1. Manuals
  2. Brands
  3. SonicWALL Manuals
  4. Gateway
  5. SSL-VPN 4000
  6. Getting started manual

SonicWALL SSL-VPN 4000 Getting Started Manual

Hide thumbs Also See for SSL-VPN 4000:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual
Secure Remote Access Solutions
SonicWALL SSL-VPN Series
APPLIANCES
SonicWALL SSL-VPN 4000
Getting Started Guide

Advertisement

Table of Contents
loading

Related Manuals for SonicWALL SSL-VPN 4000

Summary of Contents for SonicWALL SSL-VPN 4000

  • Page 1 Secure Remote Access Solutions SonicWALL SSL-VPN Series APPLIANCES SonicWALL SSL-VPN 4000 Getting Started Guide...

  • Page 2: Table Of Contents

    Getting Started Guide This Getting Started Guide contains installation procedures and configuration guidelines for deploying a SonicWALL SSL-VPN 4000 appliance into an existing or new network. This document addresses the most common use-case scenarios and network topologies in which the SonicWALL SSL-VPN 4000 appliance can be deployed.

  • Page 3: Before You Begin

    • An Internet connection ** While these browsers are acceptable for use in configuring your SonicWALL SSL- VPN 4000, end users will need to use IE 5.01 or higher, supporting JavaScript, Java, cookies, SSL and ActiveX in order to take advantage of the full suite of applications.
  • Page 4 Collect the following information about your current network configuration: Primary DNS: Secondary DNS (optional): DNS Domain: WINS server(s) (optional): Other Information These are the default settings for accessing your SonicWALL SSL-VPN management interface: User Name: admin Password: (default: password) SonicWALL SSL-VPN 4000 Getting Started Guide...

  • Page 5: Selecting A Sonicwall Recommended Deployment Scenario

    The deployment scenarios described in this section are based on actual customer deployments and are SonicWALL-recommended deployment best practices. This section describes three common deployments of the SonicWALL SSL-VPN 4000. In Table 1, select the scenario that most closely matches your deployment.

  • Page 6: Applying Power To The Sonicwall Ssl-Vpn 4000

    Applying Power to the SonicWALL SSL-VPN 4000 1. Plug the power cord into the SonicWALL SSL-VPN 4000 and into an appropriate power outlet. 2. Turn on the power switch on the rear of the appliance next to the power cord.

  • Page 7: Accessing The Management Interface

    To access the Web-based management interface of the SonicWALL SSL-VPN 4000: 1. Connect one end of a cross-over cable into the X0 port of your SonicWALL SSL- VPN 4000. Connect the other end of the cable into the computer you are using to manage the SonicWALL SSL-VPN 4000.
  • Page 8 Did you plug your management workstation into the interface X0 on the SonicWALL SSL-VPN appliance? Management can only be performed through X0. • Is the link light lit on both the management station and the SonicWALL SSL-VPN appliance? • Did you correctly enter the SonicWALL SSL-VPN 4000 management IP address in your Web browser? •...

  • Page 9: Configuring Your Sonicwall Ssl-Vpn 4000

    Configuring Your SonicWALL SSL-VPN 4000 Once your SonicWALL SSL-VPN 4000 is connected to a computer through the management port (X0), it can be configured through the Web-based management interface. This section includes the following subsections: • “Setting Your Administrator Password” on page 9 •...
  • Page 10 Changing your password from the factory default is optional but strongly recommended. If you do change your password, be sure to keep it in a safe place. If you lose your password, you will have to reset the SonicWALL SSL-VPN 4000 to factory settings, losing your configuration.
  • Page 11 NTP server (default setting) is encouraged to ensure accuracy. Configuring SSL-VPN Network Settings You will now configure your SSL-VPN 4000 network settings. Refer to the notes you took in “Network Configuration Information” on page 3 to complete this section.
  • Page 12 When you Click OK, you will lose your connection to the SSL-VPN. 4. Reset the computer you use to manage the SonicWALL SSL-VPN 4000 to have a static IP address in the range you just set for the X0 interface, for example, 10.1.1.20 or 192.168.200.20.
  • Page 13 Configuring a Default Route Refer to the following table to correctly configure your default route. If you do not know your scenario, refer to “Selecting a SonicWALL Recommended Deployment Scenario” on page 4. If you are using scenario: Your upstream gateway device will be: A - SSL-VPN on a New DMZ The DMZ you will create (for example, 192.168.200.2).
  • Page 14 (such as 15 users will require 16 addresses like 192.168.200.100 to 192.168.200.115). The range should fall within the same subnet as the interface to which the SonicWALL SSL-VPN appliance is connected, and in cases where there are other hosts on the same segment as the SonicWALL SSL-VPN appliance, it must not overlap or collide with any assigned addresses.
  • Page 15 To set your NetExtender address range, perform the following steps: 1. Select the NetExtender > Client Addresses page. 2. Enter an address range for your clients in the Client Address Range Begin and Client Address Range End fields. Scenario A 192.168.200.100 to 192.168.200.200 (default range) Scenario B...

