adding this client route Setting Your NetExtender Address Range The NetExtender IP range defines the IP address pool from which addresses will be assigned to remote users during NetExtender sessions The range needs to be large enough to accommodate the maximum number of concurrent NetExtender users you wish to support The range should fall within the same subnet as the interface to which the SonicWALL SRA appliance is connected and in cases where there are other hosts on the same segment as the SonicWALL SRA appliance it must not overlap or collide with any assig
16. ETWORK Rev A 7 2011 2010 SonicWALL Inc is a registered trademark of SonicWALL Inc Other product names mentioned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice
17. Ferma SonicWALL SRA 1200 4200 Getting Started Guide Page 49 SonicWALL Live Product Demos Get the most out of your appliance with the complete line of SonicWALL products The SonicWALL Live Demo Site provides free test drives of SonicWALL security products and services through interactive live product installations SSL VPN Secure Remote Access Unified Threat Management Platform Secure Cellular Wireless Continuous Data Protection Content Filtering Secure Wireless Solutions Email Security GMS and ViewPoint For further information visit lt http livedemo sonicwall com gt Page 50 SonicWALL Live Product Demos SONICWALL gt Lie Dero Click an Appliance to Launch Demo SONICWALL SSL VPN Virtual Assist UTM Firewall VPN CSM a mm BEE Provide Live Desktop Support to Clients from Virtually Anywhere Virtual Assist allows a technician to provide on demand technical assistance for laptop or desktop issues to a customer using a Web browser s SSL connection Installed at This Site SonicWALL SSL VPN 4000 with 4 0 0 3 firmware Virtual Assist License nme DE SonicWALL Secure Wireless Network Integrated Solutions Guide Looking to go wireless Have questions about what it takes to build a truly secure wireless network Check out the SonicWALL Secure Wireless Network Integrated Solutions Guide This book is the official guide to SonicWALL s market leading wireless networking
18. Management page 23 e Flexible Per User Licensing page 24 e Activating Services and Software page 24 e Trying or Purchasing Services page 25 Service Management The Service Management page in MySonicWALL lists services support options and software such as Web Application Firewall and ViewPoint that you can purchase or try with a free trial For details on a product or service click the Info arrow icon next to the desired item If you purchased an appliance that is pre licensed you may be required to enter your activation key here unless current licenses are already indicated in the Status column with either a license key or an expiration date Serta bomber Ae Aen Lica La Cole Trashed Re yisle uis Lra lon mel D Cuir TE Service Management Delete Transfer Rename MI Node i PSPSRGPE Suppi IOP RuTs Ta5 Plallormi SSL Py z Da SonicWALL SRA 1200 4200 Getting Started Guide Page 23 The following products and services are available for the SonicWALL SRA 1200 4200 appliance e Gateway Service Bundles e Per user license upgrades in flexible block increments e Desktop and Server Software e Virtual Assist e Web Application Firewall e ViewPoint e Support Services e Dynamic Support 8x5 e Dynamic Support 24x7 e Software and Firmware Updates Flexible Per User Licensing Your SonicWALL SRA comes standard with a set number of user licenses However as the needs of your organization
19. P All U1 Management IP 2 AIWAN IP All XO Management IP All 1 Management IP AIX2 Management IP AIX3 Management IP v Ready OK Cancel 9 Navigate to the Firewall gt Access Rules page set the page to matrix view and click the SRA gt LAN icon Firewall Access Rules Restore Defaults Access Rules view Style O All Rules Matrix Drop down Boxes LAN WAN LAN F F WAN F VPN F FROM WLAN SSLVPN F SRA F N 10 On the resulting Firewall gt Access Rules page click Add SonicWALL SRA 1200 4200 Getting Started Guide Page 37 11 In the Add Rule window create a rule to allow access to the LAN for the address group you just created Action From Zone To Zone Service Source Destination Users Allowed Schedule Enable Logging Allow Fragmented Packets LAN Any Address group just created such as SonicWALL_SRA_Group Any Selected Selected 12 Click OK to finish creating the rule Page 38 Scenario C SRA on the LAN Setting Public Server Access Click the Wizards icon in the top right corner of the SonicOS management interface Select the Public Server Wizard option and click Next Select Web Server from the Server Type drop down menu Select HTTP and HTTPS checkboxes and click Next Enter SRA in the Server Name field Enter 192 168 168 200 or the address you have configured to th
20. SonicWALL as Remote Access s Appliances Getting Started Guide SONICWALL gt DYNAMIC SECURITY FOR THE GLOBAL NETWORK SonicWALL SRA 1200 4200 Getting Started Guide This Getting Started Guide contains installation procedures and configuration guidelines for deploying a SonicWALL SRA 1200 4200 appliance into an existing or new network This document addresses the most common use case scenarios and network topologies in which the SonicWALL SRA 1200 4200 appliance can be deployed Document Contents This document contains the following sections Setting Up Your Network page 3 Connecting Your Appliance page 11 Registering Your Appliance page 21 Network Configuration page 27 Upgrading Your Appliance page 41 Safety and Regulatory Information page 53 SONICWALL gt SonicWALL SRA 1200 4200 Getting Started Guide Page 1 Page 2 Document Contents Setting Up Your Network In th s Section This section provides pre configuration information Review this section before setting up your SonicWALL SRA 1200 4200 appliance e SRA 1200 System Requirements page 4 e SRA 4200 System Requirements page 5 e Selecting a Deployment Scenario page 7 e Applying Power to the SonicWALL SRA page 9 SonicWALL SRA 1200 4200 Getting Started Guide Page 3 SRA 1200 System Requirements Before you begin the setup process verify that your package contains the following parts e One SonicWALL SRA 1200 appliance e One Son
