Dell SonicWall SRA 4200 Administrator's Manual page 363

Connect to the PIX's management CLI via console port, telnet, or SSH and enter configure
Step 8
mode.
Issue the command 'clear http' to shut off the PIX's HTTP/S management interface.
Step 9
Issue the command 'interface ethernet2 auto' (or whatever interface you will be using)
Step 10
Issue the command 'nameif ethernet2 dmz security4' (or whatever interface you will be using)
Step 11
Issue the command 'ip address dmz 192.168.200.2 255.255.255.0'
Step 12
Issue the command 'nat (dmz) 1 192.168.200.0 255.255.255.0 0 0'
Step 13
Issue the command 'access-list sslvpn permit tcp any host x.x.x.x eq www' (replace x.x.x.x
Step 14
with the WAN IP address of your PIX)
Issue the command 'access-list sslvpn permit tcp any host x.x.x.x eq https' (replace x.x.x.x
Step 15
with the WAN IP address of your PIX)
Issue the command 'access-list dmz-to-inside permit ip 192.168.200.0 255.255.255.0
Step 16
192.168.100.0 255.255.255.0'
Issue the command 'access-list dmz-to-inside permit ip host 192.168.200.1 any'
Step 17
Issue the command 'static (dmz,outside) tcp x.x.x.x www 192.168.200.1 www netmask
Step 18
255.255.255.255 0 0' (replace x.x.x.x with the WAN IP address of your PIX)
Issue the command 'static (dmz,outside) tcp x.x.x.x https 192.168.200.1 https netmask
Step 19
255.255.255.255 0 0' (replace x.x.x.x with the WAN IP address of your PIX)
Issue the command 'static (inside,dmz) 192.168.100.0 192.168.100.0 netmask
Step 20
255.255.255.0 0 0'
Issue the command 'access-group sslvpn in interface outside'
Step 21
Issue the command 'access-group dmz-to-inside in interface dmz'
Step 22
Exit config mode and issue the command 'wr mem' to save and activate the changes.
Step 23
From an external system, attempt to connect to the SRA appliance using both HTTP and
Step 24
HTTPS. If you cannot access the SRA appliance, check all steps above and test again.
Final Config Sample – Relevant Programming in Bold:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security4
enable password SqjOo0II7Q4T90ap encrypted
passwd SqjOo0II7Q4T90ap encrypted
hostname tenaya
domain-name vpntestlab.com
clock timezone PDT -8
clock summer-time PDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
Configuring the SRA Appliance with a Third-Party Gateway | 363