SonicWALL ex9000 Getting Started
  1. Manuals
  2. Brands
  3. SonicWALL Manuals
  4. Wireless Access Point
  5. ex9000
  6. Getting started

SonicWALL ex9000 Getting Started

Aventail secure remote access
Hide thumbs Also See for ex9000:
Table of Contents

Advertisement

Quick Links

Download this manual
SonicWALL / Aventail Secure Remote Access EX9000
Getting Started Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ex9000 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for SonicWALL ex9000

Summary of Contents for SonicWALL ex9000

  • Page 1 SonicWALL / Aventail Secure Remote Access EX9000 Getting Started Guide...
  • Page 2 Pacific: Protection Call our toll-free Enterprise Support phone number at 1-866- SonicWALL offers a wide range of high performance network 360-1949 (your call will be transferred to SonicWALL's E-Class security, content security for Web and e-mail security, secure Technical Support team), or contact us at remote access, continuous data protection, and management E-ClassSupport@SonicWALL.com.
  • Page 3 Registering and Obtaining the License In this Section: This section describes how to register your SonicWALL Aventail appliance and then download the license file from MySonicWALL. You can register your SonicWALL Aventail appliance before you initialize or deploy it. Registration provides access to essential resources, such as your license file, firmware updates, documentation, and technical support information.
  • Page 4 MySonicWALL. The serial number and authentication code are also displayed in AMC on the General Settings page once you Retrieving Your SonicWALL License initialize and connect to your appliance. In your Web browser, navigate to You can retrieve an initial user license from MySonicWALL that https://www.mysonicwall.com...

  • Page 5: Table Of Contents

    In this Section: This section provides the steps to perform the initial installation and import the license to the SonicWALL Aventail appliance. For more detailed information, the Installation and Administration Guide has complete instructions for installing and licensing your SonicWALL Aventail appliance.

  • Page 6: Sonicwall Aventail Ex9000 Appliance Diagram

    SonicWALL Aventail EX9000 Appliance Diagram LCD Screen and Controls For initial configuration of basic network settings Hard Drives 2 TB 2 TB Serial 10 Gigabit Ports X8 - Internal network interface Console Ports Diagnostic Port X0 - X7 X9 - External network interface...

  • Page 7: Preparing The Hardware

    Rack Mounting the Appliance To prepare the SonicWALL appliance before running the Setup The SonicWALL appliance is designed to be mounted in a Wizard, complete the tasks described in the following sections: standard 19-inch rack. The product packaging contains a slide •...

  • Page 8: Entering Network Settings Using The Lcd

    Right to continue past it. the next screen. Cluster configuration The SonicWALL Aventail EX9000 provides four 10 gigabit ports on interfaces X8 - X11. You can activate the 10 gigabit ports Specify whether the appliance you are configuring will be during the LCD initialization process.

  • Page 9: Connecting Network Interfaces

    When you're done with the wizard, click Finish to apply your settings. The appliance restarts, which causes you to lose your current connection. Wait a few minutes and then connect to Aventail Management Console (AMC). SonicWALL SRA EX9000 Getting Started Guide Page 7...

  • Page 10: Connecting To Amc

    AMC. Click Login to log in to the Management Console. The SonicWALL Aventail SRA EX9000 supports up to 20,000 You can use the Setup Checklist on the AMC home page to concurrent users, when licensed accordingly.
  • Page 11 In this Section: This section describes a variety of deployment scenarios and introduces you to how the configuration elements of AMC interact. Deploying secure remote access for users to resources through the SonicWALL Aventail appliance is discussed. • Deployment Overview on page 10 •...

  • Page 12: Deployment Overview

    MySonicWALL when you download the current To use client-to-client applications such as VoIP when your firmware for your SRA EX9000. You can also access it on the appliance is using NAT, you can use ESP (Encapsulating Support pages of www.sonicwall.com: Security Payload) to encapsulate and decapsulate packets http://www.sonicwall.com/us/support/3891.html...

  • Page 13: Sonicwall Sra Ex9000 Getting Started Guide

    Communicate with an LDAP (unencrypted directory or Microsoft Active Directory LDAP over 636/tcp Communicate with an LDAP directory or Microsoft Active (encrypted) Directory over SSL RADIUS 1645/udp or 1812/udp Communicate with a RADIUS authentication server SonicWALL SRA EX9000 Getting Started Guide Page 11...

  • Page 14: Deploying Aventail Workplace

    Deploying Aventail WorkPlace resources that are available through Windows Terminal Services or Citrix hosts. Aventail WorkPlace is a Web portal that provides users with • The Network Explorer page provides Web-based access dynamically personalized access to your network. It provides to file shares.

  • Page 15: Deploying Access For Trusted Users

    To better understand how to deploy a remote access VPN, this HTTP or HTTPS protocols, such as Microsoft Outlook Web section provides an overview of how the SonicWALL Aventail Access or a corporate intranet. There are several ways to give access clients and agents are deployed to users.
  • Page 16 Web Resources on a Portion of Your Network Create a rule referencing the domain on the Add/Edit Access Rule page. To provide user access to any Web resource on a given portion Add a network shortcut referencing the domain on the of your network: WorkPlace Shortcuts page.