21. ai ee yii u L igsi Hia Son i drema Lonfigerations Mimi iera Heut 1 25 of 4934 fein MNB pa er eed balp w h Cente Pr AAT ces H Thesali ces rele Perry Mas 2 UNE Are yom Werking tor SISP j WAR connota preise ahes Prieniir Fem 4 UBL dnb ting EP AAR ot inet ciaiiy oars Prete Heme A UCM I adal VAL fag 2 Prenat Hemm w Ube rmen fr SRL tbe Wh Clee eie isis Arty dia mea se ae US Tnuldepiertiog Wellen related nun Pneriy mas UHE Ate you being Im Wbeieit elated arLichen Friertr Mem User Forums The SonicWALL User Forums is a resource that provides users the ability to communicate and discuss a variety of security and appliance subject matters Categories include Firemans e SSL VPN topics a e VPN Client topics e Continuous Data Protection topics e Email Security topics e Network Anti Virus topics e SonicPoint and Wireless topics Vinea Assis Wet Agent releied copes For further information visit lt https forum sonicwall com gt Va 0 SSL 40 gt rele topics SSL VPN oe SSW Dh celeste Gop m E E mi E E E SELF 200 related kope SonicWALL SRA 1200 4200 Getting Started Guide Page 47 Training SonicWALL offers an extensive sales and technical training au curriculum for Network Administrators Security Experts and SonicWALL Medallion Partners who need to enhance their knowledge and maximize their investment in SonicWALL Products and Security Applications SonicWALL Training provides t
22. ddress Object dialog box create an address object for the XO interface IP address of the SonicWALL SRA Starting IP Address Start of the NetExtender IP address range 192 168 200 100 by default Ending IP Address End of the NetExtender IP address range 192 168 200 200 by default Click Add to create the object Once done click Close On the Network gt Address Objects page in the Address Groups section click sad Group In the Add Address Object Group dialog box create a group for the XO interface IP address of your SonicWALL SRA and the NetExtender IP range e Enter a name for the group e Inthe left column select the two groups you created and click the right arrow button e Click OK to create the group when both objects are in the right column In the administrative interface navigate to the Firewall gt Access Rules page 11 On the Firewall gt Access Rules page in the matrix view click the SRA gt LAN icon Firewall Access Rules Restore Defaults Access Rules View Style OallRules Matrix Drop down Boxes LAN WAN YPN FROM WLAN SSLYPN SRA o00000 5 o00000 5 a 12 On the resulting Firewall gt Access Rules page click Add SonicWALL SRA 1200 4200 Getting Started Guide Page 31 13 Inthe Add Rule window create a rule to allow access to the LAN for the address group you just created To Zone LAN Service Any
23. des procedures to configure your gateway appliance based on Scenario A This section contains the following subsections Connecting to a SonicWALL Security Appliance page 28 Adding a New SRA Custom Zone page 28 Allowing a WAN gt SRA Connection page 29 Allowing an SRA gt LAN Connection page 30 SonicWALL SRA 1200 4200 Getting Started Guide Page 27 Adding aNew SRA Custom Zone Connecting to a SonicWALL Security Appliance 1 Navigate to the Network gt Interfaces page click 1 Using a computer connected to your LAN launch your Configure for the X2 interface or any other available Web browser and enter the IP address of your existing interface SonicWALL security appliance in the Location or 2 Select Create New Zone in Zone field The Add Zone Address field window opens 2 When the management interface displays enter your user name and password in the appropriate fields and click Login General Guest Services General Settings SSS Sa Ss Name SRA Note Remember that you are logging into your SonicWALL security appliance not the SonicWALL SRA Security Type Public v Allow Interface Trust CI Enforce Content Filtering Service CFS Policy C Enable client AY Enforcement Service Enable Gateway Anti Virus Service Enable IPS Enable Anti Spyware Service CI Enforce Global Security Clients Fi Create Group YPN CI Enable SSL Control C Enable SSLVPN Access Ready OK Cancel
24. displayed The updated image information is displayed on the System gt Settings page SonicWALL SRA 1200 4200 Getting Started Guide Page 43 Resetting the Appliance Using SafeMode If you are unable to connect to the SonicWALL security appliance s management interface you can restart the SonicWALL security appliance in SafeMode The SafeMode feature allows you to quickly recover from uncertain configuration states with a simplified management interface that includes the same settings available on the System gt Settings page To reset the SonicWALL security appliance perform the following steps 1 Connect your management station to a LAN port on the SonicWALL security appliance and configure your management station IP address with an address on the 192 168 200 0 24 subnet such as 192 168 200 20 Note The SonicWALL security appliance can also respond to the last configured LAN IP address in SafeMode This is useful for remote management recovery or hands off recovery in a datacenter 2 Use a narrow straight object like a straightened paper clip or a pen tip to press and hold the reset button on the security appliance for five to ten seconds The reset button is on the front panel in a small hole to the right of the USB connectors Page 44 Resetting the Appliance Using SafeMode 9 Tip Ifthis procedure does not work while the power is on turn the unit off and on while holding the reset button un
