当前位置:首页 >> 调查/报告 >>

SonicWALL


SonicWALL NSA 240 Getting Started Guide
This Getting Started Guide provides instructions for basic installation and configuration of the SonicWALL Network Security Appliance (NSA) 240 running SonicOS Enhanced. After you complete this guide, computers on your Local Area Network (LAN) will have secure Internet access.

Document Contents
This document contains the following sections:
1 2 3 4 5 6 7 8 9

Pre-Configuration Tasks - page 1 Preparing Your WWAN PC Card - page 7 Registering Your Appliance - page 11 Deployment Scenarios - page 17 Verifying Your Connection - page 35 Enabling Essential Security Services - page 39 Additional Deployment Configuration - page 47 Support and Training Options - page 71 Product Safety and Regulatory Information - page 79
SonicWALL NSA 240 Getting Started Guide Page i

SonicWALL NSA 240 Front Panel
LAN/WAN Port Status
Provides dedicated LAN/WAN port status as follows: link/spd: Off=10M Green=100M Amber=1,000M activity: Solid=link Blinking=activity

Off=10M Green=100M Solid=link Blinking=activity

PC Card Slot
(side of unit) Provides an interface for the WWAN PC Card connection
NSA 240

Provides power and test status
(refer to page 5)

activity:

Off=10M Green=100M Amber=1,000M Solid=link Blinking=activity

USB Ports
For future application

PC Card Status
Provides WWAN PC Card status as follows: signal: Green=connected Amber=negotiating link/act: Solid=link Blinking=activity

Page ii SonicWALL NSA 240 Front Panel

SonicWALL NSA 240 Rear Panel
Ethernet Port (X2)
Provides an additional Gigabit-capable Ethernet port for general use

Ethernet Ports (X3-X7)
Provides con?gurable 10/100 Ethernet ports for connection to network devices on WAN, LAN, DMZ, and other zone types

WAN Port (X1)
Provides dedicated WAN (Internet)

HA Ethernet Port (X8)
Provides 10/100 Ethernet port for high availability (HA) connectivity

LAN

WAN

Console

X0

X1

X2

X3

X4

X5

X6

X7

X8

Power

Console Port
Provides access to the SonicOS Command Line Interface (CLI) via the DB9 -> RJ45 cable

Power Supply
Provides power connection using supplied power cable

LAN Port (X0)
Provides dedicated LAN access to local area network resources

Reset Button
Press and hold to manually reset the appliance to SafeMode

SonicWALL NSA 240 Getting Started Guide Page iii

SonicWALL NSA 240 LED Reference Guide

M0

X0

X1

X2

X3

X4

X5

X6

X7

X8

Page iv SonicWALL NSA 240 LED Reference Guide

Pre-Configuration Tasks

1

In this Section:
This section provides pre-configuration information. Review this section before setting up your SonicWALL NSA 240 appliance.

? ? ? ?

Checking NSA 240 Package Contents - page 2 Obtaining Configuration Information - page 3 Obtaining WWAN Service Provider Information - page 5 Verifying System Requirements - page 6

SonicWALL NSA 240 Getting Started Guide Page 1

Checking NSA 240 Package Contents
Before setting up your SonicWALL NSA appliance, verify that your package contains the following parts:
1 2 3 4

Any Items Missing?
If any items are missing from your package, please contact SonicWALL support. A listing of the most current support documents are available online at: <http://www.sonicwall.com/us/support.html>
*The included power cord is intended for use in North America only. For European Union (EU) customers, a power cord is not included.

NSA 240 Appliance DB9 -> RJ45 (CLI) Cable Standard Power Adaptor* Ethernet Cable

5 6 9 8

Release Notes Getting Started Guide

SonicOS Release Notes

1

M0 signal link/act

X0

X1 X2

X3 X4

X5

X6 X7

X8 link/spd activity

Contents

lan wan

NSA 240

5

SonicWALL Network Security Appliances
NET WORK SECURIT Y

NSA 2400

2

3

4 6

Getting Started Guide

Page 2 Checking NSA 240 Package Contents

Obtaining Configuration Information
Record and keep for future reference the following setup information:

Registration Information
Serial Number: Record the serial number found on the bottom panel of your SonicWALL appliance. Record the authentication code found on the bottom panel of your SonicWALL appliance.

Authentication Code:

Networking Information
LAN IP Address: . Subnet Mask: . . . Select a static IP address for your Ethernet WAN. This setting only applies if you are already using an ISP that assigns a static IP address. . . Record the subnet mask for the local subnet where you are installing your SonicWALL appliance. Select a static IP address for your SonicWALL appliance that is within the range of your local subnet. If you are unsure, you can use the default IP address (192.168.168.168).

Ethernet WAN IP Address: . . .

Administrator Information
Admin Name: Select an administrator account name. (default is admin) Select an administrator password. (default is password)

Admin Password:

SonicWALL NSA 240 Getting Started Guide Page 3

Obtaining Internet Service Provider (ISP) Information
Record the following information about your current ISP: Record the following information about your secondary ISP:

ISP 1
If you connect via Cable modem, DSL with a router Home DSL You likely use DHCP Please record No Internet connection information is usually required, although some service providers require a host name. Host Name: User Name: Password: Note: Your ISP may require your user name in the format: name@ISP.com . IP Address: Subnet Mask: . Default Gateway . (IP Address): Primary DNS: . Secondary DNS . (optional): Server Address: User Name: Password: . . . . . . . . . .

ISP 2 (Optional for Multiple WAN Failover)
If you connect via Cable modem, DSL with a router Home DSL You likely use DHCP Please record Host Name:

PPPoE

PPPoE

User Name: Password: Note: Your ISP may require your user name in the format: name@ISP.com . IP Address: Subnet Mask: . Default Gateway . (IP Address): Primary DNS: . Secondary DNS . (optional): Server Address: User Name: Password: . . . . . . . . . .

T1/E1, Static broadband, Cable or DSL with a static IP

Static IP

T1/E1, Static broadband, Cable or DSL with a static IP

Static IP

Dial-in to a server

PPTP

Dial-in to a server

PPTP

Page 4 Obtaining Configuration Information

Obtaining WWAN Service Provider Information
Record the following information about your current WWAN service:

WWAN Service Provider
Country: Service Provider: Plan Type: Record the country where you purchased your WWAN card. Record the service provider from whom you purchased your WWAN card. This is the brand name of the card. Record the plan type that you purchased from your provider. If you are unsure about this information, you may use Standard as the plan type.

WWAN Account Information
User Name/Password: Some WWAN service providers require user specific information, such as a login and password. If your service provider requires it, you will need to provide such information during the setup process.

Note: WWAN Account Information is automatically populated based on the chosen service provider and plan type. In most cases,
if you selected the correct service provider and plan type the WWAN account information does not have to be altered.

SonicWALL NSA 240 Getting Started Guide Page 5

Verifying System Requirements
Before you begin the setup process, verify that you have: ? ? An Internet connection A Web browser supporting Java Script and HTTP uploads. Supported browsers include the following:

Supported Browsers
Internet Explorer Firefox Netscape Opera Safari

Browser Version Number
6.0 or higher 2.0 or higher 9.0 or higher 9.10 or higher for Windows 2.0 or higher for MacOS

Page 6 Verifying System Requirements

Preparing Your WWAN PC Card

2

In this Section:
This section provides instructions to set up your WWAN PC card for use in the SonicWALL NSA 240 appliance.

? ? ?

WWAN PC Card Setup - page 8 Activating Your PC Card Software - page 8 Verifying Your Connection - page 9

Alert: DO NOT insert your PC card into the SonicWALL NSA 240 appliance until you have completed the setup process for
your card as described in this section. If your WWAN PC card is already registered and activated with your service provider and you are able to access the Internet through your PC using this card, you may skip this section and continue to Registering Your Appliance - page 11.

SonicWALL NSA 240 Getting Started Guide Page 7

WWAN PC Card Setup
Complete the following steps to set up and provision your WWAN PC card. Verify at the www.sonicwall.com website that your WWAN PC card and service provider are supported by the SonicWALL NSA 240 appliance.

Activating Your PC Card Software
This section covers prerequisites necessary to set up most WWAN PC cards to work with the SonicWALL NSA 240. Using an available desktop or laptop PC with Type II PC card slot, complete the following steps: 1. Install the software that came bundled with your WWAN PC card before activating the card. When prompted, insert the WWAN PC card into an available Type II PC card slot on the Laptop or Desktop PC you are using for card configuration. Install updates to your WWAN PC card, if available. Activate your PC card, if required.

Alert: DO NOT insert your PC card into the SonicWALL NSA
240 appliance until you have completed the setup process for your card as described in this section and successfully accessed the Internet through your computer using the PC card. If you are using a GSM-based WWAN service provider, you may be required to remove the PIN protection from your SIM chip before using it with the SonicWALL. Please contact your WWAN service provider for more information on setup and PIN removal procedures.

2.

3. 4.

Page 8 WWAN PC Card Setup

Verifying Your Connection
After activating the card on your PC, you can view your connection type and verify that the WWAN PC card is transferring data. For valid connection testing, it is important that you first disable all other network connections, such as a WiFi or LAN connection, before continuing. Leave only your PC card connection enabled. 1. 2. 3. 4. 5. Use the software that came with your WWAN PC card to initialize a connection with your service provider. In the Windows interface, select Start > Run. Enter cmd in the Open field and click the OK button. At the prompt, type the command ipconfig and press Enter on the keyboard. Your network device status will display. Verify that you have obtained an IP Address for your Ethernet adaptor, and that all other Local Area Network Connections display “Media disconnected” as their status.

Note: The name of your Ethernet adaptor may differ from
the screenshot below. Common names for newly acquired cards are “Local Area Connection 2” or “Local Area Connection 3.”

6.

Open a Web browser and navigate to a Website, such as <http://www.sonicwall.com>, to verify that your connection can transfer data.

Congratulations! You have set up and provisioned your WWAN PC card.

SonicWALL NSA 240 Getting Started Guide Page 9

Page 10 WWAN PC Card Setup

Registering Your Appliance

3

In this Section:
This section provides instructions for registering your SonicWALL NSA 240 appliance.

? ? ?

Before You Register - page 12 Creating a MySonicWALL Account - page 13 Registering and Licensing Your Appliance on MySonicWALL - page 13

Note: Registration is an important part of the setup process and is necessary to receive the benefits of SonicWALL security services,
firmware updates, and technical support.

SonicWALL NSA 240 Getting Started Guide Page 11

Before You Register
You need a MySonicWALL account to register the SonicWALL NSA appliance. You can create a new MySonicWALL account on www.mysonicwall.com or directly from the SonicWALL management interface. This section describes how to create an account by using the Website. If you already have a MySonicWALL account, go to Registering and Licensing Your Appliance on MySonicWALL - page 13 to register your appliance on MySonicWALL. You can also postpone registration until after you set up the appliance. Skip ahead to Deployment Scenarios - page 17 and register your appliance directly from the management interface once you reach Activating Licenses in SonicOS - page 40. For a High Availability (HA) configuration, you must use MySonicWALL to associate a backup unit that can share the Security Services licenses with your primary SonicWALL. If you do not yet have a MySonicWALL account, you can use MySonicWALL to register your SonicWALL appliance and activate or purchase licenses for Security Services, ViewPoint Reporting and other services, support, or software before you even connect your device. This method allows you to prepare for your deployment before making any changes to your existing network. Note that your SonicWALL NSA appliance does not need to be powered on during account creation or during the registration and licensing process on mysonicwall.com.
Page 12 Before You Register

Note: After registering a new SonicWALL appliance on
MySonicWALL, you must also register the appliance from the SonicOS management interface. This allows the unit to synchronize with the SonicWALL License Server and to share licenses with the associated appliance, if any. See Activating Licenses in SonicOS page 40.

Creating a MySonicWALL Account
To create a MySonicWALL account, perform the following steps: 1. 2. In your browser, navigate to www.mysonicwall.com. In the login screen, click the If you are not a registered user, Click here link.

Registering and Licensing Your Appliance on MySonicWALL
This section contains the following subsections: ? ? ? Product Registration - page 13 Licensing Security Services and Software - page 14 Registering a Second Appliance as a Backup - page 16

Product Registration
You must register your SonicWALL security appliance on MySonicWALL to enable full functionality. 1. 2. 3. Login to your MySonicWALL account. If you do not have an account, you can create one at www.mysonicwall.com. On the main page, type the appliance serial number in the Register A Product field. Then click Next. On the My Products page, under Add New Product, type the friendly name for the appliance, select the Product Group if any, type the authentication code into the appropriate text boxes, and then click Register. On the Product Survey page, fill in the requested information and then click Continue.