  • Page 17: Deploying Access For Less-Trusted Users

    Create a rule on the Add/Edit Access Rule page referencing the network resource. time. Configure the OnDemand Tunnel client. Add a Web shortcut on the WorkPlace Shortcuts page. SonicWALL SRA EX9000 Getting Started Guide Page 15...

  • Page 18: Deploying An End Point Control Agent

    Connection requests from devices that do not For advanced cache cleaning and data protection, you can match the trusted profile are automatically assigned to the configure the SRA EX9000 appliance to use the third-party Quarantine zone. EPC tools provided by OPSWAT: Cache Cleaner and Secure Secure Virtual Desktop for Partners Virtual Desktop.

  • Page 19: Denying Access

    Denying Access For the SonicWALL Aventail VPN, bi-directional connections encompass: There may be situations in which you want to deny access to an • Reverse connections from a network resource to a VPN employee using a device that has an unacceptable profile. As user, such as an SMS server that “pushes”...
  • Page 20 Providing Access to Outlook Web Access Ensure that the network tunnel service is running on the appliance; you can do this on the AMC home page or For convenience, AMC includes a pre-configured Web Services page. application profile for Microsoft Outlook Web Access (OWA). Create an IP address pool for the network tunnel clients (Connect Tunnel or OnDemand Tunnel) on the Configure To provide user access to OWA:...

  • Page 21: Authentication Scenarios

    Active Directory server, you would create a separate same Web browser, that same agent is automatically deployed. realm for each directory server. • Chained authentication—For increased security, you can require users to authenticate to a single realm using two SonicWALL SRA EX9000 Getting Started Guide Page 19...
  • Page 22 Deploying the Same Agents to All Users For example, you may want to create a community for those employees who use IT-managed laptops for remote access, When you create an authentication realm in AMC, a default and provision them with the Connect Tunnel client to allow them community associated with the realm is also automatically extensive access to your network resources.
  • Page 23 • Creating an Employee Community on page 30 • Creating a Partner Community on page 33 • Creating Access Control Lists on page 34 • Testing the Deployment Scenario on page 35 SonicWALL SRA EX9000 Getting Started Guide Page 21...
  • Page 24 Employees community, and a less less trusted group, partners. This scenario uses Advanced trusted one for Partners. Also create a EPC, which is included with the SonicWALL Aventail EX9000. quarantine zone, for devices that do not fit into either community.

  • Page 25: Establishing An Authentication Realm

    For example, Company Directory. Creating Access Control Lists page 34. Throughout these procedures, remember to click Pending Changes in the upper-right corner in AMC, and then click Apply Changes to save your configuration changes. SonicWALL SRA EX9000 Getting Started Guide Page 23...
  • Page 26 In the Primary domain controller box, type the host name Resources sometimes require NTLM credentials to be (assuming you have already configured DNS) or IP forwarded to back-end Web servers; Outlook is often set address for the authentication server. up this way. Expand the Advanced settings, and then scroll down to the NTLM authentication forwarding area to specify how the domain name portion of the credentials will be forwarded.

  • Page 27: Identifying Users

    Save. Select Create shortcut on Aventail WorkPlace. Adding Resources The SonicWALL Aventail appliance can manage a wide variety of corporate resources, which are described in the online SonicWALL Aventail Deployment Planning Guide. For our sample scenario we will define the following: •...

  • Page 28: Creating Zones Of Trust

    Creating Zones of Trust 10. Click Save. You should now see two new items in your resource list: End Point Control (EPC) provides extensive protection to ensure that your users’ access devices are secure. In this example, we will create two Standard zones: a trusted one for members of the Employees community, and a less trusted one for Partners.
  • Page 29 5. In this example, when devices do not match the Standard zone we created, we will classify them into a Quarantine zone named Untrusted. SonicWALL SRA EX9000 Getting Started Guide Page 27...