25. e SRA s XO interface in the Private IP field Enter a comment such as WAN to SRA to describe your connection and click Next Verify the Public Server field contains the correct IP address and click Next Click Apply to finish setting public server access BEUTE 4 Click NetExtender to start the NetExtender client Testing Your Remote Connection installation 5 If prompted click Install to complete the client installation You have now configured your SonicWALL security appliance 6 Ping a host on your corporate LAN to verify your remote and SonicWALL SRA for secure SSL VPN remote access This connection section provides instructions to verify your connection using a remote client on the WAN You have now successfully set up your SonicWALL SRA Verifying a User Connection from the Internet Or 1 From a WAN connection outside of your corporate network Tip It is easier for remote users to access the SonicWALL launch a Web browser and enter the following SRA appliance using an a fully qualified domain name https lt WAN_ P_adaress_ot_gateway_device gt FQDN rather than an IP address It is recommended 2 When prompted enter the User Name and Password that you create a DNS record to allow for FQDN access created in Adding a Local User on page 13 of this guide to your SonicWALL SRA If you do not manage your 3 Select LocalDomain from the drop down menu and click own public DNS servers contact your ISP for Login The
26. he following information about your current network configuration Primary DNS Secondary DNS optional DNS Domain WINS server s optional Selecting a Deployment Scenario The deployment scenarios described in this section are based on actual customer deployments and are SonicWALL recommended deployment best practices for SRA appliances A SonicWALL SRA appliance is commonly deployed in one arm mode over the DMZ or Opt interface on an accompanying gateway appliance such as a SonicWALL NSA E7500 This method of deployment offers additional layers of security control plus the ability to use SonicWALL s UTM services including Gateway Anti Virus Anti Spyware Content Filtering Intrusion Prevention Service and Comprehensive Anti Spam Service to scan all incoming and outgoing NetExtender traffic The primary interface X0 on the SonicWALL SRA connects to an available segment on the gateway device The encrypted user session is passed through the gateway to the SonicWALL SRA appliance The SonicWALL SRA appliance decrypts the session and determines the requested resource The session traffic then traverses the gateway appliance to reach the internal network resources The gateway appliance applies security services such as Intrusion Prevention Gateway Anti Virus and Anti Spyware inspection as data traverses the gateway The internal network resource then returns the requested content to the SonicWALL SRA appliance
27. he following resources for its customers e E Training e Instructor Led Training e Custom Training e Technical Certification e Authorized Training Partners For further information visit lt http www sonicwall com us training html gt Page 48 Training Training and Certification InsitrwcborJed Courses eLearning Cowes Certification Programs Class Schedules Authorized Traini ng Partners Related Documentation See the following related documents for more information e SonicOS SSL VPN Administrator s Guide e SonicOS SSL VPN User s Guide e SonicOS SSL VPN Release Notes e SonicOS SSL VPN Feature Modules e SonicOS Administrator s Guide e SonicOS Feature Modules e SonicWALL GMS Administrator s Guide e SonicWALL ViewPoint Administrator s Guide e SonicWALL GAV Administrator s Guide e SonicWALL IPS Administrator s Guide e SonicWALL Anti Spyware Administrator s Guide e SonicWALL Comprehensive Anti Spam Services Guide e SonicWALL CFS Administrator s Guide e SonicWALL GVC Administrator s Guide For further information visit lt http www sonicwall com us support 289 html gt Support SUPPOTt for Sonic WALL Products and Senices herie Service Bulletins Vue Peet Far Eur IH vr 1 r Search the Knowledge Base E b aa Hetk L Fe Secure ce z or Inge e 4 22 e je B es Top Support Topics Recent Video Tutorials _ SOYAI E am ie Cen gure Seeded Ponp oe a ALL
28. icWALL SRA 1200 4200 Getting Started Guide e One straight through Ethernet cable e One serial CLI cable e One rack mount kit e One power cord e A Web browser supporting Java Script and HTTP uploads Supported browsers include the following Supported Browsers Browser Version Number Internet Explorer 8 0 or higher ee Safari 4 0 or higher for MacOS err o Power cord intended for use in North America only For other areas please refer to your product reseller Page 4 SRA 1200 System Requirements Package Contents for the SonicWALL SRA 1200 Getting Started Guide Power cord inlucded in North America only SONICWALL gt Missing Items If any items are missing from your package contact SonicWALL Support Web http www sonicwall com us Support html Email customer_service sonicwall com SRA 4200 System Requirements Before you begin the setup process verify that your package contains the following parts e One SonicWALL SRA 4200 appliance e One SonicWALL SRA 1200 4200 Getting Started Guide e One straight through Ethernet cable e One serial CLI cable e One rack mount kit e One power cord e A Web browser supporting Java Script and HTTP uploads Supported browsers include the following Supported Browsers Browser Version Number Internet Explorer 8 0 or higher em pe Safari 4 0 or higher for MacOS Power cord intended for use in North Amer