  • Page 16: Connecting The Sonicwall Ssl-Vpn 4000

    Connecting the SonicWALL SSL-VPN 4000 Before continuing, reference the diagrams on the following pages to connect the SonicWALL SSL-VPN 4000 to your network. Refer to the table in “Selecting a SonicWALL Recommended Deployment Scenario” on page 4 to determine the proper scenario for your network configuration.
  • Page 17 1. Connect one end of an Ethernet cable to an unused port on your DMZ, either directly to the OPT or X2 on your existing SonicWALL UTM appliance or to a hub or switch on your DMZ. Scenario B: SSL-VPN on an Existing DMZ...
  • Page 18 Remote Users Internet Zone 2. Connect the other end of the Crossover cable to the X0 port on the front of your SonicWALL SSL-VPN 4000. The X0 Port LED lights up green indicating an active connection. Continue to Step SonicWALL SSL-VPN 4000 Getting Started Guide...

  • Page 19: Configuring Your Gateway Device

    Configuring Your Gateway Device Now that you have set up your SonicWALL SSL-VPN 4000, you need to configure your gateway device to work with the SonicWALL SSL-VPN 4000. Refer to the table in “Selecting a SonicWALL Recommended Deployment Scenario” on page 4 to determine the proper scenario for your network configuration.
  • Page 20 5. Click the OK button. Scenario A: Allowing WAN -> DMZ Connection in SonicOS Standard Follow this procedure if you are connecting the SonicWALL SSL-VPN 4000 to a SonicWALL UTM appliance running SonicOS Standard. If your SonicWALL UTM appliance is running SonicOS Enhanced, skip to “Scenario A: Allowing WAN -> SSL- VPN Connection in SonicOS Enhanced”...
  • Page 21 The X0 IP address of the SonicWALL SSL-VPN appliance, 192.168.200.1 by default Destination Interface Click Next. 6. In the Congratulations page, click Apply to create the rules and allow access from the WAN to the SonicWALL SSL-VPN appliance on the DMZ. Page 20...
  • Page 22 If you are allowing HTTP access to the SonicWALL SSL-VPN appliance, create a public server access rule for HTTP: 1. In the Firewall > Access Rules page, click 2. In the Welcome to the Network Access Rules Wizard page, click Next.
  • Page 23 6. In the Step 4: Access Rule Source Interface and Address page, perform the following selections and click Next: Interface IP Address Begin The X0 IP address of the SonicWALL SSL-VPN appliance, 192.168.200.1 by default IP Address End The X0 IP address of the SonicWALL SSL-VPN appliance, 192.168.200.1 by default...
  • Page 24 8. In the Step 6: Access Rule Time page, leave Time Active set to Always Active unless you want to limit when you want SSL-VPN clients to have access to the LAN. 9. In the Congratulations page, click Apply to create the access rule. SonicWALL SSL-VPN 4000 Getting Started Guide Page 23...
  • Page 25 Create access to the LAN for NetExtender: 1. In the Firewall > Access Rules page, click 2. In the Welcome to the SonicWALL Network Access Rules page, click Next. 3. In the Step 1: Access Rule Type page, select General Rule. Click Next.
  • Page 26 X0 IP address for Scenario B and Scenario C” on page 11). 10. Enter your subnet mask in the Subnet Mask field. 11. In the Management area, enable the desired management options. 12. Click the OK button to apply changes. SonicWALL SSL-VPN 4000 Getting Started Guide Page 25...
  • Page 27 Scenario A: Allowing WAN -> SSL-VPN Connection in SonicOS Enhanced Follow this procedure if you are connecting your SonicWALL SSL-VPN 4000 to a SonicWALL UTM appliance running SonicOS Enhanced. If your SonicWALL UTM appliance is running SonicOS Standard, refer to “Scenario A: Allowing WAN -> DMZ Connection in SonicOS Standard”...
  • Page 28 6. In the Step 2: Server Private Network Configuration page, enter: Server Name A name for your SonicWALL SSL-VPN 4000 Server Private The X0 IP address of the SonicWALL SSL-VPN appliance, IP Address 192.168.200.1 by default Server Comment A brief description of the server Click Next.
  • Page 29 IP address in your allowed public IP range. Note: The default IP address is the WAN IP address of your SonicWALL UTM appliance. If you accept this default, all HTTP and HTTPS traffic to this IP address will be routed to your SonicWALL SSL-VPN 4000.
  • Page 30 2. At the bottom of the page, below the Address Objects table, click 3. In the Add Object dialog box, create an address object for the X0 interface IP address of your SonicWALL SSL-VPN 4000: Name Enter a name for the SonicWALL SSL-VPN 4000 Zone Assignment SSL-VPN Type...
  • Page 31 6. In the middle of the Network > Address Objects page, below the Address Groups table, click 7. In the Add Address Object Group dialog box, create a group for the X0 interface IP address of your SonicWALL SSL-VPN 4000 and the NetExtender IP range: • Enter a name for the group.
  • Page 32 To Zone Service Source The address group you just created, such as SonicWALL_SSL-VPN_Group Destination Users Allowed Schedule Always on Allow Fragmented Checked Packets Click OK to create the rule. Continue to Step SonicWALL SSL-VPN 4000 Getting Started Guide Page 31...
  • Page 33 SSL-VPN 4000. Scenario B: Allowing WAN -> DMZ Connection in SonicOS Standard Follow this procedure if you are connecting the SonicWALL SSL-VPN 4000 to a SonicWALL UTM appliance running SonicOS Standard. If your SonicWALL UTM appliance is running SonicOS Enhanced, skip to “Scenario A: Allowing WAN ->...