  • Page 30: Customizing Workplace

    Customizing WorkPlace Click Save. In the All Profiles list, select the check box for Symantec You can alter the appearance of WorkPlace on a per- AV, and then click the right arrow (>>) button. community basis by creating different styles and layouts: At the bottom of the Zone Definition page select Secure •...
  • Page 31 In the Name box, type a unique name for the WorkPlace To replace the SonicWALL Aventail logo that is displayed in layout. For example, Partners layout. WorkPlace with a different image, use the Replace with box to enter or browse for the .gif or .jpg file you want to...
  • Page 32 Creating an Employee Community In the Initial content area, select a layout for any shortcuts and shortcut groups that you have defined, or choose to set up an initial structure for your content and add We will now create a new community for the employees. WorkPlace resources later.
  • Page 33 Network tunnel client check box. A Personal warning is displayed if no IP address pool is configured. Bookmarks Shortcut group (collapsible) One- or two- column layout Intranet box: an additional way to access resources SonicWALL SRA EX9000 Getting Started Guide Page 31...
  • Page 34 VoIP or active-mode FTP, may not function properly. See the SonicWALL Aventail Deployment Planning Guide for WorkPlace Appearance for Employees information about alternatives. Click Save. The address pool appears in the Address Configure the Employees community to use the WorkPlace Pools list.
  • Page 35 Web proxy agent should be selected. one. Click Next to define the zone of trust for partners. Click Finish. SonicWALL SRA EX9000 Getting Started Guide Page 33...
  • Page 36 Creating Access Control Lists To add a rule that gives employees access to all resources: Type a name for the second rule (FT employees only) Broadly speaking, access rules define which resources can be and leave the Action as Permit. accessed by which users.
  • Page 37 AMC page, and then click the link for WorkPlace, just under two you set up in on page 25: Adding Resources the appliance image. SonicWALL SRA EX9000 Getting Started Guide Page 35...
  • Page 38 To log in as a partner: on page 33, you set up Creating a Partner Community two users who belong to the Partners community. Log in using the credentials of one of thoses users. If you are in the Partners zone—meaning that your device has the attributes specified in the Symantec AV device profile—...
  • Page 39 Safety and Regulatory Information In this Section: This section provides safety and regulatory along with trademark and copyright information. • Safety Information for E-Class SRA EX9000 on page 38 • FCC Part 15 Class A Notice on page 44 •...

  • Page 40: Safety Information For E-Class Sra Ex9000

    (25.44mm) clearance is recommended. • If installed in a closed or multi-unit rack assembly, the The SonicWALL appliance is designed to be mounted in a operating ambient temperature of the rack environment standard 19-inch rack mount cabinet. may be greater than room ambient temperature. Consider...
  • Page 41 • Reliable grounding of rack-mounted equipment must be maintained. Particular attention must be given to power supply connections other than direct connections to the branch circuits, such as power strips. SonicWALL SRA EX9000 Getting Started Guide Page 39...
  • Page 42 Attaching Inner Rails to the Appliance Attach the front bracket to the system. Use the following steps to attach the inner rails to the appliance: Position the inner rail alongside the side of the appliance with the finger tab facing outward. Align the screw holes of the rail and the mounting holes of the appliance and then attach the inner rail to the appliance with crosshead threaded screws.
  • Page 43 Repeat step 1 and 2 to install the other rail. Lithium Battery Warning The lithium battery used in the SonicWALL appliance may not be replaced by the user. The appliance must be returned to a SonicWALL authorized service center for battery replacement with the same or equivalent type recommended by the manufacturer.
  • Page 44 • Wenn das Gerät in einem geschlossenen 19"-Gehäuse oder mit mehreren anderen Geräten eingesetzt ist, wird die Das SonicWALL Modell ist für eine Montage in einem Temperatur in der Gehäuse höher sein als die standardmäßigen Umgebungstemperatur. Achten Sie darauf, daß die 19-Zoll-Rack konzipiert.
  • Page 45 Verbindung von Geräten in Innenräumen. Schließen Sie an die sollte Bestandteil der Haus-Installation sein. Bitte folgen die Anschlüsse der SonicWALL keine Kabel an, die aus dem den lokalen Richtlinien beim Einkauf von Material oder Gebäude in dem sich das Gerät befindet, herausgeführt Komponenten.

  • Page 46: Fcc Part 15 Class A Notice

    DK, FI, FR, GB, GR, HU, IL, IN, IT, JP, KE, KR, MY, NL, NO, PL, SE, SG, SI, SK, US purposes not shown in this manual without the written consent of SonicWALL, Inc. could void the user's authority to operate BMSI Statement this equipment.
  • Page 47 All products with country code “” (blank), “A”, or “J” are made in the USA. All products with country code “B” are made in China. All products with country code “C” or “D” are made in Taiwan R.O.C. SonicWALL SRA EX9000 Getting Started Guide Page 45...

  • Page 48: Copyright Notice

    Copyright Notice © 2011 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, cannot be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy.

  • Page 49: Trademarks

    Trademarks SonicWALL is a registered trademark of SonicWALL, Inc. Windows 7, Windows Vista, Windows XP, Windows Server 2008, Windows Server 2003, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation. Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S.
  • Page 50 Quick Policy Setup Instructions for Your SonicWALL Aventail E-Class Secure Remote Access Appliance How do How are users Authentication server A realm allows users to authenticate Realm Company XYZ you define authenticated? AD.example.com using credentials stored on an trust level external authentication server.
  • Page 51 ©2010 SonicWALL and the SonicWALL logo is registered trademarks of SonicWALL, Inc. Dynamic Security For The Global Network is a trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
  • Page 52 T + 1 408.745.9600 F + 1 408.745.9300 www.sonicwall.com ©2011 SonicWALL and the SonicWALL logo is registered trademarks of SonicWALL, Inc. Dynamic Security For The Global Network is a trademark of SonicWALL, Inc. Other product names 232-002034-52 Rev A 11/2011...

Table of Contents