29. ica only For other areas please refer to your product reseller Package Contents for the SonicWALL SRA 4200 Getting Started Guide Power cord inlucded in North America only SONICWALL gt Missing Items If any items are missing from your package contact SonicWALL Support Web http www sonicwall com us Support html Email customer_service sonicwall com SonicWALL SRA 1200 4200 Getting Started Guide Page 5 What You Need to Begin e Administrative access to the network gateway device e A Windows Linux or MacOS computer to use as a management station for initial configuration of the SonicWALL SRA 1200 4200 e A Web browser supporting Java Script and HTTP uploads See previous pages for supported Web browsers e An Internet connection Page 6 What You Need to Begin Recording Configuration Information Record the following setup information to use during the setup process and for future reference Registration Information Serial Number Record the serial number found on the bottom panel of your SonicWALL appliance Authentication Code Record the authentication code found on the bottom panel of your SonicWALL appliance Administrator Information Admin Name Select an administrator account name default is admin Admin Password Select an administrator password default is password Network Configuration Information Collect t
30. igned image Exporting a Copy of Your Configuration Settings Before beginning the update process export a copy of your SonicWALL SRA appliance configuration settings to your local machine The Export Settings feature saves a copy of your current configuration settings on your SonicWALL SRA appliance protecting all your existing settings in the event that it becomes necessary to return to a previous configuration state Page 42 Obtaining the Latest SRA SSL VPN Image Note Exporting and Importing system configuration settings is supported when upgrading from a SonicWALL SSL VPN 200 2000 4000 appliance to a SonicWALL SRA 1200 4200 appliance Perform the following procedures to save a copy of your configuration settings and export them to a file on your local management station 1 Click the Export Settings button on the System gt Settings page and save the settings file to your local machine The default settings file is named sslvpnSettings zip NA Tip To more easily restore settings in the future rename the zip file to include the version of the SonicWALL SSL VPN image from which you are exporting the settings Uploading a New SRA SSL VPN Image Note SonicWALL SRA 4200 1200 appliances do not support downgrading an image and using the configuration settings file from a higher version If you are downgrading to a previous version of a SRA SSL VPN image you must select Uploaded Firmware with Factory Defaults Ne
31. ing the Management Interface To access the Web based management interface of the SonicWALL SRA 1200 4200 1 Connect one end of an Ethernet cable into the X0 port of your SonicWALL SRA 1200 4200 Connect the other end of the cable into the computer you are using to manage the SonicWALL SRA 1200 4200 2 Set the computer you use to manage the SonicWALL SRA 1200 4200 to have a static IP address in the 192 168 200 x 24 subnet such as 192 168 200 20 However do not use 192 168 200 1 as this address will conflict with the appliance 3 Open a Web browser and enter http 192 168 200 1 the default XO management IP address in the Location or Address field Note A security warning may appear Click Continue to this website or OK to accept the certificate and continue SonicWALL SRA 1200 4200 Getting Started Guide Page 9 4 The SonicWALL SRA Management Interface Login displays and prompis you to enter your user name and password Enter admin in the User Name field password in the Password field select LocalDomain from the Domain drop down list and click the Login button SONICWALL SSL VPN Login Username j admin Password eeeesee Domain LocalDomain v You are now successfully connected to the SRA Management Interface Page 10 Applying Power to the SonicWALL SRA Troubleshooting If you cannot connect to the SonicWALL SRA 1200 4200 verify the following configura
32. ister Now gerd aes eai Ara 3 Complete the Registration form and click Register 4 Verify that the information is correct and click Submit 5 Inthe screen confirming that your account was created click Continue to finish creating your MySonicWALL account Page 22 Creating a MySonicWALL Account Registering Your SonicWALL SRA This section contains the following subsections e Before You Register page 22 e Product Registration page 22 Before You Register Verify that the time DNS and default route settings on your SonicWALL SRA 1200 4200 are correct before you register your appliance To verify or configure these settings navigate to the System gt Time Network gt DNS or Network gt Routes pages respectively Product Registration Register your SonicWALL SRA on MySonicWALL to enable full functionality 1 Login to your MySonicWALL account If you do not have an account you can create one at www mysonicwall com 2 On the main page enter the appliance serial number in the Register A Product field Click Next 3 On the My Products page under Add New Product enter the friendly name for the appliance select the Product Group if any enter the authentication code into the appropriate text boxes and then click Register 4 On the Product Survey page fill in the requested information and click Continue Services and Licensing This section contains the following subsections e Service
33. ler empfohlene Montagezubeh r Verwenden Sie f r eine sichere Montage vier passende Befestigungsschrauben und ziehen Sie diese mit der Hand an W hlen Sie einen Ort im 19 Zoll Rack wo alle vier Befestigungen der Montageschien verwendet werden W hlen Sie f r die Montage einen Ort der keinem direkten Sonnenlicht ausgesetzt ist und sich nicht in der N he von W rmequellen befindet Die Umgebungstemperatur darf nicht mehr als 40 C betragen Achten Sie darauf das sich die Netzwerkkabel nicht in der unmittelbaren N he von Stromleitungen Leuchtstoffr hren und St rquellen wie Funksendern oder Breitbandverst rkern befinden Das beigef gte Netzkabel ist nur f r den Gebrauch in Nordamerikas Vorgesehen F r Kunden in der Europaischen Union EU ist ein Netzkabel nicht im Lieferumfang enthalten e Stellen Sie sicher dass das Ger t vor Wasser und h her Luftfeuchtigkeit gesch tzt ist Stellen Sie sicher dass die Luft um das Ger t herum zirkulieren kann und die L ftungsschlitze an der Seite des Geh uses frei sind Hier ist ein Bel ftungsabstand von mindestens 26 mm einzuhalten Wenn das Ger t in einem geschlossenen 19 Geh use oder mit mehreren anderen Ger ten eingesetzt ist wird die Temperatur in der Geh use h her sein als die Umgebungstemperatur Achten Sie darauf da die Umgebungstemperatur nicht mehr als 40 C betr gt Bringen Sie die SonicWALL waagerecht im Rack an um m gliche Gefahren d