4.

3. 4. 5.

Complete the Registration form and click Register. Verify the information is correct and click Submit. In the screen confirming that your account was created, click Continue.
SonicWALL NSA 240 Getting Started Guide Page 13

Licensing Security Services and Software
The Service Management - Associated Products page in MySonicWALL lists security services, support options, and software, such as ViewPoint, that you can purchase or try with a free trial. For details, click the Info button. Your current licenses are indicated in the Status column with either a license key or an expiration date. You can purchase additional services now or at a later time.

The following products and services are available for the SonicWALL NSA 240: ? Service Bundles: ? Client/Server Anti-Virus Suite ? Comprehensive Gateway Security Suite Gateway Services: ? Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Firewall ? Global Management System ? Content Filtering: Premium Edition ? Stateful High Availability Upgrade Desktop and Server Software: ? Enforced Client Anti-Virus and Anti-Spyware ? Global VPN Client ? Global VPN Client Enterprise ? ViewPoint Support Services: ? Dynamic Support 8x5 ? Dynamic Support 24x7 ? Software and Firmware Updates

?

?

?

Page 14 Registering and Licensing Your Appliance on MySonicWALL

To manage your licenses, perform the following tasks: 1. Navigate to the My Products page. Select the registered product you want to manage. Your initial purchase may have included security services or other software bundled with the appliance. These licenses are enabled on MySonicWALL when the SonicWALL appliance is delivered to you. If you purchase a service subscription or upgrade from a sales representative separately, you will receive an Activation Key for the product. This key is emailed to you after online purchases, or is on the front of the certificate that was included with your purchase. Locate the product on the Service Management page and click Enter Key in that row. In the Activate Service page, type or paste your key into the Activation Key field and then click Submit. Depending on the product, you will see an expiration date or a license key string in the Status column when you return to the Service Management page. To license a product or service, do one of the following: ? To try a Free Trial of a service, click Try in the Service Management page. A 30-day free trial is immediately activated. The Status page displays relevant information including the activation status, expiration date, number of licenses, and links to installation instructions or other documentation. The Service Management page is also updated to show the status of the free trial. ? To purchase a product or service, click Buy Now.

5.

6.

In the Buy Service page, type the number of licenses you want in the Quantity column for either the 1-year, 2-year, or 3-year license row and then click Add to Cart. In the Checkout page, follow the instructions to complete your purchase.

2.

The MySonicWALL server will generate a license key for the product. The key is added to the license keyset. You can use the license keyset to manually apply all active licenses to your SonicWALL appliance. The service management screen will display the product you licensed with an expiration date when activation is complete.

3.

4.

SonicWALL NSA 240 Getting Started Guide Page 15

Registering a Second Appliance as a Backup
To ensure that your network stays protected if your SonicWALL appliance has an unexpected failure, you can purchase a license to associate a second SonicWALL of the same model as the first in a High Availability (HA) pair. After registering and associating the second appliance, this appliance will automatically share the Security Services licenses of the primary appliance. To register a second appliance and associate it with the primary, perform the following steps: 1. 2. 3. Login to your MySonicWALL account. On the main page, in the Register A Product field, type the appliance serial number and then click Next. On the My Products page, under Add New Product, type the friendly name for the appliance, select the Product Group if any, type the authentication code into the appropriate text boxes, and then click Register. On the Product Survey page, fill in the requested information and then click Continue. The Create Association Page is displayed. On the Create Association Page, click the radio button to select the primary unit for this association, and then click Continue. The screen only displays units that are not already associated with other appliances.

6.

7.

On the Service Management - Associated Products page, scroll down to the Associated Products section to verify that your product registered successfully. You should see the HA Primary unit listed in the Parent Product section, as well as a Status value of 0 in the Associated Products / Child Product Type section. Although the Stateful High Availability Upgrade and all the Security Services licenses can be shared with the HA Primary unit, you must purchase a separate ViewPoint license for the backup unit. This will ensure that you do not miss any reporting data in the event of a failover. Under Desktop & Server Software, click Buy Now for ViewPoint. Follow the instructions to complete the purchase.

To return to the Service Management - Associated Products page, click the serial number link for this appliance. For information on configuring an HA pair, see Scenario B: HA Pair in NAT/Route Mode section, on page 24.

4.

5.

Page 16

Deployment Scenarios

4

In this Section:
This section provides detailed overviews of advanced deployment scenarios as well as configuration instructions for connecting your SonicWALL NSA 240.

? ?

Initializing the SonicWALL - page 18 Selecting a Deployment Scenario - page 19 ? Scenario A: NAT/Route Mode Gateway - page 20 ? Scenario B: HA Pair in NAT/Route Mode - page 24 ? Scenario C: L2 Bridge Mode - page 31

Tip: Before completing this section, fill out the information in Obtaining Configuration Information - page 3. You will need to enter this
information during the Setup Wizard.

SonicWALL NSA 240 Getting Started Guide Page 17

Initializing the SonicWALL
To begin deployment of your SonicWALL NSA 240 appliance, first insert the WWAN PC card and then apply power to the appliance.

Applying Power
1. Connect the AC plug to the power supply.

Inserting the WWAN PC Card
Before inserting the WWAN PC card into your SonicWALL NSA 240 appliance, be sure your WWAN PC card is activated and unlocked. If you are not sure whether your card is unlocked or not, contact the PC card vendor to verify. 2. Plug one end of the power supply to the back of the SonicWALL NSA 240.

Alert: Do not insert or remove the WWAN PC card while the
SonicWALL NSA 240 is powered on. 1. 2. Ensure that the SonicWALL NSA 240 is not connected to a power source. Insert your WWAN PC card “face up” into the PC CARD slot on the left side of the SonicWALL NSA 240 appliance. The card should sit firmly in place.

Warning: SonicWALL power supplies are platform specific.
Do not use power supplies from other SonicWALL platforms, such as the SonicWALL TZ 190. 3. Connect the AC plug to an appropriate power outlet.

3

5

6

Power

To AC power

WWAN signal link/act

wan M0 opt signal
link/act

X0

X1

X2

X3

X4

X5

X6

X7

X8

link/act link/spd 10/100 activity
lan wan

The Power LED on the front panel lights up blue when you plug in the SonicWALL NSA. The Test LED will light up and may blink while the appliance performs a series of diagnostic tests.
NSA190 TZ 240

When the Power LED is lit and the Test LED is no longer lit, the SonicWALL NSA 240 is ready for configuration. This typically occurs within a few minutes of applying power to the appliance. If the Test LED remains lit after the SonicWALL NSA appliance has been booted, restart the appliance by cycling power.
Page 18 Initializing the SonicWALL

Selecting a Deployment Scenario
Before continuing, select a deployment scenario that best fits your network scheme. Reference the table below and the diagrams on the following pages for help in choosing a scenario.
Current Gateway Configuration No gateway appliance New Gateway Configuration Single SonicWALL NSA as a primary gateway. Pair of SonicWALL NSA appliances for high availability. Existing Internet gateway appliance SonicWALL NSA as replacement for an existing gateway appliance. SonicWALL NSA in addition to an existing gateway appliance. Existing SonicWALL NSA 240 gateway appliance SonicWALL NSA in addition to an existing SonicWALL NSA gateway appliance. Use Scenario A - NAT/Route Mode Gateway B - NAT with HA Pair A - NAT/Route Mode Gateway C - Layer 2 Bridge Mode B - NAT with HA Pair

NAT/Route Mode Gateway

NAT with HA Pair

Layer 2 Bridge Mode

A

Internet

Internet

WAN

WWAN

SonicWALL NSA
M0 X0 X1 X2 X3 X4 X5 X6 X7 X8

B
M0 X0 X1 X2 X3 X4 X5 X6 X7 X8 link/spd activity

C
NSA 240
M0 X0 X1 X2 X3 X4 X5 X6 X7 X8 link/spd activity

NSA 240

NSA 240

lan wan

SonicWALL NSA 240 Getting Started Guide Page 19

Scenario A: NAT/Route Mode Gateway
In this scenario, the SonicWALL NSA 240 is configured in NAT/Route mode to operate as a single network gateway. Two Internet sources may be routed through the SonicWALL appliance for load balancing and failover purposes. Because only a single SonicWALL appliance is deployed, the added benefits of high availability with a stateful synchronized pair are not available.

A

Internet

Internet

WAN

WWAN

SonicWALL NSA
M0 X0 X1 X2 X3 X4 X5 X6 X7 X8

NSA 240

Page 20 Scenario A: NAT/Route Mode Gateway

This section provides initial configuration instructions for connecting your SonicWALL NSA 240. Follow these steps if you are setting up Scenario A. This section contains the following subsections: ? Connecting the WAN Port - page 21 ? Connecting the LAN Port - page 21 ? Accessing the Management Interface - page 21 ? Troubleshooting Initial Setup - page 22 ? Connecting to Your Network - page 23 ? Testing Your Connection - page 23

Connecting the LAN Port
1. Connect one end of the provided Ethernet cable to the computer you are using to manage the SonicWALL NSA appliance. Connect the other end of the cable to the X0 port on your SonicWALL NSA appliance. The Link LED above the X0 (LAN) port will light up in green or amber depending on the link throughput speed, indicating an active connection: - Amber indicates 1 Gbps - Green indicates 100 Mbps - Unlit while the right (activity) LED is illuminated indicates 10 Mbps

2.

Connecting the WAN Port
1. 2. Connect one end of an Ethernet cable to your Internet connection. Connect the other end of the cable to the X1 (WAN) port on your SonicWALL NSA Series appliance.
SonicWALL NSA 240
M0 signal link/act X0 X1 X2 X3 X4 X5 X6 X7 X8 link/spd lan wan activity

Accessing the Management Interface
The computer you use to manage the SonicWALL NSA Series must be set up to have an unused IP address on the 192.168.168.x/24 subnet, such as 192.168.168.20.

NSA 240

Internet

X0 X1 Management Station

To access the SonicOS Enhanced Web-based management interface: 1. Start your Web browser. Remember to disable pop-up blocking software or add the management IP address http://192.168.168.168 to your pop-up blocker’s allow list. 2. Enter http://192.168.168.168 (the default LAN management IP address) in the Location or Address field.

SonicWALL NSA 240 Getting Started Guide Page 21

3.

The SonicWALL Setup Wizard launches and guides you through the configuration and setup of your SonicWALL NSA appliance.

Troubleshooting Initial Setup
If you cannot connect to the SonicWALL NSA appliance or the Setup Wizard does not display, verify the following configurations: ? Did you correctly enter the management IP address in your Web browser? ? Are the Local Area Connection settings on your computer set to use DHCP or set to a static IP address on the 192.168.168.x/24 subnet? ? Do you have the Ethernet cable connected to your computer and to the X0 (LAN) port on your SonicWALL? ? Is the connector clip on your network cable properly seated in the port of the security appliance?

Note: Some pop-up blockers may prevent the launch of the
Setup Wizard. You can temporarily disable your pop-up blocker, or add the management IP address of your SonicWALL (192.168.168.168 by default) to your pop-up blocker's allow list. The Setup Wizard launches only upon initial loading of the SonicWALL NSA management interface. You may also access the wizard by clicking on the Wizards icon in the toolbar. Follow the on-screen prompts to complete the Setup Wizard. Depending on the changes made during your setup configuration, the SonicWALL may restart.

4.

Page 22 Scenario A: NAT/Route Mode Gateway

Connecting to Your Network
Internet

Testing Your Connection
1. After you exit the Setup Wizard, the login page reappears. Log back into the management interface and verify your IP and WAN connection. Ping a host on the Internet, such as sonicwall.com. Open another Web browser and navigate to: <http://www.sonicwall.com> If you can view the SonicWALL home page, you have configured your SonicWALL NSA appliance correctly. If you cannot view the SonicWALL home page, renew your management station DHCP address. If you still cannot view a Web page, try one of these solutions: ? Restart your Management Station to accept new network settings from the DHCP server in the SonicWALL security appliance. ? Restart your Internet Router to communicate with the DHCP Client in the SonicWALL security appliance.

SonicWALL NSA 240 WWAN
M0 X0 X1 X2 X3 X4 X5 X6 X7 X8

NSA 240

X1

Internet

2. 3.

4. The SonicWALL NSA 240 ships with the internal DHCP server active on the LAN port. However, if a DHCP server is already active on your LAN, the SonicWALL will disable its own DHCP server to prevent conflicts. Ports X1 and X0 are preconfigured as WAN and LAN. The remaining ports (X2-X8) can be configured to meet the needs of your network. As an example, zones in the example above are configured as: X1: WAN, X2: LAN, X3: WLAN, and X5: DMZ.

Next... Continue to Verifying Your Connection section, on
page 35 to verify your WWAN connection.