  • Page 34 DMZ range, for example 10.1.1.200. Destination Interface Click Next. 6. In the Congratulations page, click Apply to create the rules and allow access from the WAN to the SonicWALL SSL-VPN appliance on the DMZ. SonicWALL SSL-VPN 4000 Getting Started Guide Page 33...
  • Page 35 If you are allowing HTTP access to the SonicWALL SSL-VPN appliance, create a public server access rule for HTTP: 1. In the Firewall > Access Rules page, click 2. In the Welcome to the Network Access Rules Wizard page, click Next.
  • Page 36 6. In the Step 4: Access Rule Source Interface and Address page, perform the following selections and click Next: Interface IP Address Begin The X0 IP address of the SonicWALL SSL-VPN appliance within your DMZ range, for example 10.1.1.200. IP Address End The X0 IP address of the SonicWALL SSL-VPN appliance, the same as above, for example 10.1.1.200.
  • Page 37 7. In the Step 5: Access Rule Destination Interface and Address page, perform the following selections and click Next: Interface IP Address Begin IP Address End Leave blank 8. In the Step 6: Access Rule Time page, leave Time Active set to Always Active unless you want to limit when you want SSL-VPN clients to have access to the LAN.
  • Page 38 Create access to the LAN for NetExtender: 1. In the Firewall > Access Rules page, click 2. In the Welcome to the SonicWALL Network Access Rules page, click Next. 3. In the Step 1: Access Rule Type page, select General Rule. Click Next.
  • Page 39 Scenario B: Allowing WAN -> DMZ Connection in SonicOS Enhanced Follow this procedure if you are connecting your SonicWALL SSL-VPN 4000 to a SonicWALL UTM appliance running SonicOS Enhanced. If your SonicWALL UTM appliance is running SonicOS Standard, refer to “Scenario A: Allowing WAN -> DMZ Connection in SonicOS Standard”...
  • Page 40 6. In the Step 2: Server Private Network Configuration page, enter: Server Name A name for your SonicWALL SSL-VPN 4000 Server Private The X0 IP address of the SonicWALL SSL-VPN appliance IP Address within your DMZ range, for example, 10.1.1.200 Server Comment A brief description of the server Click Next.
  • Page 41 IP address in your allowed public IP range. Note: The default IP address is the WAN IP address of your SonicWALL UTM appliance. If you accept this default, all HTTP and HTTPS traffic to this IP address will be routed to your SonicWALL SSL-VPN 4000.
  • Page 42 2. At the bottom of the page, below the Address Objects table, click 3. In the Add Object dialog box, create an address object for the X0 interface IP address of your SonicWALL SSL-VPN 4000: Name Enter a name for the SonicWALL SSL-VPN 4000 Zone Assignment Type Host IP Address The SonicWALL SSL-VPN 4000’s X0 interface IP address...
  • Page 43 6. In the middle of the Network > Address Objects page, below the Address Groups table, click 7. In the Add Address Object Group dialog box, create a group for the X0 interface IP address of your SonicWALL SSL-VPN 4000 and the NetExtender IP range: • Enter a name for the group.
  • Page 44 To Zone Service Source The address group you just created, such as SonicWALL_SSL-VPN_Group Destination Users Allowed Schedule Always on Allow Fragmented Checked Packets Click OK to create the rule. Continue to Step SonicWALL SSL-VPN 4000 Getting Started Guide Page 43...
  • Page 45 SonicWALL SSL-VPN 4000 connection. Scenario C: Configuring SSL-VPN -> LAN Connectivity In order for users to access local resources through the SonicWALL SSL-VPN 4000, you must configure your gateway device to allow an outside connection through the SSL-VPN into your LAN.
  • Page 46 6. Select HTTPS from the Service drop-down list. 7. Enter 192.168.168.200 (or the IP address to which you have configured your X0 interface on your SonicWALL SSL-VPN appliance) in the Private IP field. 8. Select LAN or DMZ in the Destination Interface drop-down list. The destination interface will depend on your deployment configuration.
  • Page 47 6. Enter SSL-VPN in the Server Name field. 7. Enter 192.168.168.200 (or the address to which you have configured your X0 interface on your SonicWALL SSL-VPN appliance) in the Private IP field. 8. Enter a comment, such as “WAN to SSL-VPN” to describe your connection.
  • Page 48 64.41.140.167”. It is therefore recommended, if you have not already done so, that you create a DNS record to allow for FQDN access to your SonicWALL SSL-VPN appliance. If you do not manage your own public DNS servers, contact your Internet Service Provider for assistance.
  • Page 49 3. Record your Serial Number and Authentication Code from the Licenses and Registration box. 4. In the Licenses and Registration box, follow the link to the SonicWALL Web site (or access http://www.mysonicwall.com in your Web browser). The mySonicWALL.com Login page is displayed.
  • Page 50 6. Navigate to My Products in the left hand navigation bar. 7. Enter your Serial Number and Authentication Code in the appropriate fields. 8. Enter a friendly name for your SonicWALL SSL-VPN in the Friendly Name field. 9. Click the Register button.