34. ned addresses You can determine the correct subnet based on your network scenario selection Scenario A Use the default NetExtender range 192 168 200 100 to 192 168 200 200 ScenarioB Select a range that falls within your existing DMZ subnet For example if your DMZ uses the 192 168 50 0 24 subnet and you want to support up to 30 concurrent NetExtender sessions you could use 192 168 50 220 to 192 168 50 249 providing they are not already in use Scenario C Select a range that falls within your existing LAN subnet For example if your LAN uses the 192 168 168 0 24 subnet and you want to support up to 10 concurrent NetExtender sessions you could use 192 168 168 240 to 192 168 168 249 providing they are not already in use To set your NetExtender address range in the management interface 1 Navigate to the NetExtender gt Client Settings page 2 Enter an address range for your clients in the Client Address Range Begin and Client Address Range End fields Scenario A 192 168 200 100 to 192 168 200 200 default range Scenario B An unused range within your DMZ subnet Scenario C An unused range within your LAN subnet If you do not have enough available addresses to support your desired number of concurrent NetExtender users you may use a new subnet for NetExtender This condition may occur if your existing DMZ or LAN is configured in NAT mode with a small subnet space such as 255 255 255 224 or more commonl
35. nicWALL offers telephone email and Web based support to customers with valid Warranty Support or a purchased support contract Please review our Warranty Support Policy for product coverage For answers to support questions visit lt http www sonicwall com us Support html gt SONICWALL Support SUPPO for Sonic WALLS Products and Services Service Bulletins L or rare Gor Eier FE re ei igre Search the Knowledge Base Fietwcerk ii u beira security Di mu kei Top Suppan Topics Page 46 Customer Support lo Ema a T Coston ragen A ce mazut A Besra Recent Video Tutorials m OAL ve So Serie Pore on a Ge BALL Faresi Knowledge Base The Knowledge Base allows users to search for SonicWALL documents based on the following types of search tools Browse e Search for keywords Full text search For further information visit lt http www sonicwall com us support kb asp gt Support Support Knowledge Base wenn Coat Lenore vemos ee Jotne erno oreet Tess Eiei a podat 7 Aare Kerle hee by ore mn pengi a ar mich Select pnr iope witan poid Ga cect piwa mancan Le Bikini yoii detec dutch WE bene AR Ka Gry Ess rat mwh erh Archies Hema Bil alegre farri lim titi Pen ther higi Help ot Ben Diet Rint Naas Wiehe ehren an the jeher ee tte isi tartan a jene etic B you Can fed an aiii hk Here in msiiy wa Muat ek Dili For AN Career Elke an tha ham bakya ifai be
36. o keep it in a safe place If you lose your password you will have to reset the SonicWALL SRA to factory settings losing your configuration Page 12 Configuring Your SRA 1200 4200 Enter a password for the admin account in the Password field Re enter the password in the Confirm Password field General User Settings User Name admin Primary Group LocalDomain see all In Domain LocalDomain User Type Administrator Password Confirm Password Inactivity Timeout minutes q amp Single Sign On Settings Automatically log into bookmarks Use group setting r Click OK to apply changes Adding a Local User 1 Navigate to Users gt Local Users page 2 Click the Add User button 3 Entera User Name 4 Select LocalDomain from the Group Domain drop down menu Ol 6 Select User from the User Type drop down menu Users gt Local Users gt Add Local User User Name Domain LocalDomain r Group LocalDoma n ki Password Confirm Password User Type User ki 7 Click Add to finish adding a local user Enter a Password for the user Confirm the new password Setting the Time Zone 1 Navigate to the System gt Time page 2 Select the appropriate Time Zone from the drop down menu System gt Time System Time Time hh mm ss Date mm dd yyyy Time Zone Pacific Time US amp Canada GMT 8 00 v Automatically synchronize with an NTP server E Display UTC in logs ins
37. pen OPT or X2 interface 3 1 or higher New DMZ configured for TZ Series PRO Series either NAT or Transparent Mode Provide SonicWALL deep packet inspection security services optional SRA on Existing DMZ OPT or X2 interface in use with an existing DMZ Provide SonicWALL deep packet inspection security services optional SonicOS Standard 3 1 or higher TZ Series PRO Series SonicWALLs with legacy firmware Third Party Gateway Device SRA on the LAN Not planning to use SonicWALL deep packet inspection security services Interoperability with a third party gateway device Applying Power to the SonicWALL SRA 1 Plug one end of the power cord into the SonicWALL SRA 1200 4200 and the other into an appropriate power outlet 2 Turn on the power switch located on the rear of the appliance next to the power cord The Pwr LED on the front panel lights up blue when the appliance is turned on The Test LED lights up yellow and may blink for up to a minute while the appliance performs a series of diagnostic tests When the Test LED is no longer lit the SonicWALL SRA 1200 4200 is ready for configuration O PWR TEST ALARM If the Test or Alarm LEDs remain lit or if the Test LED blinks red after the SonicWALL SRA 1200 4200 has booted restart the appliance For more troubleshooting information refer to the SonicWALL SSL VPN Administrator s Guide Access