SonicWALL NSA 240 Getting Started Guide Page 23

Scenario B: HA Pair in NAT/Route Mode
For network installations with two SonicWALL NSA 240 appliances configured as a stateful synchronized pair for redundant high availability networking. In this scenario, one SonicWALL NSA 240 operates as the primary gateway device and the other SonicWALL NSA 240 is in passive mode. All network connection information is synchronized between the two devices so that the backup appliance can seamlessly switch to active mode without dropping any connections if the primary device loses connectivity.

B
SonicWALL NSA 1
M0 X0 X1 X2 X3 X4 X5 X6 X7 X8 link/spd activity

NSA 240

Internet

lan wan

Page 24 Scenario B: HA Pair in NAT/Route Mode

This section provides instructions for configuring a pair of SonicWALL NSA appliances for High Availability (HA). This section is relevant to administrators following deployment Scenario B.

Initial HA Setup
Before you begin the configuration of HA on the Primary SonicWALL security appliance, perform the following setup: 1. On the back panel of the Backup SonicWALL security appliance, locate the serial number and write the number down. You need to enter this number in the High Availability > Settings page. Verify that the Primary SonicWALL and Backup SonicWALL security appliances are registered, running the same SonicOS Enhanced versions, and running the same SonicWALL Security services. Make sure the Primary SonicWALL and Backup SonicWALL security appliances’ LAN, WAN and other interfaces are properly configured for failover. Connect the X8 ports on the Primary SonicWALL and Backup SonicWALL appliances with a CAT 5 Ethernet cable. The Primary and Backup SonicWALL security appliances must have a dedicated connection. Power up the Primary SonicWALL security appliance, and then power up the Backup SonicWALL security appliance. Do not make any configuration changes to the Primary’s X8; the High Availability configuration in an upcoming step takes care of this issue.

Note: High Availability is supported for two SonicWALL NSA
appliances of the same model. 2. This section contains the following subsections: ? ? ? ? ? ? Initial HA Setup - page 25 Configuring HA - page 26 Configuring Advanced High Availability Settings - page 26 Synchronizing Settings - page 28 Configuring HA License Overview - page 29 Associating Pre-Registered Appliances - page 30

3.

4.

5. 6.

SonicWALL NSA 240 Getting Started Guide Page 25

Configuring HA
The first task in setting up HA after initial setup is configuring the High Availability > Settings page on the Primary SonicWALL security appliance. Once you configure HA on the Primary SonicWALL security appliance, it communicates the settings to the Backup SonicWALL security appliance. To configure HA on the Primary SonicWALL, perform the following steps: 1. 2. 3. Navigate to the High Availability > Settings page. Select the Enable High Availability checkbox. Under SonicWALL Address Settings, type in the serial number for the Backup SonicWALL appliance. You can find the serial number on the back of the SonicWALL security appliance, or in the System > Status screen of the backup unit. The serial number for the Primary SonicWALL is automatically populated. Click Apply to retain these settings.

Configuring Advanced High Availability Settings
1. 2. Navigate to the High Availability > Advanced page. To configure Stateful HA, select Enable Stateful Synchronization. A dialog box is displayed with recommended settings for the Heartbeat Interval and Probe Interval fields. The settings it shows are minimum recommended values. Lower values may cause unnecessary failovers, especially when the SonicWALL is under a heavy load. You can use higher values if your SonicWALL handles a lot of network traffic. Click OK.

Tip: Preempt mode is recommended to be disabled after
enabling Stateful Synchronization. This is because preempt mode can be over-aggressive about failing over to the backup appliance. 3. To backup the firmware and settings when you upgrade the firmware version, select Generate/Overwrite Backup Firmware and Settings When Upgrading Firmware. Select the Enable Virtual MAC checkbox. Virtual MAC allows the Primary and Backup appliances to share a single MAC address. This greatly simplifies the process of updating network ARP tables and caches when a failover occurs. Only the WAN switch to which the two appliances are connected to needs to be notified. All outside devices will continue to route to the single shared MAC address.

4.

4.

Page 26

5.

6.

The Heartbeat Interval controls how often the two units communicate. The default is 5000 milliseconds; the minimum recommended value is 1000 milliseconds. Less than this may cause unnecessary failovers, especially when the SonicWALL is under a heavy load. Typically, SonicWALL recommends leaving the Heartbeat Interval, Election Delay Time (seconds), and Dynamic Route Hold-Down Time fields to their default settings. These fields can be tuned later as necessary for your specific network environment: - The Failover Trigger Level sets the number of heartbeats that can be missed before failing over. By default, this is set to 5 missed heartbeats. - The Election Delay Time is the number of seconds allowed for internal processing between the two units in the HA pair before one of them takes the primary role. - The Probe Level sets the interval in seconds between communication with upstream or downstream systems. The default is 20 seconds, and the allowed range is 5 to 255 seconds. You can set the Probe IP Address(es) on the High Availability > Monitoring screen.

The Dynamic Route Hold-Down Time setting is used when a failover occurs on a HA pair that is using either RIP or OSPF dynamic routing, and it is only displayed when the Advanced Routing option is selected on the Network > Routing page. When a failover occurs, Dynamic Route Hold-Down Time is the number of seconds the newly-active appliance keeps the dynamic routes it had previously learned in its route table. During this time, the newly-active appliance relearns the dynamic routes in the network. When the Dynamic Route Hold-Down Time duration expires, it deletes the old routes and implements the new routes it has learned from RIP or OSPF. The default value is 45 seconds. In large or complex networks, a larger value may improve network stability during a failover. 7. Select the Include Certificates/Keys checkbox to have the appliances synchronize all certificates and keys. 8. Click Synchronize Settings to synchronize the settings between the Primary and Backup appliances. 9. Click Synchronize Firmware if you previously uploaded new firmware to your Primary unit while the Secondary unit was offline, and it is now online and ready to upgrade to the new firmware. Synchronize Firmware is typically used after taking your Secondary appliance offline while you test a new firmware version on the Primary unit before upgrading both units to it. 10. Click Apply to retain the settings on this screen.

-

SonicWALL NSA 240 Getting Started Guide Page 27

Synchronizing Settings
Once you have configured the HA settings on the Primary SonicWALL security appliance, it will automatically synchronize the settings to the Backup unit, causing the Backup to reboot. You do not need to click the Synchronize Settings button. However, if you later choose to do a manual synchronization of settings, click the Synchronize Settings button. You will see a HA Peer Firewall has been updated notification at the bottom of the management interface page. Also note that the management interface displays Logged Into: Primary SonicWALL Status: (green ball) Active in the upper-righthand corner. By default, the Include Certificate/Keys setting is enabled. This specifies that certificates, certificate revocation lists (CRL), and associated settings are synchronized between the Primary and Backup units. When local certificates are copied to the Backup unit, the associated private keys are also copied. Because the connection between the Primary and Backup units is typically protected, this is generally not a security concern.

To verify that Primary and Backup SonicWALL security appliances are functioning correctly, wait a few minutes, then trigger a test failover by logging into the Primary unit and doing a restart. The Backup SonicWALL security appliance should quickly take over. From your management workstation, test connectivity through the Backup SonicWALL by accessing a site on the public Internet – note that the Backup SonicWALL, when active, assumes the complete identity of the Primary, including its IP addresses and Ethernet MAC addresses. Log into the Backup SonicWALL’s unique LAN IP address. The management interface should now display Logged Into: Backup SonicWALL Status: (green ball) Active in the upperright-hand corner. Now, power the Primary SonicWALL back on, wait a few minutes, then log back into the management interface. If stateful synchronization is enabled (automatically disabling preempt mode), the management GUI should still display Logged Into: Backup SonicWALL Status: (green ball) Active in the upper-right-hand corner. If you are using the Monitor Interfaces feature, experiment with disconnecting each monitored link to ensure correct configuration.

Tip: A compromise between the convenience of
synchronizing certificates and the added security of not synchronizing certificates is to temporarily enable the Include Certificate/Keys setting and manually synchronize the settings, and then disable Include Certificate/Keys.

Page 28

Configuring HA License Overview
You can configure HA license synchronization by associating two SonicWALL security appliances as HA Primary and HA Secondary on MySonicWALL. Note that the Backup appliance of your HA pair is referred to as the HA Secondary unit on MySonicWALL.
X1 (WAN)
M0 X0 X1 X2 X3 X4 X5 X6 X7 X8

License synchronization is used during HA so that the Backup appliance can maintain the same level of network protection provided before the failover. To enable HA, you can use the SonicOS UI to configure your two appliances as a HA pair in Active/Idle mode. MySonicWALL provides several methods of associating the two appliances. You can start by registering a new appliance, and then choosing an already-registered unit to associate it with. You can associate two units that are both already registered. Or you can select a registered unit and then add a new appliance with which to associate it.

Internet

SonicWALL

Note: After registering new SonicWALL appliances on
MySonicWALL, you must also register each appliance from the SonicOS management interface by clicking the registration link on the System > Status page. This allows each unit to synchronize with the SonicWALL license server and share licenses with the associated appliance.

You must purchase a single set of security services licenses for the HA Primary appliance. To use Stateful HA, you must first activate the Stateful High Availability Upgrade license for the primary unit in SonicOS. This is automatic if your appliance is connected to the Internet. See Registering and Licensing Your Appliance on MySonicWALL - page 13.

SonicWALL NSA 240 Getting Started Guide Page 29

Associating Pre-Registered Appliances
To associate two already-registered SonicWALL security appliances so that they can use HA license synchronization, perform the following steps: 1. 2. Login to MySonicWALL and click My Products. On the My Products page, under Registered Products, scroll down to find the appliance that you want to use as the parent, or primary, unit. Click the product name or serial number. On the Service Management - Associated Products page, scroll down to the Associated Products section. Under Associated Products, click HA Secondary. On the My Product - Associated Products page, in the text boxes under Associate New Products, type the serial number and the friendly name of the appliance that you want to associate as the child/secondary/backup unit. Select the group from the Product Group drop-down list. The product group setting specifies the MySonicWALL users who can upgrade or modify the appliance. Click Register. Continue to Additional Deployment Configuration page 47.

Note: For additional reference, refer to the SonicOS
Enhanced High Availability License Sync product guide at: <http://www.sonicwall.com/us/Support.html>

Next... Continue to the Verifying Your Connection section,
on page 35 to verify your WWAN connection.

3. 4. 5.

6.

7. 8.

Page 30

Scenario C: L2 Bridge Mode
For network installations where the SonicWALL NSA 240 is running in tandem with an existing network gateway. In this scenario, the original gateway is maintained. The SonicWALL NSA 240 is integrated seamlessly into the existing network, providing the benefits of deep packet inspection and comprehensive security services on all network traffic. L2 Bridge Mode employs a secure learning bridge architecture, enabling it to pass and inspect traffic types that cannot be handled by many other methods of transparent security appliance integration. Using L2 Bridge Mode, a SonicWALL security appliance can be non-disruptively added to any Ethernet network to provide in-line deep packet inspection for all traversing IPv4 TCP and UDP traffic. L2 Bridge Mode can pass all traffic types, including IEEE 802.1Q VLANs, Spanning Tree Protocol, multicast, broadcast, and IPv6.

C
SonicWALL NSA
M0 X0 X1 X2 X3 X4 X5 X6 X7 X8 link/spd activity

Network Gateway

L2 Bridge Link
NSA 240

LAN

Internet or LAN Segment 2

SonicWALL NSA 240 Getting Started Guide Page 31

This section provides instructions to configure the SonicWALL NSA appliance in tandem with an existing Internet gateway device. This section is relevant to users following deployment Scenario C. This section contains the following subsections: ? Connection Overview - page 32 ? Configuring the Primary Bridge Interface - page 32 ? Configuring the Secondary Bridge Interface - page 33

Configuring the Primary Bridge Interface
The primary bridge interface is your existing Internet gateway device. The only step involved in setting up your primary bridge interface is to ensure that the WAN interface is configured for a static IP address. You will need this static IP address when configuring the secondary bridge.

Note: The primary bridge interface must have a static IP
assignment.

Connection Overview
Connect the X1 port on your SonicWALL NSA 240 to the LAN port on your existing Internet gateway device. Then connect the X0 port on your SonicWALL to your LAN.
Network Gateway

SonicWALL NSA
M0 X0 X1 X2 X3 X4 X5 X6 X7 X8 link/spd activity

LAN
Internet or LAN Segment 2
NSA 240

L2 Bridge Link

Page 32 Scenario C: L2 Bridge Mode

Configuring the Secondary Bridge Interface
Complete the following steps to configure the SonicWALL appliance: 1. 2. Navigate to Network > Interfaces. Click the Configure icon in the right column of the X0 (LAN) interface.