  • Page 51: Configuring Dynamic Dns

    The Network > Dynamic DNS page provides the settings for configuring the SonicWALL UTM appliance to use your DDNS service. To configure Dynamic DNS on the SonicWALL UTM appliance, perform these steps: 1. From the Network > Dynamic DNS page, click the Add button. The Add DDNS Profile window is displayed.
  • Page 52 Automatically set IP Address to the Primary WAN Interface IP Address - This will cause the SonicWALL device to assert its WAN IP address as the registered IP address, overriding auto-detection by the dynamic DNS server. Useful if detection is not working correctly.

  • Page 53: Windows 2000

    Configuring a Static IP Address If you did not enable the SonicWALL UTM appliance DHCP server, you must configure each computer with a static IP address from your LAN or WLAN IP address range. After the SonicWALL SSL-VPN 4000 has restarted, follow the steps below for configuring your...
  • Page 54 6. Type the appropriate subnet mask (for example, 255.255.255.0) in the Subnet Mask field. 7. Type the SonicWALL SSL-VPN 4000 LAN IP Address in the Default Gateway field. 8. Click DNS at the top of the window. 9. Type the DNS IP address in the Preferred DNS Server field. If you have more than one address, enter the second one in the Alternate DNS server field.
  • Page 55 Mounting Guidelines The SonicWALL SSL-VPN 40004000 is designed to be mounted in a standard 19-inch rack mount cabinet. The following conditions are required for proper installation: • Use the mounting hardware recommended by the rack manufacturer and ensure that the rack is adequate for the application. SonicWALL includes a rack mounting kit with the SonicWALL SSL-VPN appliance that is compatible with most computer equipment racks.
  • Page 56 Portal - A gateway, usually through the Internet to network resources or services. The SonicWALL SSL-VPN 4000 provides a Portal as the user interface for remote access to protected LAN resources such as Web and FTP servers, files shares, and remote desktops.
  • Page 57 Subnet - A portion of a network. Each subnet within a network shares a common network address and is uniquely identified by a subnetwork number. Subnet Mask - A 32-bit number used to separate the network and host sections of an IP address.

  • Page 58: Cable Connections

    <http://www.sonicwall.com>. Lithium Battery Warning The Lithium Battery used in the SonicWALL Internet security appliance may not be replaced by the user. The SonicWALL must be returned to a SonicWALL authorized service center for replacement with the same or equivalent type recommended by the manufacturer.
  • Page 59 Specifications and descriptions subject to change without notice. Trademarks SonicWALL is a registered trademark of SonicWALL, Inc. Microsoft Windows 98, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation.
  • Page 60 Notes SonicWALL SSL-VPN 4000 Getting Started Guide Page 59...
  • Page 61 Notes Page 60...
  • Page 62 F +1 408.745.9300 www.sonicwall.com PN: 232-000939-01 Rev A ©2006 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Speci cations and descriptions subject to change without notice.

Table of Contents