38. pplication Four mounting screws compatible with the rack design must be used and hand tightened to ensure secure installation Choose a mounting location where all four mounting holes line up with those of the mounting bars of the 19 inch rack mount cabinet Mount in a location away from direct sunlight and sources of heat A maximum ambient temperature of 104 F 40 C Route cables away from power lines fluorescent lighting fixtures and sources of noise such as radios transmitters and broadband amplifiers The included power cord is intended for use in North America only For European Union EU customers a power cord is not included Ensure that no water or excessive moisture can enter the unit Allow unrestricted airflow around the unit and through the vents on the side of the unit A minimum of 1 inch 25 44mm clearance is recommended Mount the SonicWALL appliances evenly in the rack in order to prevent a hazardous condition caused by uneven mechanical loading If installed in a closed or multi unit rack assembly the operating ambient temperature of the rack environment may be greater than room ambient temperature Therefore consideration should be given to installing the equipment in an environment compatible with the maximum recommended ambient temperature shown above Consideration must be given to the connection of the equipment to the supply circuit The effect of overloading the circuits has
39. r the SonicWALL SRA Server Private SonicWALL SRA s X0 IP address IP Address 192 168 200 1 by default Server Comment Brief description of the server On the Server Public Information page accept the default IP address or enter an IP address in your allowed public IP range Click Next Note The default IP address is the WAN IP address of your SonicWALL security appliance If you accept this default all HTTP and HTTPS traffic to this IP address will be routed to your SonicWALL SRA The Public Server Configuration Summary page displays allthe configuration actions that will be performed to create the public server Click Apply to create the configuration and allow access from the WAN to the SRA on the DMZ Page 30 Scenario A SRA on a New DMZ Allowing an SRA gt LAN Connection When users have connected to the SRA they need to be able to connect to resources on the LAN To allow an SRA to LAN connection perform the following steps 1 Navigate to the Network gt Address Objects page 2 Inthe Address Objects section click Ada 3 Inthe Add Address Object dialog box create an address object for the XO interface IP address of your SonicWALL SRA Name forthe SonicWALL SRA ce IP Address SonicWALL SRA s X0 IP address 192 168 200 1 by default 4 Click Add to create the object Once done click Close 5 Click again to create an address object for the NetExtender range Inthe Add A
40. rchased with all backup copies can be sold given or loaned to another person Under the law copying includes translating into another language or format Specifications and descriptions subject to change without notice Page 58 Copyright Notice Trademarks SonicWALL is a registered trademark of SonicWALL Inc Microsoft Windows Vista Windows XP Windows 2000 Windows NT Windows Server 200 Internet Explorer and Active Directory are trademarks or registered trademarks of Microsoft Corporation Netscape is a registered trademark of Netscape Communications Corporation in the U S and other countries Netscape Navigator and Netscape Communicator are also trademarks of Netscape Communications Corporation and may be registered outside the U S Adobe Acrobat and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U S and or other countries Firefox is a trademark of the Mozilla Foundation Other product and company names mentioned herein may be trademarks and or registered trademarks of their respective companies and are the sole property of their respective manufacturers Notes SonicWALL SRA 1200 4200 Getting Started Guide Page 59 Notes Page 60 Notes SonicWALL Inc 2001 Logic Drive T 1 408 745 9600 San Jose CA 95124 3452 F 1 408 745 9300 SONICWALL gt www sonicwall com e P N 232 000745 00 DYNAMIC SECURITY FOR THE GLOBAL N
41. rivate IP Address cri a on SRA PP ance both cannot concurrently use the same IP address and port en ee ca combinations Server Comment Brief description of the server To create a public server access rule for HTTPS traffic 1 Click the Wizards icon at the top right of the interface 7 On the Server Public Information page accept the 2 On the Welcome page select the Public Server Wizard default IP address or enter an IP address in your allowed and then click Next public IP range Click Next 3 On the Public Server Type page select Note The default IP address is the WAN IP address of your SonicWALL firewall If you accept this default all HTTP Br and H TTPS traffic to this IP address will be routed to your SonicWALL SRA The Add Service Group dialog box is displays 4 Inthe Add Service Group dialog box create a service group for HTTP and HTTPS 8 The Public Server Configuration Summary page displays all configuration actions that will be performed to create the public server Click Apply to create the configuration and emera name forthe service allow access from the WAN to the SonicWALL SRA on the e Select both HTTP and HTTPS and click gt DMZ e Click OK when HTTP and HTTPS are in the right column 5 On the Public Server Type page click Next SonicWALL SRA 1200 4200 Getting Started Guide Page 33 Allowing DMZ gt LAN Connection When users have connected to the SRA the