Note: Do not enable Never route traffic on the bridge-pair
unless your network topology requires that all packets entering the L2 Bridge remain on the L2 Bridge segments. You may optionally enable the Block all non-IPv4 traffic setting to prevent the L2 bridge from passing non-IPv4 traffic.

Next... Continue to Verifying Your Connection section, on
page 35 to verify your WWAN connection.

3. 4. 5. 6.

In the IP Assignment drop-down list, select Layer 2 Bridge Mode. In the Bridged to drop-down list, select the X1 interface. Configure management options (HTTP, HTTPS, Ping, SNMP, SSH, User logins, or HTTP redirects). Click OK.

SonicWALL NSA 240 Getting Started Guide Page 33

Page 34 Scenario C: L2 Bridge Mode

Verifying Your Connection

5

In this Section:
This section provides instructions to ensure proper connectivity of your SonicWALL NSA 240 appliance.

? ? ? ? ?

Verifying Management Interface Connectivity - page 36 Verifying WAN (Internet) Connectivity - page 37 Viewing the WWAN Connection Status - page 37 Managing the WWAN Connection Status - page 38 Verifying WWAN Failover Functionality - page 38

SonicWALL NSA 240 Getting Started Guide Page 35

Verifying Management Interface Connectivity
1. If your SonicWALL did not require a restart, skip to the Verifying WAN (Internet) Connectivity section, on page 37. Otherwise, continue with step 2. Wait for the SonicWALL NSA 240 to reboot. When the Test LED is no longer lit, the SonicWALL NSA 240 is ready for login. If the login page does not display after reboot, open a Web browser on the computer and manually navigate to the LAN IP address of your SonicWALL NSA 240. Using your new username and password, login to the appliance.

If the System > Security Dashboard page (shown below) displays, then you have correctly configured the SonicWALL NSA 240 to work with the computer on your LAN. Complete the next section to verify WAN (Internet) connectivity.

2.

3.

4.

Page 36 Verifying Management Interface Connectivity

Verifying WAN (Internet) Connectivity
Complete the following steps to confirm your Internet connectivity. 1. 2. 3. In the Windows interface of a computer connected to the LAN port, select Start > Run. Enter “cmd” in the Open field and click the OK button. At the prompt, type the command “ping www.sonicwall.com” and press Enter on the keyboard.

Viewing the WWAN Connection Status
The Network > Interfaces page allows you to view the current WWAN connection status. 1. 2. 3. Log into the SonicWALL NSA 240 appliance management interface. Navigate to Network > Interfaces. In the Interface Settings section, the WWAN interface line displays the current status as follows:

The following messages describe the status of the WWAN interface:
On hook Indicates that the WWAN card is present but not yet connected. Indicates that the WWAN card is associated and currently attempting a connection to the WWAN network. Indicates an active connection.

4.

If the ping times out, you may have to renew your computer’s IP address. If the ping is successful, use your Web browser to navigate to a Website, such as: <http://www.sonicwall.com/> If the Website displays, your SonicWALL NSA 240 is configured correctly as your gateway device.

Connected and starting PPP authentication Connected

SonicWALL NSA 240 Getting Started Guide Page 37

Managing the WWAN Connection Status
The Connection Manager window allows you to connect, disconnect, and view current WWAN connection status. 1. 2. In the SonicWALL NSA 240 appliance management interface, navigate to Network > Interfaces. In the Interface Settings section, under WWAN, click the Manage button.

Verifying WWAN Failover Functionality
Internet

SonicWALL NSA 240 WWAN
M0 X0 X1 X2 X3 X4 X5 X6 X7 X8

NSA 240

X1

Internet

3.

The Connection Manager windows displays your connection status. Complete the following steps to confirm your WWAN Internet connectivity. 1. 2. Unplug your appliance’s WAN port (if you plugged it in during the initial setup). Wait a few moments for the NSA 240 to failover to the WWAN for Internet connectivity. Refer to the front panel of the appliance to see when the WWAN PC card shows activity. Launch a Website, such as <http://www.sonicwall.com> in a browser, using a computer that is connected to the SonicWALL NSA 240 appliance and using the SonicWALL as its sole Internet connection.

4.

If the Connection Manager shows “disconnected,” click the Connect button. You will connect to a network if one is available.

3.

If the Website displays, your SonicWALL NSA 240 is operational and connected to a valid WWAN service provider account. Remember to plug the WAN back in if you wish to use WWAN as a failover.
Page 38 Managing the WWAN Connection Status

Enabling Essential Security Services

6

In this Section:
Security services are an essential component of a secure network deployment. This section provides instructions for registering and enabling security services on your SonicWALL NSA 240 appliance.

? ? ?

Activating Licenses in SonicOS - page 40 Enabling Security Services in SonicOS - page 40 Applying Security Services to Network Zones - page 46

SonicWALL NSA 240 Getting Started Guide Page 39

Activating Licenses in SonicOS
After completing the registration process in SonicOS, you must perform the following tasks to activate your licenses and enable your licensed services from within the SonicOS user interface: ? ? ? Activate licenses Enable security services Apply services to network zones

To activate licenses in SonicOS: 1. 2. Navigate to the System > Licenses page. Under Manage Security Services Online do one of the following: ? Enter your MySonicWALL credentials, then click the Synchronize button to synchronize licenses with MySonicWALL. ? Paste the license keyset into the Manual Upgrade Keyset field. Click Submit.

To activate licensed services in SonicOS, you can enter the license keyset manually, or you can synchronize all licenses at once with MySonicWALL. The Setup Wizard automatically synchronizes all licenses with MySonicWALL if the appliance has Internet access during initial setup. If initial setup is already complete, you can synchronize licenses from the System > Licenses page. Manual upgrade using the license keyset is useful when your appliance is not connected to the Internet. The license keyset includes all license keys for services or software enabled on MySonicWALL. It is available on <http://www.sonicwall.com> at the top of the Service Management page for your SonicWALL NSA appliance.

3.

Enabling Security Services in SonicOS
SonicWALL security services are key components of threat management in SonicOS. The core security services are Gateway Anti-Virus, Intrusion Prevention Services, and AntiSpyware. You must enable each security service individually in the SonicOS user interface. See the following procedures to enable and configure the three security services that must be enabled: ? ? ? ? Enabling Gateway Anti-Virus - page 41 Enabling Intrusion Prevention Services - page 42 Enabling Anti-Spyware - page 43 Enabling Content Filtering Service - page 44

Page 40 Activating Licenses in SonicOS

Enabling Gateway Anti-Virus
To enable Gateway Anti-Virus in SonicOS: 1. Navigate to the Security Services > Gateway Anti-Virus page. Select the Enable Gateway Anti-Virus checkbox.

3.

4.

2.

Select the Enable Inbound Inspection checkboxes for the protocols to inspect. By default, SonicWALL GAV inspects all inbound HTTP, FTP, IMAP, SMTP and POP3 traffic. CIFS/NetBIOS can optionally be enabled to allow access to shared files. Generic TCP Stream can optionally be enabled to inspect all other TCP based traffic, such as nonstandard ports of operation for SMTP and POP3, and IM and P2P protocols.

5.

Enabling Outbound Inspection for SMTP scans mail for viruses before it is delivered to an internally hosted SMTP server. For each protocol you can restrict the transfer of files with specific attributes by clicking on the Settings button under the protocol. In the Settings dialog box, you can configure the following: ? Restrict Transfer of password-protected Zip files Disables the transfer of password protected ZIP files over any enabled protocol. This option only functions on protocols that are enabled for inspection. ? Restrict Transfer of MS-Office type files containing macros (VBA 5 and above) - Disables the transfers of any MS Office files that contain VBA macros. ? Restrict Transfer of packed executable files (UPX, FSG, etc.) - Disables the transfer of packed executable files. Packers are utilities that compress and encrypt executables. Although there are legitimate applications for these, they can be used with the intent of obfuscation, and can make the executables less detectable by anti-virus applications. The packer adds a header that expands the file in memory, and then executes that file. SonicWALL Gateway Anti-Virus currently recognizes the most common packed formats: UPX, FSG, PKLite32, Petite, and ASPack, Click Configure Gateway AV Settings. The Gateway AV Settings window allows you to configure clientless notification alerts and create a SonicWALL GAV exclusion list.

SonicWALL NSA 240 Getting Started Guide Page 41

Enabling Intrusion Prevention Services
To enable Intrusion Prevention Services in SonicOS: 1. Navigate to the Security Services > Intrusion Prevention page. Select the Enable Intrusion Prevention checkbox.

Select the Disable SMTP Responses box to suppress the sending of email messages to clients from SonicWALL GAV when a virus is detected in an email or attachment. 7. Select Enable HTTP Clientless Notification Alerts and customize the message to be displayed when GAV detects a threat from the HTTP server. 8. Select Enable Gateway AV Exclusion List and then click Add to define a range of IP addresses whose traffic will be excluded from SonicWALL GAV scanning. 9. When finished in the Add GAV Range dialog box, click OK. 10. In the Gateway AV Config View window, click OK. 11. In the Security Services > Gateway Anti-Virus page, click Accept.
Page 42 Enabling Security Services in SonicOS

6.

2.

In the Signature Groups table, select the Prevent All and Detect All checkboxes for each attack priority that you want to prevent. Selecting the Prevent All and Detect All check boxes for High Priority Attacks and Medium Priority Attacks protects your network against the most dangerous and disruptive attacks.

3.

4.

5.

6. 7. 8.

To log all detected attacks, leave the Log Redundancy Filter field set to zero. To enforce a delay between log entries for detections of the same attack, enter the number of seconds to delay. Click Configure IPS Settings to enable IP packet reassembly before inspection and create a SonicWALL IPS exclusion list. In the IPS Config View window, select Enable IPS Exclusion List and then click Add to define a range of IP addresses whose traffic will be excluded from SonicWALL IPS scanning. When finished in the Add IPS Range dialog box, click OK. In the IPS Config View window, click OK. In the Security Services > Intrusion Prevention page, click Accept.

Enabling Anti-Spyware
To enable Anti-Spyware in SonicOS: 1. Navigate to the Security Services > Anti-Spyware page. Select the Enable Anti-Spyware checkbox.

2.

In the Signature Groups table, select the Prevent All and Detect All checkboxes for each spyware danger level that you want to prevent.

SonicWALL NSA 240 Getting Started Guide Page 43

3.

To log all spyware attacks, leave the Log Redundancy Filter field set to zero. To enforce a delay between log entries for detections of the same attack, enter the number of seconds to delay. 4. Click Configure Anti-Spyware Settings to configure clientless notification alerts and create a SonicWALL AntiSpyware exclusion list. 5. Select the Disable SMTP Responses box to suppress the sending of email messages to clients from SonicWALL Anti-Spyware when spyware is detected in an email or attachment. 6. Select Enable HTTP Clientless Notification Alerts and customize the message to be displayed in the browser when SonicWALL Anti-Spyware detects a threat from the HTTP server. 7. Select Enable Anti-Spyware Exclusion List and then click Add to define a range of IP addresses whose traffic will be excluded from SonicWALL Anti-Spyware scanning. 8. When finished in the Add Anti-Spyware Range dialog box, click OK. 9. In the Anti-Spyware Config View window, click OK. 10. Select the Enable Inbound Inspection checkboxes for the protocols to inspect. By default, SonicWALL GAV inspects all inbound HTTP, FTP, IMAP, SMTP, and POP3 traffic. 11. Select the Enable Inspection of Outbound Communication checkbox to enable scanning of traffic that originates internally. 12. On the Security Services > Anti-Spyware page, click Accept.

Enabling Content Filtering Service
The default Content Filtering Service (CFS) policy is available with or without a CFS subscription. The Security Services > Content Filter page provides links to purchase a license or get a free trial, and displays subscription status and basic configuration settings.

Page 44 Enabling Security Services in SonicOS

You can enforce or disable content filtering on each zone from the Network > Zones page, as described in the Applying Security Services to Network Zones section, on page 46. With a valid CFS subscription, you can create custom CFS policies and apply them to network zones or to groups of users. For example, a school could create one policy for teachers and another for students. For complete information about activating and configuring SonicWALL CFS, see the SonicWALL Content Filtering Service Premium Administrator’s Guide or SonicWALL Content Filtering Service Standard Administrator’s Guide. Content Filtering Service (CFS) Bypass for Administrators The Do not bypass CFS blocking for the administrator checkbox controls content filtering for administrators. By default, when the administrator (“admin” user) is logged into the SonicOS management interface from a system, CFS blocking is suspended for that system’s IP address for the duration of the authenticated session. If you prefer to provide content filtering and apply CFS policies to the IP address of the administrator’s system, perform the following steps: 1. 2. Select the Do not bypass CFS blocking for the Administrator checkbox. Click Accept.

Enabling and Adding to the CFS Exclusion List To enable the CFS Exclusion List and add a range of IP addresses to it, perform the following steps: 1. 2. 3. Select the Enable CFS Exclusion List checkbox. Click Add. The Add CFS Range Entry window is displayed. Enter the first IP address in the excluded range into the IP Address From: field and the last address into the IP Address To: field. Click OK. The IP address range is added to the CFS Exclusion List. On the Security Services > Content Filter page, click Accept.

4. 5.

Disabling, Editing, or Deleting Addresses from the CFS Exclusion List You can temporarily disable CFS exclusions without removing all entries from the list. You can also delete some or all IP address ranges from the CFS Exclusion List. 1. To keep the CFS Exclusion List entries, but temporarily allow content filtering policies to be applied to these IP addresses, uncheck the Enable CFS Exclusion List checkbox. This disables CFS exclusions. To edit a trusted domain entry, click the pencil icon in the Configure column. To delete an individual trusted domain from the CFS Exclusion List, click the Delete icon for the entry in the Configure column.
SonicWALL NSA 240 Getting Started Guide Page 45

2. 3.

4. 5.

To delete all trusted domains from the CFS Exclusion List, click Delete All. On the Security Services > Content Filter page, click Accept.

5. 6.

Click OK. To enable security services on other zones, repeat steps 2 through step 4 for each zone.

Applying Security Services to Network Zones
A network zone is a logical group of one or more interfaces to which you can apply security rules to regulate traffic passing from one zone to another zone. Security services such as Gateway Anti-Virus are automatically applied to the LAN and WAN network zones. To protect other zones such as the DMZ or Wireless LAN (WLAN), you must apply the security services to the network zones. For example, you can configure SonicWALL Intrusion Prevention Service for incoming and outgoing traffic on the WLAN zone to add more security for internal network traffic. To apply services to network zones: 1. 2. 3. Navigate to the Network > Zones page. In the Zone Settings table, click the Configure icon for the zone where you want to apply security services. In the Edit Zone dialog box on the General tab, select the checkboxes for the security services to enable on this zone. On the Edit Zone page, select the checkboxes for the security services that you want to enable.

4.

Page 46 Applying Security Services to Network Zones

Additional Deployment Configuration

7

In this Section:
This section provides basic configuration information to begin building network security policies for your deployment. This section also contains several SonicOS diagnostic tools and a deployment configuration reference checklist.

? ? ? ? ? ? ? ? ?

Manually Configuring WWAN Failover - page 48 Configuring Additional Interfaces - page 48 Configuring PortShield Interfaces - page 52 Creating Network Access Rules - page 52 Creating a NAT Policy - page 55 Upgrading Firmware on Your SonicWALL - page 58 Deploying SonicPoints for Wireless Access - page 61 Troubleshooting Diagnostic Tools - page 66 Deployment Configuration Reference Checklist - page 70

SonicWALL NSA 240 Getting Started Guide Page 47

Manually Configuring WWAN Failover
To manually configure WWAN Failover: 1. 2. Navigate to the WWAN > Connection Profiles page. Under Connection Profiles, click Add. On the General tab, specify Country, Service Provider, and Plan Type. Click OK.

Configuring Additional Interfaces
The SonicOS Enhanced Web-based management interface allows you to configure two ports as WAN interfaces. Port X1 is preconfigured as the WAN. You have the option of choosing another port (X2-X8) to configure as a second WAN interface. To configure a second WAN interface: 1. 2. Click the Configure icon of the port you wish to configure as the second WAN interface. In the Zone list, select WAN. Specify the settings for this interface. Click OK when you are finished.

Note: If you are unsure about your Plan Type, select
Standard. 3. 4. Next, navigate to the Network > Interfaces page. Verify the WAN Connection Model is set to Ethernet with WWAN Failover.

Note: If you WWAN service plan is bandwidth/time limited,
enable Configure Data Usage Limiting to stay within your plan’s limitations.

Page 48 Manually Configuring WWAN Failover

Note: For more information regarding WAN Interfaces, see
the SonicOS Enhanced Administrator’s Guide Configuring Interfaces section.

Activating WAN Failover and Selecting the Load Balancing Method
To configure the SonicWALL for WAN failover and load balancing, follow the steps below: 1. On the Network > WAN Failover & LB page, select Enable Load Balancing.

SonicWALL NSA 240 Getting Started Guide Page 49

2.

3.

If there are multiple possible secondary WAN interfaces, select an interface from the Secondary WAN Ethernet Interface. Select a load balancing method. By default, the SonicWALL will select Basic Active/Passive Failover as a method, but there are four load balancing methods available:

?

?

?

?

Note: For more information regarding WAN Failover and
Load Balancing, see the SonicOS Enhanced Administrator’s Guide. 4.

Basic Active/Passive Failover—Sends traffic through the Secondary WAN interface if the Primary WAN interface has been marked inactive. This item has an associated Preempt and fail back to Primary WAN when possible checkbox. When selected, the SonicWALL security appliance switches back to sending its traffic across the Primary WAN interface when it resumes responding to the SonicWALL security appliance’s checks. Per Destination Round-Robin—Load balances outgoing traffic on a per-destination basis. This is a simple load balancing method that allows you to utilize both links in a basic fashion. Spillover-Based—When this setting is selected, the user can specify when the SonicWALL security appliance starts sending traffic through the Secondary WAN interface. Specify the maximum allowed bandwidth on the primary WAN interface in the Send traffic to Secondary WAN interface when bandwidth exceeds _ Kbps field. Percentage-Based—When this setting is selected, you can specify the percentages of traffic sent through the Primary WAN and Secondary WAN interfaces, utilizing both interfaces. ? Use Source and Destination IP Address Binding— This checkbox enables you to maintain a consistent mapping of traffic flows with a single outbound WAN interface, regardless of the percentage of traffic through that interface. Click Accept.

Page 50 Configuring Additional Interfaces

WAN Probe Monitoring
Enabling probe monitoring on the Network > WAN Failover & Load Balancing page instructs the SonicWALL security appliance to perform logical checks of upstream targets to ensure that the line is indeed usable, eliminating this potential problem, as well as continue to do physical monitoring. Under the default probe monitoring configuration, the SonicWALL performs an ICMP ping probe of both WAN ports’ default gateways. Unfortunately, this is also not an assured means of link monitoring because service interruption may be occurring further upstream. To perform reliable link monitoring, you can choose ICMP or TCP as monitoring method, and can specify up to two targets for each WAN port. TCP is preferred because many devices on the public Internet now actively drop or block ICMP requests. If you specify two targets for each WAN interface, you can logically link the two probe targets such that if either one fails the line will go down, or that both must fail for the line to be considered down. Using the latter method, you can configure a sort of ‘deep check’ to see if the line is truly usable – for instance, you could set first probe target of your ISP’s router interface using ICMP (assuming they allow this), and then do a secondary probe target of a DNS server on the public Internet using TCP Port 53. With this method, if the ICMP probe of the ISP’s router fails but the farther upstream continues to respond, the SonicWALL security appliance assumes the link is usable and continues to send traffic across it.

Note: For more information regarding WAN Probe
Monitoring, see the SonicOS Enhanced Administrator’s Guide.

SonicWALL NSA 240 Getting Started Guide Page 51

Configuring PortShield Interfaces
The SonicWALL PortShield feature enables you to configure some or all of the switch ports on the SonicWALL NSA 240 appliance into separate contexts, or PortShield interfaces, providing protection from traffic on the LAN, WAN, and DMZ, as well as the devices inside your network. Each context has its own wire-speed switch ports that have protection of a dedicated, deep-packet inspection firewall. To Configure Switch Ports Using SonicWALL PortShield: 1. On the Network > Interfaces page, click the PortShield Wizard button. This will run the SonicWALL PortShield Setup Wizard. Read the Introduction and click Next. Select the appropriate groupings of SwitchPort interfaces for the SonicWALL NSA 240 appliance. Click Next to continue.This will prompt a configuration summary to appear. Verify the ports assigned are correct. Click Apply to change port assignments.

Creating Network Access Rules
A Zone is a logical grouping of one or more interfaces designed to make management, such as the definition and application of access rules, a simpler and more intuitive process than following a strict physical interface scheme. By default, the SonicWALL security appliance’s stateful packet inspection allows all communication from the LAN to the Internet, and blocks all traffic from the Internet to the LAN. The following behaviors are defined by the “Default” stateful inspection packet access rule enabled in the SonicWALL security appliance:
Originating Zone Destination Zone Action Allow Allow Deny Deny

2.

LAN, WLAN DMZ WAN WAN and DMZ

WAN, DMZ WAN DMZ LAN or WLAN

3.

Note: If you select WAN/DMZ/LAN Switch, the X3-X8 ports
will all be in a single PortShield group. Navigate to Network > Interfaces to enable or disable PortShield on each port. For more information about SwitchPort interfaces, see the SonicOS Enhanced Administrator’s Guide.

Page 52 Configuring PortShield Interfaces

To create an access rule: 1. On the Firewall > Access Rules page in the matrix view, select two zones that will be bridged by this new rule. - On the Access Rules page, click Add.

2.

In the Add Rule page in the General tab, select Allow or Deny or Discard from the Action list to permit or block IP traffic.

The access rules are sorted from the most specific at the top to the least specific at the bottom of the table. At the bottom of the table is the Any rule.

Note: SonicWALL’s default firewall rules are set in this way
for ease of initial configuration, but do not reflect best practice installations. Firewall rules should only allow the required traffic and deny all other traffic.

SonicWALL NSA 240 Getting Started Guide Page 53

?

?

?

? ? ?

Select the service or group of services affected by the access rule from the Service drop-down list. If the service is not listed, you must define the service in the Add Service window. Select Create New Service or Create New Group to display the Add Service window or Add Service Group window. Select the source of the traffic affected by the access rule from the Source drop-down list. Selecting Create New Network displays the Add Address Object window. Select the destination of the traffic affected by the access rule from the Destination drop-down list. Selecting Create New Network displays the Add Address Object window. Select a user or user group from the Users Allowed drop-down list. Select a schedule from the Schedule drop-down list. The default schedule is Always on. Enter any comments to help identify the access rule in the Comments field.

3.

Click on the Advanced tab.

4. 5.

In the TCP Connection Inactivity Timeout (minutes) field, set the length of TCP inactivity after which the access rule will time out. The default value is 15 minutes. ? In the UDP Connection Inactivity Timeout (minutes) field, set the length of UDP inactivity after which the access rule will time out. The default value is 30 minutes. ? In the Number of connections allowed (% of maximum connections) field, specify the percentage of maximum connections that is allowed by this access rule. The default is 100%. ? Select Create a reflexive rule to create a matching access rule for the opposite direction, that is, from your destination back to your source. Click on the QoS tab to apply DSCP or 802.1p Quality of Service coloring/marking to traffic governed by this rule. Click OK to add the rule.

?

Page 54 Configuring PortShield Interfaces

Creating a NAT Policy
The Network Address Translation (NAT) engine in SonicOS Enhanced allows users to define granular NAT policies for their incoming and outgoing traffic. By default, the SonicWALL security appliance has a preconfigured NAT policy to perform Many-to-One NAT between the systems on the LAN and the IP address of the WAN interface. The appliance does not perform NAT by default when traffic crosses between the other interfaces. You can create multiple NAT policies on a SonicWALL running SonicOS Enhanced for the same object – for instance, you can specify that an internal server uses one IP address when accessing Telnet servers, and uses a different IP address for all other protocols. Because the NAT engine in SonicOS Enhanced supports inbound port forwarding, it is possible to access multiple internal servers from the WAN IP address of the SonicWALL security appliance. The more granular the NAT Policy, the more precedence it takes. Before configuring NAT Policies, you must create all Address Objects that will be referenced by the policy. For instance, if you are creating a One-to-One NAT policy, first create Address Objects for your public and private IP addresses. Address Objects are one of four object classes (Address, User, Service, and Schedule) in SonicOS Enhanced. Once you define an Address Object, it becomes available for use wherever applicable throughout the SonicOS management interface. For example, consider an internal Web server with an IP address of

67.115.118.80. Rather than repeatedly typing in the IP address when constructing Access Rules or NAT Policies, you can create an Address Object to store the Web server’s IP address. This Address Object, “My Web Server,” can then be used in any configuration screen that employs Address Objects as a defining criterion. Since there are multiple types of network address expressions, there are currently the following Address Objects types: ? ? ? Host – Host Address Objects define a single host by its IP address. Range – Range Address Objects define a range of contiguous IP addresses. Network – Network Address Objects are like Range objects in that they comprise multiple hosts, but rather than being bound by specified upper and lower range delimiters, the boundaries are defined by a valid netmask. MAC Address – MAC Address Objects allow for the identification of a host by its hardware address or MAC (Media Access Control) address. FQDN Address – FQDN Address Objects allow for the identification of a host by its Fully Qualified Domain Names (FQDN), such as www.sonicwall.com.