42. s A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in acommercial environment This equipment generates uses and can radiate radio frequency energy And if not installed and used in accordance with the instruction manual the device may cause harmful interference to radio communications Operation of this equipment in a residential area Is likely to cause harmful interference in which case the user is required to correct the interference at his own expense Canadian Radio Frequency Emissions Statement This Class A digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe A conforme a toute la norme NMB 003 du Canada Complies with EN 55022 Class A and CISPR22 Class A Warning This is a class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Caution Modifying this equipment or using this equipment for purposes not shown in this manual without the written consent of SonicWALL Inc could void the user s authority to operate this equipment Declaration of Conformity Application of council Directive 2004 108 EC EMC and 2006 95 EC LVD Standards to which conformity is declared EN 55022 2006 A 2007 Class A EN 55024 1998 A1 2001 A2 2003 EN 61000 3 2 2006 EN 61000
43. tead of local time 3 Click Accept to save changes to the time settings Note Setting the correct time is essential to operations of the SonicWALL SRA 1200 4200 Be sure to set the time zone correctly Automatic synchronization with an NTP server default setting is encouraged for accuracy SonicWALL SRA 1200 4200 Getting Started Guide Page 13 Configuring SRA Network Settings You will now configure your SRA 1200 4200 network settings Refer to the notes you took in the Recording Configuration Information on page 6 to complete this section Configuring DNS WINS 1 Navigate to the Network gt DNS page in the management interface 2 Enter a unique name for your SonicWALL SRA in the SSL VPN Gateway Hostname field 3 Enter your Primary DNS Server information 4 Optional Enter asecondary DNS server in the Secondary DNS Server field Network gt DNS Hostname SSL VPN Gateway Hostname SRA pubs1 200 DNS Settings Primary DNS Server 10 2 16 6 Secondary DNS Server optional 10 50 128 53 DNS Domain optional WINS Settings Primary WINS Server optional Seco econdary WINS Server optional Page 14 Configuring Your SRA 1200 4200 5 Optional Enter your DNS Domain 6 Optional Enter your WINS servers in the Primary WINS Server and Secondary WINS Server fields 7 Click Accept Configuring the X0 IP Address for Scenario B and Scenario C If you are deploying the SRA in either Scenario
44. til the Test light starts blinking u The Test light starts blinking when the SonicWALL security appliance has rebooted into SafeMode 3 Connect to the management interface by pointing the Web browser on your management station to http 192 168 200 1 The SafeMode management interface displays 4 Try rebooting the SonicWALL security appliance with your current settings Click the boot icon in the same line with Current Firmware 5 After the SonicWALL security appliance has rebooted try to open the management interface again If you still cannot open the management interface use the reset button to restart the appliance in SafeMode again In SafeMode restart the SRA SSL VPN image with the factory default settings Click the boot icon in the same line with Current Firmware with Factory Default Settings In th s Section This section provides overviews of customer support and training options for SonicWALL SRA appliances e Customer Support page 46 e Knowledge Base page 46 e User Forums page 47 e Training page 48 e Related Documentation page 49 e SonicWALL Live Product Demos page 50 e SonicWALL Secure Wireless Network Integrated Solutions Guide page 51 Support and Training Options SonicWALL SRA 1200 4200 Getting Started Guide Page 45 Customer Support SonicWALL s customer support Web site is where you will find featured support topics tutorials and more If you need further assistance So
45. tions Did you plug your management workstation into the interface XO on the SonicWALL SRA appliance Management can only be performed through XO Is the link light illuminated on both the management station and the SonicWALL SRA appliance Did you correctly enter the SonicWALL SRA 4200 management IP address in your Web browser Is your computer set to a static IP address of 192 168 200 20 Is your Domain set to LocalDomain on the login screen If you are still unable to connect to the SonicWALL SRA appliance contact SonicWALL Support Web http www sonicwall com us Support html Email customer_service sonicwall com In th s Section This section provides procedures for connecting your SonicWALL SRA 1200 4200 appliance e Configuring Your SRA 1200 4200 page 12 e Connecting Your SRA 1200 4200 page 18 Connecting Your Appliance SonicWALL SRA 1200 4200 Getting Started Guide Page 11 Configuring Your SRA 1200 4200 Once your SonicWALL SRA 1200 4200 is connected to a computer through the management port X0 it can be configured through the Web based management interface Setting Your Administrator Password 1 From the management interface select the Users gt Local Users page 2 Click the Configure button corresponding to the admin account admin Localbomain Administrator Fr Note Changing your password from the factory default is strongly recommended If you change your password be sure t
46. urch ungleiche mechanische Belastung zu vermeiden Pr fen Sie den Anschluss des Ger ts an die Stromversorgung damit der berstromschutz sowie die elektrische Leitung nicht von einer eventuellen berlastung der Stromversorgung beeinflusst werden Pr fen Sie dabei sorgf ltig die Angaben auf dem Aufkleber des Ger ts Eine sichere Erdung der Ger te im Rack muss gew hrleistet sein Insbesondere muss auf nicht direkte Anschl sse an Stromquellen geachtet werden wie z B bei Verwendung von Mehrfachsteckdosen Hinweis zur Lithiumbatterie Die in der Internet Security Appliance von SonicWALL verwendete Lithiumbatterie darf nicht vom Benutzer ausgetauscht werden Zum Austauschen der Batterie muss die SonicWALL in ein von SonicWALL autorisiertes Service Center gebracht werden Dort wird die Batterie durch denselben oder entsprechenden vom Hersteller empfohlenen Batterietyp ersetzt Beachten Sie bei einer Entsorgung der Batterie oder der SonicWALL Internet Security Appliance die diesbez glichen Anweisungen des Herstellers Kabelverbindungen Alle Ethernet und RS232 C Kabel eignen sich f r die Verbindung von Ger ten in Innenr umen Schlie en Sie an die Anschl sse der SonicWALL keine Kabel an die aus dem Geb ude in dem sich das Ger t befindet herausgef hrt werden SonicWALL SRA 1200 4200 Getting Started Guide Page 55 FCC Part 15 Class A Notice NOTE This equipment was tested and found to comply with the limits for a Clas