?

?

SonicOS Enhanced provides a number of default Address Objects that cannot be modified or deleted. You can use the default Address Objects when creating a NAT policy, or you can create custom Address Objects to use. All Address Objects are available in the drop-down lists when creating a NAT policy.
SonicWALL NSA 240 Getting Started Guide Page 55

Creating Address Objects
The Network > Address Objects page allows you to create and manage your Address Objects. You can view Address Objects in the following ways using the View Style menu: ? ? ? All Address Objects – displays all configured Address Objects. Custom Address Objects – displays Address Objects with custom properties. Default Address Objects – displays Address Objects configured by default on the SonicWALL security appliance.

4. 5.

To add an Address Object: 1. 2. 3. Navigate to the Network > Address Objects page. Below the Address Objects table, click Add. In the Add Address Object dialog box, enter a name for the Address Object in the Name field. 6.

Select the zone to assign to the Address Object from the Zone Assignment drop-down list. Select Host, Range, Network, MAC, or FQDN from the Type menu. - For Host, enter the IP address in the IP Address field. - For Range, enter the starting and ending IP addresses in the Starting IP Address and Ending IP Address fields. - For Network, enter the network IP address and netmask in the Network and Netmask fields. - For MAC, enter the MAC address in the MAC Address field. - For FQDN, enter the domain name for the individual site or range of sites (with a wildcard) in the FQDN field. Click OK.

Page 56 Creating a NAT Policy

Configuring NAT Policies
NAT policies allow you to control Network Address Translation based on matching combinations of Source IP address, Destination IP address and Destination Services. Policy-based NAT allows you to deploy different types of NAT simultaneously. The following NAT configurations are available in SonicOS Enhanced: ? ? ? ? ? ? ? Many-to-One NAT Policy Many-to-Many NAT Policy One-to-One NAT Policy for Outbound Traffic One-to-One NAT Policy for Inbound Traffic (Reflexive) One-to-Many NAT Load Balancing Inbound Port Address Translation via One-to-One NAT Policy Inbound Port Address Translation via WAN IP Address

To add the components of a One-to-One NAT policy, perform the following steps: 1. 2. 3. 4. 5. Navigate to the Network > NAT Policies page. Click Add. The Add NAT Policy dialog box displays. For Original Source, select Any. For Translated Source, select Original. For Original Destination, select X0 IP. For Translated Destination, select Create new address object and create a new address object using WAN for Zone Assignment and Host for Type. For Original Service, select HTTP. For Translated Service, select Original. For Inbound Interface, select X0. For Outbound Interface, select Any. For Comment, enter a short description. Select the Enable NAT Policy checkbox. Select the Create a reflexive policy checkbox if you want a matching NAT Policy to be automatically created in the opposite direction. This will create the outbound as well as the inbound policies. Click Add.

This section describes how to configure a One-to-One NAT policy. One-to-One is the most common NAT policy used to route traffic to an internal server, such as a Web server. Most of the time, this means that incoming requests from external IPs are translated from the IP address of the SonicWALL security appliance WAN port to the IP address of the internal Web server. An example configuration illustrates the use of the fields in the Add NAT Policy procedure. To add a One-to-One NAT policy that allows all Internet traffic to be routed through a public IP address, two policies are needed: one for the outbound traffic, and one for the inbound traffic.

6. 7. 8. 9. 10. 11. 12.

13.

Policies for subnets behind the other interfaces of the SonicWALL security appliance can be created by emulating these steps. Create a new NAT policy in which you adjust the source interface and specify the Original Source: the subnet behind that interface.

SonicWALL NSA 240 Getting Started Guide Page 57

Upgrading Firmware on Your SonicWALL
? ? ? ? 1. Obtaining the Latest Firmware - page 58 Saving a Backup Copy of Your Preferences - page 58 Upgrading the Firmware with Current Settings - page 59 Using SafeMode to Upgrade Firmware - page 59 To obtain a new SonicOS Enhanced firmware image file for your SonicWALL security appliance, connect to your MySonicWALL account at: <http://www.mysonicwall.com> Copy the new SonicOS Enhanced image file to a convenient location on your management station.

Saving a Backup Copy of Your Preferences
Before beginning the update process, make a system backup of your SonicWALL security appliance configuration settings. The backup feature saves a copy of the current configuration settings on your SonicWALL security appliance, protecting all your existing settings in the event that it becomes necessary to return to a previous configuration state. The System Backup shows you the current configuration and firmware in a single, clickable restore image. In addition to using the backup feature to save your current configuration state to the SonicWALL security appliance, you can export the configuration preferences file to a directory on your local management station. This file serves as an external backup of the configuration preferences, and can be imported back into the SonicWALL security appliance. Perform the following procedures to save a backup of your configuration settings and export them to a file on your local management station: 1. On the System > Settings page, click Create Backup. Your configuration preferences are saved. The System Backup entry is displayed in the Firmware Management table. To export your settings to a local file, click Export Settings. A popup window displays the name of the saved file.

Obtaining the Latest Firmware

2.

2.

Page 58 Upgrading Firmware on Your SonicWALL

Upgrading the Firmware with Current Settings
Perform the following steps to upload new firmware to your SonicWALL appliance and use your current configuration settings upon startup. The appliance must be properly registered before it can be upgraded. Refer to Registering and Licensing Your Appliance on MySonicWALL - page 13 for more information. 1. Download the SonicOS Enhanced firmware image file from MySonicWALL and save it to a location on your local computer. On the System > Settings page, click Upload New Firmware. Browse to the location where you saved the SonicOS Enhanced firmware image file, select the file and click the Upload button. On the System > Settings page, click the Boot icon in the row for Uploaded Firmware.

Using SafeMode to Upgrade Firmware
If you are unable to connect to the SonicWALL security appliance’s management interface, you can restart the SonicWALL security appliance in SafeMode. The SafeMode feature allows you to recover quickly from uncertain configuration states with a simplified management interface that includes the same settings available on the System > Settings page. To use SafeMode to upgrade firmware on the SonicWALL security appliance, perform the following steps: 1. Connect your computer to the X0 port on the SonicWALL appliance and configure your IP address with an address on the 192.168.168.0/24 subnet, such as 192.168.168.20. To configure the appliance in SafeMode, perform one of the following: ? Use a narrow, straight object, like a straightened paper clip or a toothpick, to press and hold the reset button on the back of the security appliance for one second. The reset button is in a small hole next to the power supply. The Test light starts blinking when the SonicWALL security appliance has rebooted into SafeMode.

2. 3.

2.

4.

Note: On the System > Settings page, click the Boot icon in
the row for Uploaded Firmware with Factory Default Settings. 5. 6. In the confirmation dialog box, click OK. The SonicWALL restarts and then displays the login page. Enter your user name and password. Your new SonicOS Enhanced image version information is listed on the System > Settings page. ?

SonicWALL NSA 240 Getting Started Guide Page 59

3.

Point the Web browser on your computer to 192.168.168.168. The SafeMode management interface displays.

4.

5.

6.

7. 8.

If you have made any configuration changes to the security appliance, select the Create Backup On Next Boot checkbox to make a backup copy of your current settings. Your settings will be saved when the appliance restarts. Click Upload New Firmware, and then browse to the location where you saved the SonicOS Enhanced firmware image, select the file and click the Upload button. Select the boot icon in the row for one of the following: ? Uploaded Firmware - New! Use this option to restart the appliance with your current configuration settings. ? Uploaded Firmware with Factory Defaults - New! Use this option to restart the appliance with default configuration settings. In the confirmation dialog box, click OK to proceed. After successfully booting the firmware, the login screen is displayed. If you booted with factory default settings, enter the default user name and password (admin / password) to access the SonicWALL management interface.

Note: Remember to change your IP address settings back to
DHCP. Otherwise, you may not be able to connect to the Internet.

Page 60 Upgrading Firmware on Your SonicWALL

Deploying SonicPoints for Wireless Access
This section describes how to configure SonicPoints with the SonicWALL NSA 240. See the following subsections: ? ? ? ? ? Updating SonicPoint Firmware - page 61 Configuring SonicPoint Provisioning Profiles - page 61 Configuring a Wireless Zone - page 63 Assigning an Interface to the Wireless Zone - page 64 Connecting the SonicPoint - page 65

Updating SonicPoint Firmware
If your SonicWALL appliance has Internet connectivity, it will automatically download the correct version of the SonicPoint when you connect a SonicPoint device. See the SonicOS Enhanced Administrator’s Guide for more details.

Configuring SonicPoint Provisioning Profiles
SonicPoint Profile definitions include all of the settings that can be configured on a SonicPoint, such as radio settings for the 2.4GHz and 5GHz radios, SSIDs and channels of operation. Once you have defined a SonicPoint profile, you can apply it to a Wireless zone. Each Wireless zone can be configured with one SonicPoint profile. When a SonicPoint is connected to a zone, it is automatically provisioned with the profile assigned to that zone. SonicOS includes a default SonicPoint profile, named SonicPoint. To add a new profile, click Add below the list of SonicPoint provisioning profiles. To edit an existing profile, select the profile and click the Configure icon in the same line as the profile you are editing. 1. In the Add/Edit SonicPoint Profile window on the General tab: ? Select Enable SonicPoint. ? Enter a Name Prefix to be used as the first part of the name for each SonicPoint provisioned. ? Select the Country Code for where the SonicPoints are operating.
SonicWALL NSA 240 Getting Started Guide Page 61

SonicWALL SonicPoints are wireless access points specially engineered to work with SonicWALL security appliances to provide wireless access throughout your enterprise. The SonicPoint section of the SonicOS management interface lets you manage the SonicPoints connected to your system. Before you can manage SonicPoints in the Management Interface, you must first: ? ? ? ? Verify that the SonicPoint image is downloaded to your SonicWALL security appliance. Configure your SonicPoint provisioning profiles. Configure a Wireless zone. Assign profiles to wireless zones. This step is optional. If you do not assign a default profile for a zone, SonicPoints in that zone will use the first profile in the list. Assign an interface to the Wireless zone. Attach the SonicPoints to the interface in the Wireless zone and test.

? ?

2.

In the 802.11g Radio tab: ? Select Enable Radio. ? Select a schedule for the radio to be enabled from the drop-down list. ? For Radio Mode, select the speed that the SonicPoint will operate on. You can choose from the following: ? 11Mbps - 802.11b ? 54 Mbps - 802.11g ? 108 Mbps - Turbo G

?

MAC addresses in the group. The Deny List is enforced before the Allow List. Under WEP/WPA Encryption, select the Authentication Type for your wireless network. SonicWALL recommends using WPA2 as the authentication type.

Note: WPA2 is a more secure replacement for the older
WEP and WPA standards. Fill in the fields specific to the authentication type that you selected. The remaining fields change depending on the selected authentication type. In the 802.11g Adv tab, configure the advanced radio settings for the 802.11g radio. For most 802.11g advanced options, the default settings give optimum performance. For a full description of the fields on this tab, see the SonicOS Enhanced Administrator’s Guide. In the 802.11a Radio and 802.11a Adv tabs, configure the settings for the operation of the 802.11a radio bands. The SonicPoint has two separate radios built in. Therefore, it can send and receive on both the 802.11a and 802.11g bands at the same time. The settings in the 802.11a Radio and 802.11a Advanced tabs are similar to the settings in the 802.11g Radio and 802.11g Advanced tabs. When finished, click OK. ?

Note: If you choose Turbo mode, all users in your company
must use wireless access cards that support Turbo mode. 3. ? ? For Channel, use AutoChannel unless you have a reason to use or avoid specific channels. Enter a recognizable string for the SSID of each SonicPoint using this profile. This is the name that will appear in clients’ lists of available wireless connections. Under ACL Enforcement, select Enable MAC Filter List to enforce Access Control by allowing or denying traffic from specific devices. Select a MAC address object group from the Allow List to automatically allow traffic from all devices with MAC addresses in the group. Select a MAC address group from the Deny List to automatically deny traffic from all devices with

4.

?

5.

Page 62 Deploying SonicPoints for Wireless Access

Configuring a Wireless Zone
You can configure a wireless zone on the Network > Zones page. Typically, you will configure the WLAN zone for use with SonicPoints. 1. 2. On the Network > Zones page in the WLAN row, click the icon in the Configure column. In the Edit Zone dialog box on the General tab, the Allow Interface Trust setting automates the creation of Access Rules to allow traffic to flow between the interfaces of a zone instance. For example, if the WLAN Zone has both the X2 and X3 interfaces assigned to it, checking Allow Interface Trust on the WLAN Zone creates the necessary Access Rules to allow hosts on these interfaces to communicate with each other. Select the checkboxes for the security services to enable on this zone. Typically you would enable Gateway AntiVirus, IPS, and Anti-Spyware. If your wireless clients are all running SonicWALL Client Anti-Virus, select Enable Client AV Enforcement Service. Click the Wireless tab. ? In the Wireless Settings section, select Only allow traffic generated by a SonicPoint to allow only traffic from SonicWALL SonicPoints to enter the WLAN Zone interface. This provides maximum security on your WLAN. Uncheck this option if you want to allow any traffic on your WLAN Zone regardless of whether or not it is from a SonicPoint.

?

Select SSL VPN Enforcement to require that all traffic that enters into the WLAN Zone be authenticated through a SonicWALL SSL VPN appliance.

Tip: For two-factor user authentication, SSL VPN
Enforcement allows the added security of one-time passwords when using a SonicWALL SSL VPN appliance. ? ? In the SSL VPN Server list, select an address object to direct traffic to the SonicWALL SSL VPN appliance. In the SSL VPN Service list, select the service or group of services that you want to allow for clients authenticated through the SSL VPN. If your wireless network is already running WiFiSec, you can select WiFiSec Enforcement to require that all traffic that enters into the WLAN Zone interface be either IPsec traffic, WPA traffic, or both. If you have configured WPA2 as your authentication type, you do not need to enable WiFiSec.

3.

?

4.

SonicWALL NSA 240 Getting Started Guide Page 63

If you have enabled WiFiSec Enforcement, you can specify the following: Select WiFiSec Exception Service to select services that are allowed to bypass the WiFiSec enforcement. ? Select Require WiFiSec for Site-to-Site VPN Tunnel Traversal to require WiFiSec security for all wireless connections through the WLAN zone that are part of a Site-to-Site VPN. ? If you wish to run WPA or WPA2 in addition to WiFiSec, you can select Trust WPA/WPA2 traffic as WiFiSec to accept WPA and WPA2 as allowable alternatives to WiFiSec. ? Under SonicPoint Settings, select the SonicPoint Provisioning Profile you want to apply to all SonicPoints connected to this zone. Whenever a SonicPoint connects to this zone, it will automatically be provisioned by the settings in the SonicPoint Provisioning Profile, unless you have individually configured it with different settings. Optionally configure the settings on the Guest Services tab. For information about configuring Guest Services, see the SonicOS Enhanced Administrator’s Guide. When finished, click OK. ?

Assigning an Interface to the Wireless Zone
Once the wireless zone is configured, you can assign an interface to it. This is the interface where you will connect the SonicPoint. 1. On the Network > Interfaces page, click the Configure icon in the row for the interface that you want to use, for example, X3. The interface must be unassigned. In the Edit Interface dialog box on the General tab, select WLAN or the zone that you created from the Zone dropdown list. Additional fields are displayed. Enter the IP address and subnet mask of the Zone in the IP Address and Subnet Mask fields. In the SonicPoint Limit field, select the maximum number of SonicPoints allowed on this interface. If you want to enable remote management of the SonicWALL security appliance from this interface, select the supported management protocol(s): HTTP, HTTPS, SSH, Ping, SNMP, and/or SSH. If you want to allow selected users with limited management rights to log in to the security appliance, select HTTP and/or HTTPS in User Login. Click OK.

2.

3. 4. 5.

6.

5.

7.

6.

Page 64 Deploying SonicPoints for Wireless Access

Connecting the SonicPoint
When a SonicPoint unit is first connected and powered up, it will have a factory default configuration (IP Address 192.168.1.20, username: admin, password: password). Upon initializing, it will attempt to find a SonicOS device with which to peer. If it is unable to find a peer SonicOS device, it will enter into a standalone mode of operation with a separate stand-alone configuration allowing it to operate as a standard Access Point. If the SonicPoint locates a peer SonicOS device via the SonicWALL Discovery Protocol, the two units perform an encrypted exchange and the profile assigned to the relevant wireless zone is used to automatically configure (provision) the newly added SonicPoint unit. As part of the provisioning process, SonicOS assigns the discovered SonicPoint device a unique name, records the SonicPoint’s MAC address and the interface and zone on which it was discovered, and uses the profile associated with the relevant zone to configure the 2.4GHz and 5GHz radio settings. It can also automatically assign the SonicPoint an IP address, if so configured, so that the SonicPoint can communicate with an authentication server for WPA-EAP support.

To connect the SonicPoint: 1. Using a CAT 5 Ethernet cable, connect the SonicPoint to the interface that you configured. Then connect the SonicPoint to a power source. In the SonicOS user interface on the SonicPoint > SonicPoints page, click the Synchronize SonicPoints button. The SonicWALL appliance downloads a SonicPoint image from the SonicWALL back-end server. Follow the instructions in the SonicPoint wizard. Be sure to select the same authentication type and enter the same keys or password that you configured in SonicOS.

2.

3.

For more information about wireless configuration, see the SonicOS Enhanced Administrator’s Guide.

SonicWALL NSA 240 Getting Started Guide Page 65

Troubleshooting Diagnostic Tools
SonicOS provides a number of diagnostic tools to help you maintain your network and troubleshoot problems. Several tools can be accessed on the System > Diagnostics page, and others are available on other screens. This section contains the following subsections: ? ? ? ? Using Packet Capture - page 66 Using Ping - page 68 Using the Active Connections Monitor - page 68 Using the Log > View Page - page 69

Using Packet Capture
Packet Capture allows you to capture and examine the contents of individual data packets that traverse your SonicWALL firewall appliance. The captured packets contain both data and addressing information. The System > Packet Capture page provides a way to configure the capture criteria, display settings and file export settings, and displays the captured packets.

Page 66 Troubleshooting Diagnostic Tools

The Packet Capture screen has buttons for starting and stopping a packet capture. If you simply click Start without any configuration, the SonicWALL appliance will capture all packets except those for internal communication, and will stop when the buffer is full or when you click Stop. The SonicOS user interface provides three windows to display different views of the captured packets: ? ? ? Captured Packets Packet Detail Hex Dump

Click the Configure button to customize the settings for the capture. Once the configuration is complete, click Start to begin capturing packets. The settings available in the five main areas of configuration are summarized below: ? ? ? ? ? General – number of bytes to capture, wrap capture buffer Capture Filter – interfaces, packet types, source/ destination Display Filter – interfaces, packet types, source/ destination Logging – automatic transfer of buffer to FTP server Advanced – generated packets, SonicWALL GMS, syslog, management

SonicWALL NSA 240 Getting Started Guide Page 67

Using Ping
Ping is available on the System > Diagnostics page.

Using the Active Connections Monitor
The Active Connections Monitor displays real-time, exportable (plain text or CSV), filterable views of all connections to and through the SonicWALL security appliance. This tool is available on the Systems > Diagnostics page. You can filter the results to display only connections matching certain criteria. You can filter by Source IP, Destination IP, Destination Port, Protocol, Src Interface, and DST Interface. Enter your filter criteria in the Active Connections Monitor Settings table. The fields you enter values into are combined into a search string with a logical AND. Select the Group Filters box next to any two or more criteria to combine them with a logical OR.

The Ping test bounces a packet off a machine on the Internet and returns it to the sender. This test shows if the SonicWALL security appliance is able to contact the remote host. If users on the LAN are having problems accessing services on the Internet, try pinging the DNS server, or another machine at the ISP location. If the test is unsuccessful, try pinging devices outside the ISP. If you can ping devices outside of the ISP, then the problem lies with the ISP connection.

Page 68 Troubleshooting Diagnostic Tools

Using the Log > View Page
The SonicWALL security appliance maintains an Event log for tracking potential security threats. You can view the log in the Log > View page, or it can be automatically sent to an email address for convenience and archiving. The log is displayed in a table and can be sorted by column. You can filter the results to display only event logs matching certain criteria. You can filter by Priority, Category, Source (IP or Interface), and Destination (IP or Interface). The fields you enter values into are combined into a search string with a logical AND. Select the Group Filters box next to any two or more criteria to combine them with a logical OR.

SonicWALL NSA 240 Getting Started Guide Page 69

Deployment Configuration Reference Checklist
Use this checklist to find more information about various deployment tasks within the SonicOS Enhanced Administrator’s Guide.

For this Task...
Inspecting the rule base for inbound and outbound rules Setting logging levels Configuring threat prevention on all used zones Configuring Web filtering protection Changing administrator login Setting administrator email Disabling HTTP and ping access Disabling or enabling DHCP Configuring user management Configuring VPN policies Securing wireless access

See this Chapter...
Configuring Access Rules Configuring Log Categories (“Logging Level” section) Configuring Zones (“Enabling SonicWALL Security Services on Zones“ section) Configuring SonicWALL Content Filtering Service Configuring Administration Settings (“Administrator Name & Password” section) Configuring Log Automation (“Email Log Automation“ section) Configuring Interfaces (“Configuring Advanced Settings for the Interfaces“ section) Setting Up the DHCP Server Managing Users and Authentication Settings Configuring VPN Policies Managing SonicPoints

Page 70 Deployment Configuration Reference Checklist

Support and Training Options

8

In this Section:
This section provides overviews of customer support and training options for the SonicWALL NSA 240.

? ? ? ? ? ? ? ?

Customer Support - page 72 SonicWALL Live Product Demos - page 72 Knowledge Portal - page 73 Onboard Help - page 73 User Forums - page 74 Training - page 75 Related Documentation - page 76 SonicWALL Secure Wireless Network Integrated Solutions Guide - page 77

SonicWALL NSA 240 Getting Started Guide Page 71

Customer Support
SonicWALL offers Web-based and telephone support to customers who have a valid Warranty or who purchased a Support Contract. Please review our Warranty Support Policy for product coverage. SonicWALL also offers a full range of consulting services to meet your needs, from our innovative implementation services to traditional statement of work-based services. For further information, visit: <http://www.sonicwall.com/us/support/contact.html>

SonicWALL Live Product Demos
The SonicWALL Live Demo Site provides free test drives of SonicWALL security products and services through interactive live product installations: ? Unified Threat Management Platform ? Secure Cellular Wireless ? Continuous Data Protection ? SSL VPN Secure Remote Access ? Content Filtering ? Secure Wireless Solutions ? Email Security ? SonicWALL GMS and ViewPoint For further information, visit: <http://livedemo.sonicwall.com/>

Page 72 Customer Support

Knowledge Portal
The Knowledge Portal allows users to search for SonicWALL documents based on the following types of search tools: ? ? ? Browse Search for keywords Full-text search

Onboard Help
SonicOS features a dynamic Onboard Help in the form of helpful tooltips that appear over various elements of the GUI when the mouse hovers over them. Elements that display these tooltips include text fields, radio buttons, and checkboxes.

For further information, navigate to the Support > Knowledge Portal page at: <http://www.mysonicwall.com/>

SonicWALL NSA 240 Getting Started Guide Page 73

User Forums
The SonicWALL User Forums is a resource that provides users the ability to communicate and discuss a variety of security and appliance subject matters. In this forum, the following categories are available for users: ? ? ? ? ? ? ? ? ? ? ? ? Content Security Manager topics Continuous Data Protection topics Email Security topics Firewall topics Network Anti-Virus topics Security Services and Content Filtering topics SonicWALL GMS and Viewpoint topics SonicPoint and Wireless topics SSL VPN topics NSA 240 / Wireless WAN - 3G Capability topics VPN Client topics VPN site-to-site and interoperability topics

For further information, visit: <https://forum.sonicwall.com/>

Page 74 User Forums

Training
SonicWALL offers an extensive sales and technical training curriculum for Network Administrators, Security Experts and SonicWALL Medallion Partners who need to enhance their knowledge and maximize their investment in SonicWALL Products and Security Applications. SonicWALL Training provides the following resources for its customers: ? ? ? ? ? E-Training Instructor-Led Training Custom Training Technical Certification Authorized Training Partners

For further information, visit: <http://www.sonicwall.com/us/support/training.html>

SonicWALL NSA 240 Getting Started Guide Page 75

Related Documentation
See the following related documents for more information: ? ? ? SonicOS Enhanced Administrator’s Guide SonicOS Enhanced Release Notes SonicOS Enhanced Feature Modules ? Application Firewall ? Dashboard ? HA License Sync ? Multiple Admin ? NAT Load Balancing ? Packet Capture ? Radio Frequency Monitoring ? Single Sign-On ? SSL Control ? Virtual Access Points SonicWALL GMS 5.0 Administrator’s Guide SonicWALL GVC 4.0 Administrator’s Guide SonicWALL ViewPoint 5.0 Administrator’s Guide SonicWALL GAV 4.0 Administrator’s Guide SonicWALL IPS 2.0 Administrator’s Guide SonicWALL Anti-Spyware Administrator’s Guide SonicWALL CFS Administrator’s Guide

? ? ? ? ? ? ?