47. vation Key s Submit Cancel Trying or Purchasing Services To try a free trial of a service click Try in the Service Management page To purchase a product or service click Buy Now in the Service Management page to complete your purchase Buy Service Price List The Fokoa Servaies Cats bee Euch for rue ue Tecate SP DO Od PC Part An Chester in Lo Pre Chuan iiy Serrie Halus Wirtual Assist Lisrent status _ 93 Status Upon Urder Completion PS Dientes nn Order Censplehinne When activation is complete MySonicWALL displays an activation screen with service status and expiration information The service management screen also displays the product you licensed You have successfully registered your SonicWALL appliance SonicWALL SRA 1200 4200 Getting Started Guide Page 25 Page 26 Services and Licensing In th s Section This section provides detailed overviews of deployment scenarios as well as configuration instructions for connecting your SonicWALL SRA to various network devices including gateway appliances e Scenario A SRA on a New DMZ page 27 e Scenario B SRA on an Existing DMZ page 32 e Scenario C SRA on the LAN page 36 e Testing Your Remote Connection page 39 Y Tip Before completing this section fill out the information on Recording Configuration Information on page 6 Network Configuration B Scenario A SRA on a New DMZ This section provi
48. w You can then import a settings file saved from the previous version or reconfigure manually To upload new firmware on the appliance 1 Download the SRA SSL VPN image file from www mysonicwall com and save it to a location on your local computer Select Upload New Firmware from the System gt Settings page Browse to the location where you saved the SRA SSL VPN image file select the file and click the Upload button The upload process can take up to one minute On a SonicWALL SRA 4200 1200 you are ready to reboot your appliance with the new SRA SSL VPN image Do one of the following 1 To reboot the image with current preferences click the boot icon for the following entry Uploaded Firmware New To reboot the image with factory default settings click the boot icon for the following entry Uploaded Firmware with Factory Defaults New Note Be sure to save a backup of your current configuration settings to your local machine before rebooting the SonicWALL SSL VPN appliance with factory default settings as described in the previous Saving a Backup Copy of Your Configuration Settings section A warning message dialog is displayed saying Are you sure you wish to boot this firmware Click OK to proceed After clicking OK do not power off the device while the image is being uploaded to the flash memory After successfully uploading the image to your SonicWALL SSL VPN appliance the login screen is
49. y if your DMZ or LAN is configured in Transparent mode and you have a limited number of public addresses from your ISP In either case you may assign a new unallocated IP range to NetExtender such as 192 168 10 100 to 192 168 10 200 and configure a route to this range on your gateway appliance For example if your current Transparent range is 67 115 118 75 through 67 115 118 80 and you wish to support 50 concurrent NetExtender clients configure your SRA XO interface with an available IP address in the Transparent range such as 67 115 118 80 and configure your NetExtender range as 192 168 10 100 to 192 168 10 200 Then on your gateway device configure a static route to 192 168 10 0 255 255 255 0 using 67 115 118 80 SonicWALL SRA 1200 4200 Getting Started Guide Page 17 Connecting Your SRA 1200 4200 Before continuing reference the diagrams on the following pages to connect the SonicWALL SRA 1200 4200 to your network Refer to the options in Selecting a Deployment Scenario on page 7 to determine the proper scenario for your network configuration e Scenario A Connecting Your Network Interfaces page 18 e Scenario B Connecting Your Network Interfaces page 19 e Scenario C Connecting Your Network Interfaces page 19 Page 18 Connecting Your SRA 1200 4200 Scenario A Connecting Your Network Interfaces Scenario A SRA on a New DMZ SonicWALL UTM Appliance X1 XO OPT X2 etc F A
50. y need to be able to connect to resources on the LAN 1 2 3 Navigate to the Network gt Address Objects page In the Address Objects section click ad In the Add Object dialog box create an address object for the XO interface IP address of your SonicWALL SRA then click OK Name forthe SonicWALL SRA Ce EEE X0 IP address of the SRA appliance within your DMZ range such as 10 1 1 200 IP Address Click again to create an address object for the NetExtender range Page 34 Scenario B SRA on an Existing DMZ 5 6 In the Add Object dialog box create an address object for the XO interface IP address of your SonicWALL SRA then click OK Start of the NetExtender IP address range within your DMZ range e g 10 1 1 220 Starting IP Address End of the NetExtender IP address range within your DMZ range e g 10 1 1 250 Ending IP Address In the Address Groups section click ausurup In the Add Address Object Group dialog box create a 11 In the Add Rule window create a rule to allow access to group for the XO interface IP address of your SonicWALL the LAN for the address group you just created SRA and the NetExtender IP range then click OK e Inthe left column select the two groups you created A owa rom zone and click the arrow button a To Zone LAN SONICWALL Network Security Appliance Service Any Name SonicWALL_SRA_Group RT he ITEE Source
Download Pdf Manuals
Related Search