For further information, visit: <http://www.sonicwall.com/us/support/289.html>

Page 76 Related Documentation

SonicWALL Secure Wireless Network Integrated Solutions Guide
The Official Guide to SonicWALL’s market-leading wireless networking and security devices. This 512-page book is available in hardcopy. Order the book directly from Elsevier Publishing at: <http://www.elsevier.com>

SonicWALL NSA 240 Getting Started Guide Page 77

Page 78 SonicWALL Secure Wireless Network Integrated Solutions Guide

Product Safety and Regulatory Information

9

In this Section:
This section provides regulatory, trademark, and copyright information.

? ? ? ? ?

Safety and Regulatory Information - page 80 Safety and Regulatory Information in German - page 81 FCC Part 15 Class B Notice - page 82 Copyright Notice - page 83 Trademarks - page 83

SonicWALL NSA 240 Getting Started Guide Page 79

Safety and Regulatory Information
Regulatory Model/Type APL19-05C Product Name NSA 240

Mounting the SonicWALL
? ? ? ? ? ? Mount in a location away from direct sunlight and sources of heat. A maximum ambient temperature of 104? F (40? C) is recommended. Route cables away from power lines, fluorescent lighting fixtures, and sources of noise such as radios, transmitters, and broadband amplifiers The included power cord is intended for use in North America only. For European Union (EU) customers, a power cord is not included. Ensure that no water or excessive moisture can enter the unit. Allow unrestricted airflow around the unit and through the vents on the side of the unit. A minimum of 1 inch (25.44mm) clearance is recommended. Consideration must be given to the connection of the equipment to the supply circuit and the effect of overloading the circuits has minimal impact on overcurrent protection and supply wiring. Appropriate consideration of equipment nameplate ratings must be used when addressing this concern.

Lithium Battery Warning
The Lithium Battery used in the SonicWALL security appliance may not be replaced by the user. Return the SonicWALL security appliance to a SonicWALL-authorized service center for replacement with the same or equivalent type recommended by the manufacturer. If, for any reason, the battery or SonicWALL security appliance must be disposed of, do so following the battery manufacturer's instructions.

Cable Connections
All Ethernet and RS232 (Console) cables are designed for intrabuilding connection to other equipment. Do not connect these ports directly to communication wiring or other wiring that exits the building where the SonicWALL is located.

Power Supply Information
If the power supply is missing from your SonicWALL product package, please contact SonicWALL Technical Support at 408752-7819 for a replacement. This product should only be used with a UL listed power supply marked “Class 2” or “LPS”, with an output rated 12 VDC, minimum 3.0 A.

Page 80 Safety and Regulatory Information

Safety and Regulatory Information in German
Hinweis zur Lithiumbatterie Weitere Hinweise zur Montage
? W?hlen Sie für die Montage einen Ort, der keinem direkten Sonnenlicht ausgesetzt ist und sich nicht in der N?he von W?rmequellen befindet. Die Umgebungstemperatur darf nicht mehr als 40 °C betragen. Führen Sie die Kabel nicht entlang von Stromleitungen, Leuchtstoffr?hren und St?rquellen wie Funksendern oder Breitbandverst?rkern. Das beigefügte Netzkabel ist nur für den Betrieb in Nordamerika vergesehen. Für Kunden in der Europ?ischen Union ist kein Kabel beigefügt. Stellen Sie sicher, dass das Ger?t vor Wasser und hoher Luftfeuchtigkeit geschützt ist. Stellen Sie sicher, dass die Luft um das Ger?t herum zirkulieren kann und die Lüftungsschlitze an der Seite des Geh?uses frei sind. Hier ist ein Belüftungsabstand von mindestens 26 mm einzuhalten. Vergewissern Sie sich, dass das Ger?t sicher im Rack befestigt ist. Die in der Internet Security Appliance von SonicWALL verwendete Lithiumbatterie darf nicht vom Benutzer ausgetauscht werden. Zum Austauschen der Batterie muss die SonicWALL in ein von SonicWALL autorisiertes Service-Center gebracht werden. Dort wird die Batterie durch denselben oder entsprechenden, vom Hersteller empfohlenen Batterietyp ersetzt. Beachten Sie bei einer Entsorgung der Batterie oder der SonicWALL Internet Security Appliance die diesbezüglichen Anweisungen des Herstellers.

? ? ? ?

Kabelverbindungen
Alle Ethernet- und RS232-C-Kabel eignen sich für die Verbindung von Ger?ten in Innenr?umen. Schlie?en Sie an die Anschlüsse der SonicWALL keine Kabel an, die aus dem Geb?ude herausgeführt werden, in dem sich das Ger?t befindet.

?

Informationen zur Stromversorgung
Sollte das Netzteil nicht im Lieferumfang der SonicWALL enthalten sein, wenden Sie sich diesbezüglich an den technischen Support von SonicWALL (Tel.: +1-408-752-7819). Dieses Produkt darf nur in Verbindung mit einem nach den Normen der Underwriter Laboratories, USA als ?UL-gelistet“ zugelassenen Netzteil der Kategorie ?Class 2“ oder ?LPS“ verwendet werden. Ausgang: 12 VDC Gleichsspannung, mind. 3.0 A.

SonicWALL NSA 240 Getting Started Guide Page 81

FCC Part 15 Class B Notice
NOTE: This equipment was tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy. And, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If the equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try and correct the interference using one or more of the following measures: ? ? ? ? Reorient or relocate the receiving antenna. Increase the separation between the equipment and the receiver. Connect the equipment into an outlet on a circuit different from the receiver connection. Consult SonicWALL for assistance.

Declaration of Conformity
Application of council Directive Standards to which conformity is declared 2004/108/EC (EMC) and 2006/95/EC (LVD) EN 55022 (2006) Class B EN 55024 (1998) +A2 EN 61000-3-2 (2006) EN 61000-3-3 (1995) +A2 EN 60950-1 (2001) +A11 National Deviations: AT, AU, BE, CH, CN, CZ, DE, DK, FI, FR, GB, GR, HU, IE, IL, IN, IT, JP, KR, NL, NO, PL, SE, SG, SI

VCCI Statement

Complies with EN55022 Class B and CISPR22 Class B. *Refer to the label on the bottom of the unit for device information including Class A or Class B FCC information.

Canadian Radio Frequency Emissions Statement
This Class B digital apparatus complies with Canadian ICES003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

Page 82 FCC Part 15 Class B Notice

Regulatory Information for Korea
Ministry of Information and Telecommunication Certification Number

Copyright Notice
? 2008 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, cannot be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format. Specifications and descriptions subject to change without notice.

All products with country code “” (blank) and “A” are made in the USA. All products with country code “B” are made in China. All products with country code “C” or “D” are made in Taiwan R.O.C. All certificates held by Secuwide, Corp.

Trademarks
SonicWALL is a registered trademark of SonicWALL, Inc. Microsoft Windows 98, Windows Vista, Windows 2000, Windows XP, Windows Server 2003, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation. Netscape is a registered trademark of Netscape Communications Corporation in the U.S. and other countries. Netscape Navigator and Netscape Communicator are also trademarks of Netscape Communications Corporation and may be registered outside the U.S. Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. Firefox is a trademark of the Mozilla Foundation. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies and are the sole property of their respective manufacturers.
SonicWALL NSA 240 Getting Started Guide Page 83

Notes

SonicWALL NSA 240 Getting Started Guide Page 84

SonicWALL, Inc. 1143 Borregas Avenue Sunnyvale CA 94089-1306 www.sonicwall.com T +1 408.745.9600 F +1 408.745.9300

P/N 232-001580-50 Rev A 10/08
?2008 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademark s and/or registered trademark s of their respective companies. Specifications and descriptions subject to change without notice.


相关文章:
sonicwall快速安装手册配置.doc
sonicwall快速安装手册配置 - SonicWALL 防火墙配置 Tunnel Interface VPN 简介: SonicWALL 防火墙配置 Tunnel Interface VPN...
SonicWALL配置手册--.doc
SonicWALL配置手册-- - 网络安全专业分销 13811271509 weiweilao@hotmail.com SonicWALL 防火墙标准版配置 SonicWall 标准版网...
SonicWALL 防火墙中文手册PDF版本_图文.pdf
SonicWALL 防火墙中文手册PDF版本_计算机硬件及网络_IT/计算机_专业资料。SonicOS 5.5 版本 SonicWALL NSA UTM 产品高级技术培训 学生手册版本 5.5.0 目录 第一章...
如何配置SonicWALL VPN.doc
如何配置SonicWALL VPN - 如何配置 SonicWALL VPN 本文将讲述利用 SonicWALL 的网络设备配置 VPN 连接的基本步骤。虽然本文用来举 例的设备为 SonicW...
SonicWALL 防火墙 配置DHCP中继.doc
SonicWALL 防火墙 配置DHCP中继 - SonicWALL 防火墙 配
如何升级Sonicwall防火墙版本.pdf
如何升级Sonicwall防火墙版本_计算机硬件及网络_IT/计算机_专业资料。升级Sonicwall防火墙的固件版本如何升级 Sonicwall 防火墙版本配置手册版本 2.0.0 全面保护成就您的...
SonicWALL 防火墙配置NAT Policy.doc
SonicWALL 防火墙配置NAT Policy - SonicWALL 防火
如何在SonicWALL和Cisco之间建立IPSec VPN_G5_Enhanced.pdf
如何在SonicWALL和Cisco之间建立IPSec VPN_G5_Enhanced_计算机硬件及网络_IT/计算机_专业资料。如何在 SonicWALL 和 Cisco 之间 建立 IPSec VPN 配置手册版本 1.0....
SonicWALL_HA配置手册.doc
SonicWALL_HA配置手册 - SonicWALL HA 配置 用户需求:
sonicwall ipsec vpn.doc
sonicwall ipsec vpn - IPSec VPN 的配置 主模式的
如何登陆Sonicwall防火墙.pdf
如何登陆 Sonicwall 防火墙配置手册版本 1.0.0 Question/Topic UTM: 如何通过命令行界面(CLI)登陆 Sonicwall 防火墙 Answer/Article 本文适用于: 涉及到的 Sonicwall...
SonicWALL pro 2040防火墙增强版上线手册.doc
这时,我们可以找一个内网的机器,测试是否可以访问外网: SonicWall 增强版规则配置 SonicWall 增强版一般规则配置 这时, 我们已经可以访问外网了。 此时的策略是默认...
SonicWall恢复出厂设置.doc
SonicWall恢复出厂设置_计算机硬件及网络_IT/计算机_专业资料。SonicWall恢复出厂设置 SonicWall 恢复出厂设置 SonicWall 原始 IP:192.168.168.168 user: admin ...
sonicwall产品注册手册_图文.pdf
(一)? SonicWALL 注册网站 www.mysonicwall.com 简介 SonicWALL NSA UTM 产品必须注册,从 SonicWALL 的后台服务器同步到各种服务的 License,才能使用深度包检测的...
如何在SonicWALL防火墙上配置静态路由.pdf
如何在SonicWALL防火墙上配置静态路由 - 如何在 SonicWALL
如何在SonicWALL和Juniper之间建立IPSec VPN更新版.pdf
Advanced 选项卡保持默认,如果防火墙有多个 WAN 接口,需要在 VPN Policy SonicWALL 中文技术论坛 http://www.sonicwall-china.com 第 19 页, 共 23 页 bound ...
SonicWALL 防火墙 HA 配置.doc
SonicWALL 防火墙 HA 配置 - SonicWALL 防火墙 HA 配
SonicWall防火墙透明模式配置(二层交换机).doc
SonicWall防火墙透明模式配置(二层交换机) - 全程图解,非常详细.工程师必备文档... SonicWall防火墙透明模式配置(二层交换机)_计算机硬件及网络_IT/计算机_专业资料。...
Dell SonicWall to WatchGuard Conversion Chart.pdf
Dell SonicWall to WatchGuard Conversion Chart_计算机硬件及网络_IT/计算机_专业资料。Dell SonicWall to WatchGuard Conversion Chart If People ask for Sonicwall ...
sonicwall教程_图文.ppt
sonicwall教程 - SonicWALL 典型配置和问题诊断 目的: 1.
更多相关标签: