SonicWALL SSL-R User Manual
  1. Manuals
  2. Brands
  3. SonicWALL Manuals
  4. Network Hardware
  5. SSL-R
  6. User manual

SonicWALL SSL-R User Manual

Secure sockets layer ffloading solutions that allow servers to provide both secure and non-secure services at the same high speeds
Hide thumbs Also See for SSL-R:
Table of Contents

Advertisement

Quick Links

Download this manual
SonicWALL SSL-IA/
SSL-R User's Guide

Advertisement

Table of Contents
loading

Related Manuals for SonicWALL SSL-R

Summary of Contents for SonicWALL SSL-R

  • Page 1 SonicWALL SSL-IA/ SSL-R User’s Guide...
  • Page 2 (with all backup copies) may be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.

  • Page 3: Table Of Contents

    CONTENTS Software License Agreement for the SonicWALL Configuration Manager ....Limited Warranty....................Hardware Warranty ....................SonicWALL SSL-IA/SSL-R ................About This Guide....................SSL-IA/SSL-R Features................... Released Platforms ....................Text Conventions ....................Notes, Cautions, and Warnings................Installation...................... Panel Description ....................Package Contents....................Installing the Hardware ..................
  • Page 4 Text Conventions ....................Editing and Completion Features ................Overview ......................Configuration Security ................... Methods to Manage the SonicWALL SSL Appliance ........... Initiating a Management Session ................Using the Remote Configuration Manager ............... Top Level Command Set ..................Non-Privileged Command Set .................

  • Page 5: Software License Agreement For The Sonicwall Configuration Manager

    U.S. Government export approval/ licensing. Failure to strictly comply with this provision shall automatically invalidate this License. License Subject to and conditional upon the terms of this SLA, SonicWALL grants you a non-exclusive, nontransferable license to use the SOFTWARE PRODUCT only in conjunction with SonicWALL SSL and LB devices.

  • Page 6: Limited Warranty

    1160 Bordeaux Drive, Sunnyvale, California 94089. Limited Warranty Media. For a period of ninety (90) days from the date of license, SonicWALL warrants to you only that the media containing the SOFTWARE (but not the SOFTWARE itself) is free from physical defects. NO OTHER EXPRESS WARRANTIES ARE MADE OR AUTHORIZED WITH RESPECT TO THE MEDIA.
  • Page 7 SOFTWARE PRODUCT, and shall continue until terminated. Without prejudice to any other rights, SonicWALL may terminate this SLA if you fail to comply with the terms and conditions of this SLA. In such event, you agree to return or destroy the SOFTWARE PRODUCT (including all related documents and components items as defined above) and any and all copies of same.

  • Page 8: Hardware Warranty

    If there is a defect in the hardware, SonicWALL will replace the product at no charge, provided that it is returned to SonicWALL with transportation charges prepaid. A Return Materials Authorization (RMA) number must be displayed on the outside of the package for the product being returned for replacement or the product will be refused.

  • Page 9: Sonicwall Ssl-Ia/Ssl-R

    The SSL-IA/SSL-R are Secure Sockets Layer (SSL) offloading solutions that allow servers to provide both secure and non-secure services at the same high speeds. The SSL-IA is a small-footprint appliance; the SSL-R is a rack-mountable device. In this guide, the term “SSL appliance” refers to either device.

  • Page 10: Ssl-Ia/Ssl-R Features

    SSL version 2.0 and 3.0 support Released Platforms The SonicWALL configuration manager supports Linux Red Hat versions 5.2, 6.0, 6.1, 6.2, and 7.0; Windows NT 4.0; Windows 2000; and Solaris 2.6, 7, and 8 operating systems. The root directory of the CD-ROM includes a readme.txt file containing information that became available after this guide went to press.

  • Page 11: Notes, Cautions, And Warnings

    Chapter 1 SonicWALL SSL-IA/SSL-R Additional text conventions, applicable to command line entry, are shown in Chapter C Command Summary. Notes, Cautions, and Warnings Throughout this manual you will see notes, cautions, and warnings drawing your attention to important information. An example of each is shown below.
  • Page 12 Page 12 SSL-IA/SSL-R User’s Guide...

  • Page 13: Installation

    Chapter 2 Installation INSTALLATION This chapter presents installation instructions for the SSL-IA/SSL-R hardware and software components. The products are referred to collectively as SonicWALL SSL appliances. This chapter also presents some examples for deploying SonicWALL SSL appliances. The Setup area of the SonicWALL website SSL Center contains helpful information, including: •...
  • Page 14 Figure 2-2 and 2-3 show the front and back panels of the SSL-R, respectively. Location of power LEDs and Ethernet interfaces is displayed. Power LED 1 Aux Port Console Port Server Interface Network Interface Power LED 2 Reset Switch Test LED Figure 2-2.

  • Page 15: Package Contents

    Web: <http://www.sonicwall.com/support/> Phone: (408) 745-9600. Installing the Hardware This section describes how to install the SSL-IA and SSL-R as free-standing and rack- mounted units, where applicable. Locating the SSL-IA (Free Standing) Place the SSL-IA on a level surface in an area with access to your network cabling. Allow at least an inch of space around the SSL-IA for adequate ventilation.
  • Page 16 AC power outlet. If you are installing a SSL-R, ensure the power switches are in the “0” (off) position, attach the power cables to the power inputs on the appliance, and plug the other ends into AC power outlets.

  • Page 17: Connecting To Ethernet

    If the connector does not disengage, press the tab down more firmly and pull again. If you are using the SonicWALL SSL appliance in two-port mode, you must connect Note: the cables to the SSL appliance so client requests (inbound) and server traffic (outbound) move through different ports.

  • Page 18: Deployment Examples

    Deployment Examples This section contains several examples for deployment of SonicWALL SSL appliances. Additional deployment and setup information can be found at: <http://www.sonicwall.com/ssl-center/ssl-setup.html> Single Appliance Installation—Dual-Port Mode A single SSL device provides SSL offloading and processing for an entire server farm.
  • Page 19 Chapter 2 Installation Single Appliance Installation—Single-Port Mode A single SSL device provides SSL offloading and processing for an entire server farm. This mode of operation is designed to be used in conjunction with Layer 7 switches. Additionally, the content switch must be configured to provide the filtering and security methods because the SSL appliance cannot prevent plain or clear text access to your server’s secure data while in this mode.
  • Page 20 Load Balanced SonicWALL SSL appliances can be installed in front of or behind a load balancer. If the load balancer is using URL- or cookie-related load balancing, install the appliance in front of the load balancer. In this configuration, the load balancer receives clear text packets decrypted by the SSL device.

  • Page 21: Installing The Software

    Respond to the following screen prompt, pressing Enter to install the software: The following packages are available: 1. SNWLconfg SonicWALL Configuration Manager Select package(s) you wish to process (or “all” to process all packages). (default: all) [?,??,q] Type q to exit after installation.

  • Page 22: Website Configuration

    Registering Your SonicWALL Product After you install the device, make sure to register the product at the MySonicWALL website: <http://www.mysonicwall.com> You can create a user account to activate and manage services for all of your SonicWALL products. Note: For the latest version of this manual and other SonicWALL documentation, go to http://www.sonicwall.com/products/documentation.html or...
  • Page 23 Access firmware and security service updates • Get SonicWALL alerts on services, firmware, and products • Check status of your SonicWALL services and upgrades linked to each registered SonicWALL device • Manage (activate, change, or delete) your SonicWALL security services online How do I Get Started with mySonicWALL.com?
  • Page 24 Page 24 SSL-IA/SSL-R User’s Guide...

  • Page 25: Ssl Introduction

    This chapter presents a short introduction to basic SSL components and a description of how the components are used in configuring the SonicWALL SSL appliance. Instructions for using OpenSSL to generate keys and certificates is also included in this chapter.
  • Page 26 Use 443 (generally used for SSL transactions) as the SSL TCP service port and 443 as the clear text port. Configure the server to not use SSL and to monitor port 443. TCP service port 80 requests are serviced normally. Page 26 SSL-IA/SSL-R User’s Guide...

  • Page 27: Before You Begin

    Chapter 3 SSL Introduction • Use 443 as the SSL TCP service port and 81 (or another unused port) for the clear text port. Configure the server to monitor port 81. TCP service port 80 requests are serviced normally. All data sent on any other port is passed through transparently in both directions. See the remoteport and sslport commands in Chapter C Command Summary.
  • Page 28 Internet Service Manager. Or you can open the Internet Service Manager in the Administrative Tools folder in the Control Panel. Right-click the web site object and click Properties in the shortcut menu. Click the Directory Security tab. Page 28 SSL-IA/SSL-R User’s Guide...

  • Page 29: Using Openssl

    Chapter 3 SSL Introduction Click View Certificate in the Secure Communications panel. The Certificate Viewer appears. Click the Details tab. Click Copy to File. The Certificate Export Wizard appears. Click Next. The Export Private Key screen appears. Select the Yes, export the private key option. Click Next. The Export File Format screen appears.

  • Page 30: Configuration Security

    Passwords SonicWALL SSL appliances use two levels of password protection: access- and enable-level. Access-level passwords control who can attach the configuration manager to the specific device and view statistics and other nonsensitive data. Enable-level passwords control who can view the same data available with access-level passwords as well as view sensitive data and configure the device.

  • Page 31: Sonicwall Ssl Configuration Components

    (reloads) with factory default settings. Caution: All configuration is lost when using the factory default reset. SonicWALL SSL Configuration Components When you configure an appliance to perform SSL offloading you are actually setting up one or more logical secure servers whose SSL-related configurations reside in the appliance.
  • Page 32 GUI. Security Policies SonicWALL SSL appliances can process a wide range of single and composite cryptography schemes. The following table shows a comparison of the individual schemes. If you configure the device to use the weak security policy, all schemes marked as “weak” are used.

  • Page 33: Methods To Manage The Sonicwall Ssl Appliance

    Additionally you can create your own specialized security policies, assigning the cryptographic schemes you wish to use singly or in combination. Methods to Manage the SonicWALL SSL Appliance You can configure the SonicWALL SSL appliance using one of four methods, three of which use the command-line interface configuration manager. •...
  • Page 34 URL or IP address Additionally, we provide a guided QuickStart wizard configuration method, available any time the configuration manager is used. To use this method of configuring the SonicWALL SSL appliance, see Chapter 4 QuickStart Wizard. Brief instructions are also included for initiating a management session using the configuration manager.

  • Page 35: Quickstart Wizard

    Telnet After you have assigned an IP address to the SonicWALL SSL appliance using the serial connection or remote configuration manager, you can attach to the appliance via telnet. Initiate a telnet session with the IP address previously assigned to the appliance.
  • Page 36 Solaris. Enter inxcfg at a Unix shell prompt. Windows NT and Windows 2000 Software. To start the configuration manager, use the Start menu and point to Programs>SonicWALL Corporation and click SonicWALL Configuration Manager, or double-click the shortcut on the desktop.
  • Page 37 “Network” port. Device types are networked SSL-IA, SSL-R, SSL-R3, and SSL-R6 devices and local SSL-PCI cards. For SSL-R3 and SSL-R6 devices, one instance is displayed in the device list for each SSL module (“Server”/”Network”...

  • Page 38: Following The Quickstart Wizard

    (See Chapter 3 SSL Introduction for a discussion of port blocking.) You can abort the current clear text port designation and enter a different TCP service port, or approve using TCP service port 80 for clear text. Page 38 SSL-IA/SSL-R User’s Guide...
  • Page 39 Chapter 4 QuickStart Wizard You have completed TCP service port configuration of the logical secure server and are ready to specify the key to use. CONFIGURE SSL-SERVER ‘myServer’ KEY SSL-server name : myServer Ip address : 10.1.2.3 Secure Port : 443 Clear Port : 80 Each ssl-server is associated with a key.
  • Page 40 If you do not choose to re-enter the key and certificate, your choices are accepted, but the secure server is not configured correctly and will not function properly. Page 40 SSL-IA/SSL-R User’s Guide...
  • Page 41 Chapter 4 QuickStart Wizard After the certificate has been properly loaded, you are shown a summary and asked to specify a security policy. CONFIGURE SSL-SERVER ‘myServer’ SECURITY POLICY SSL-server name : myServer IP address : 10.1.2.3 Secure Port : 443 Clear Port : 80 Key name...
  • Page 42 (enable) password for the device. SETUP CONFIGURATION PASSWORD PROTECTION Would you like to set a password to protect configuration of the SSL-R? (y/n): Type y, and enter a password. Re-enter it to confirm. You must set a configuration password for the device to ensure its security. The password you enter is not displayed.
  • Page 43 Chapter 4 QuickStart Wizard Certificates *no certificate list entries* Certificate groups *no certificate group list entries* Security Policies ------------------------------------------ Name Id RC Policy List ------------------------------------------ default ARC4-MD5,ARC4-SHA,EXP-ARC4-MD5,EXP-ARC4-SHA, EXP1024-ARC4-MD5,EXP1024-ARC2-CBC-MD5, EXP1024-ARC4-SHA,NULL-MD5,NULL-SHA weak EXP-ARC4-MD5,EXP-ARC4-SHA,EXP-ARC2-MD5, EXP1024-ARC4-MD5,EXP1024-ARC2-CBC-MD5, EXP1024-DES-CBC-SHA,EXP1024-ARC4-SHA,NULL-MD5, NULL-SHA,EXP-DES-CBC-SHA strong DES-CBC-MD5,DES-CBC-SHA,DES-CBC3-MD5,DES-CBC3-SHA, ARC4-MD5,ARC4-SHA DES-CBC-MD5,DES-CBC-SHA,DES-CBC3-MD5,DES-CBC3-SHA, ARC4-MD5,ARC4-SHA,EXP-ARC4-MD5,EXP-ARC4-SHA, EXP-ARC2-MD5,EXP1024-ARC4-MD5,EXP1024-ARC2-CBC-MD5, EXP1024-DES-CBC-SHA,EXP1024-ARC4-SHA,NULL-MD5, NULL-SHA,EXP-DES-CBC-SHA SSL Servers...
  • Page 44 “Y” indicates the key and certificate match, “N” indicates the key and certificate do not match PKey The name of the private key assigned to the SSL server Cert The name of the certificate assigned to the SSL server Page 44 SSL-IA/SSL-R User’s Guide...

  • Page 45: Using The Quickstart Wizard With A Configured Appliance

    Using the QuickStart Wizard with a Configured Appliance If you wish to run the QuickStart wizard for a previously configured SonicWALL SSL appliance, follow these steps: Initiate a management session and start the configuration manager as described previously.
  • Page 46 Page 46 SSL-IA/SSL-R User’s Guide...

  • Page 47: Configuration Manager

    Refer to Chapter 3 SSL Introduction for a brief introduction to how the SonicWALL SSL appliance works with components of the SSL protocol and description of the information you need to begin configuration. If you have not installed the software, refer to Chapter 2 Installation for instructions.

  • Page 48: Configuration Security

    Passwords SonicWALL SSL appliances use two levels of password protection: access- and enable-level. Access-level passwords control who can attach the configuration manager to the specific device and view statistics and other nonsensitive data. Enable-level passwords control who can view the same data available with access-level passwords as well as view sensitive data and configure the device.

  • Page 49: Initiating A Management Session

    DB9 connector marked “CONSOLE”. Attach the other end to a serial port on the configuring computer. SSL-R —Attach the included null modem cable to the appliance port marked “CONSOLE”. Attach the other end of the null modem cable to a serial port on the configuring computer.

  • Page 50: Using The Remote Configuration Manager

    SonicWALL Configuration Manager, or double-click the shortcut on the desktop. Using the Remote Configuration Manager Enter show device list to display a list of all SonicWALL SSL devices in the same broadcast domain as the configuring computer. Devices are listed in the following format:...
  • Page 51 Chapter 5 Configuration Manager For example, entering show device list returns the following list of unattached devices: SSL-R sslDev1 SSL-R sslDev2 SSL-R myDevice SSL-IA sslBox3 To attach the configuration manager to the device myDevice , enter this command: on myDevice attach The auto completer function can assist data entry.

  • Page 52: Configuring The Device

    Note: The remote configuration instructions in this example assume only one SonicWALL SSL device is on available for configuration or that you have set the on-prefix to a single device. If you have more than one SSL device available for configuration, refer to section "Specifying Devices"...
  • Page 53 Chapter 5 Configuration Manager If you wish to configure the server using the remote configuration manager, initiate a remote management session, attach to the appliance, and when prompted to use the QuickStart wizard, enter n. Go to step step 3. For the remainder of these examples, system prompts are displayed as remote Note: configuration prompts.
  • Page 54 (_), hyphen (-), and period (.) characters. Security policy names must begin with an alphabetic character. Enter Server Configuration mode and create a server named myServer . Assign the IP address 10.1.2.4 and netmask 255.255.255.0. Assign port 443 for monitoring Page 54 SSL-IA/SSL-R User’s Guide...
  • Page 55 Chapter 5 Configuration Manager for SSL connections and port 81 for sending clear text. Assign the key association and security policies just created. Return to Privileged mode. (config-ssl[myDevice])> server myServer create (config-ssl-server[myServer])> ip address 10.1.2.4 (config-ssl-server[myServer])> sslport 443 (config-ssl-server[myServer])> remoteport 81 (config-ssl-server[myServer])>...
  • Page 56 You must enter the discover command using the TCP service port as an argument. The following command tells the configuration manager to use port 8089 to look for SonicWALL SSL appliances. inxcfg> discover port 8089 The device is listed following a show device list command.

  • Page 57: Step-Up Certificates And Server-Gated Cryptography

    Chapter 5 Configuration Manager Step-Up Certificates and Server-Gated Cryptography SonicWALL SSL devices support both Netscape International Step-Up Certificates and Microsoft Server-Gated Cryptography. No special configuration is needed for the device to function properly with these certificates. Load the certificate normally.

  • Page 58: Supporting Snmp

    Supporting SNMP SonicWALL SSL appliances have basic support for SNMP functions. The device is shipped with SNMP disabled. This example demonstrates how to set basic SNMP data. EXAMPLE: Configuring SNMP Initiate a management session as described previously.

  • Page 59: Supporting Rip

    Supporting RIP SonicWALL SSL devices support Routing Information Protocol (RIP) versions 1 and 2. This example demonstrates how to enable RIP version 1 packet usage. EXAMPLE: Configuring RIP Initiate a management session as described previously.

  • Page 60: Supporting Other Secure Protocols

    Supporting Other Secure Protocols Along with SSL, SonicWALL SSL devices can support other secure protocols using TLS v1.0, SSL v2.0, and SSL v3.0. SFTP, IMAPS, POP3S, NNTPS, and LDAPS are some examples. The steps below show how to configure the SSL appliance for setting up a secure server to process only POP3S (S-POP) mail.

  • Page 61: Graphical User Interface Reference

    This chapter describes how to use the Graphical User Interface (GUI) to configure the SSL-IA and SSL-R. The GUI provides a convenient, web browser-based method of configuring SSL appliances. While most configuration options are available with the GUI, you must be aware of the following constraints: •...

  • Page 62: General Configuration Examples

    The following examples demonstrate how to use the GUI to configure general appliance settings. Note: To save time, make all the changes you wish, then click Save Changes to write the configuration to the appliances’ flash memory. Page 62 SSL-IA/SSL-R User’s Guide...
  • Page 63 Chapter 6 Graphical User Interface Reference EXAMPLE: Setting the Device Name (Hostname) Click General to activate the General tabs. Click the Settings tab. Type the name to wish to assign to the appliance in the Device Name text box. Click Update. EXAMPLE: Resetting the IP Address Click Network to activate the Network tabs.
  • Page 64 EXAMPLE: Configuring an Ethernet Interface In this example, the Network interface is set to 100 Mb, full duplex. Click Network to activate the Network tabs. Locate the Network Interface panel. Select “Full 100” from the list box. Page 64 SSL-IA/SSL-R User’s Guide...

  • Page 65: Ssl Configuration Examples

    The following examples demonstrate how to set up SSL configurations for the appliance. If necessary, refer to Chapter 3 SSL Introduction for information on how the SonicWALL SSL appliance works with SSL protocol information. EXAMPLE: Setting up a Secure Server In this example, the default SSL port (443) and remote port 81 are used.
  • Page 66 Select “strong” from the Security Policy list box. Select “myCert” from the Certificate list box. Select “myKey” from the Private Key list box. Click OK to create the secure server in the appliance. EXAMPLE: Creating and Using Chained Certificates Click SSL to activate the SSL tabs. Page 66 SSL-IA/SSL-R User’s Guide...
  • Page 67 Chapter 6 Graphical User Interface Reference Click the Certificate Groups tab. Click New Certificate Group. The Add Certificate Group window opens. Type the name for the group in the Name text box. Click and CTRL-click the certificates listed in the Member Certificates list box to add to the certificate group.
  • Page 68 Page 68 SSL-IA/SSL-R User’s Guide...

  • Page 69: Atechnical Specifications

    Appendix A Technical Specifications TECHNICAL SPECIFICATIONS The SSL-IA/SSL-R have the following specifications: Specification SSL-IA SSL-R Interfaces: RJ-45 10/100Base-T Ethernet ports Serial Ports: 2 (on serial access cable) Mini-din9: Power: Operating voltage 100-240 VAC, 50-60 Hz Power: Consumption 25 W Power Supply...
  • Page 70 Page 70 SSL-IA/SSL-R User’s Guide...

  • Page 71: Troubleshooting Guide

    TROUBLESHOOTING GUIDE This chapter provides solutions for problems that you might encounter when using the SonicWALL Transaction Security appliance. If you are unable to solve your problem, please visit SonicWALL’s Technical Support Web site at <http://support.sonicwall.com>. There, you will find resources to help you resolve most technical issues, and instructions for contacting SonicWALL’s Technical Support engineers.
  • Page 72 SonicWALL SSL appliance, enter the discover command to find new devices in the same broadcast domain. I cannot connect to the appliance using the GUI. • Use any of the configuration manager methods to ensure that web management is enabled. Attach to the appliance, if necessary, then use these commands:...

  • Page 73: Ccommand Summary

    COMMAND SUMMARY This appendix contains a categorized listing of configuration manager commands for SonicWALL SSL devices. Each command is described and, where appropriate, an example of usage is included. Chapter 6 Graphical User Interface Reference contains instructions for using the GUI.

  • Page 74: Editing And Completion Features

    Most configuration commands require filling all fields in the command. You can use the Tab key to help you. For example, if you enter this: ip address Tab Page 74 SSL-IA/SSL-R User’s Guide...

  • Page 75: Overview

    Appendix C Command Summary You’ll receive this prompt: ip address <IP address> [netmask [netmask]] Where: <IP address> = a.b.c.d|0xhhhhhhhh [netmask] = keyword [Netmask address] = a.b.c.d|0xhhhhhhhh (config-server)# ip address Use the information displayed to help you enter the command with the correct syntax and data.

  • Page 76: Configuration Security

    Passwords SonicWALL SSL appliances use two levels of password protection: access- and enable-level. Access-level passwords control who can attach the configuration manager to the specific device and view statistics and other nonsensitive data. Enable-level passwords control who can view the same data available with access-level passwords as well as view sensitive data and configure the device.

  • Page 77: Methods To Manage The Sonicwall Ssl Appliance

    Caution: All configuration is lost when using the factory default reset. Methods to Manage the SonicWALL SSL Appliance You can configure the SonicWALL SSL appliance using one of four methods, three of which use the command-line interface configuration manager. •...
  • Page 78 URL or IP address Additionally, we provide a guided QuickStart wizard configuration method, available any time the configuration manager is used. To use this method of configuring the SonicWALL SSL appliance, see Chapter 4 QuickStart Wizard. Brief instructions are also included for initiating a management session using the configuration manager.

  • Page 79: Initiating A Management Session

    Telnet After you have assigned an IP address to the SonicWALL SSL appliance using the serial connection or remote configuration manager, you can attach to the appliance via telnet. Initiate a telnet session with the IP address previously assigned to the appliance.

  • Page 80: Using The Remote Configuration Manager

    SonicWALL Configuration Manager, or double-click the shortcut on the desktop. Using the Remote Configuration Manager Enter show device list to display a list of all SonicWALL SSL devices in the same broadcast domain as the configuring computer. Devices are listed in the following format:...
  • Page 81 Appendix C Command Summary below create a device group named myGroup and add three devices to it and display the contents of the group. inxcfg> group myGroup create (group[myGroup])> device sslDev1 (group[myGroup])> device sslDev2 (group[myGroup])> device myDevice (group[myGroup])> info group name: myGroup number of devices: 3 device: sslDev1 device: sslDev2...

  • Page 82: Top Level Command Set

    Note: If you have forgotten the device’s access password, see Appliance Factory Default Reset Password on page 77. Command: clear screen Availability: Remote, Serial, Telnet Description: Clears the display, leaving only one prompt line. Page 82 SSL-IA/SSL-R User’s Guide...
  • Page 83 Appendix C Command Summary Command: Remote, Serial, Telnet Availability: Description: Clears the display, leaving only one prompt line. Command: discover [port <portid>] Remote Availability: Description: Checks the network for new remote devices. Use the port option to specify a TCP service port to search for devices when using an alternate remote management port, where portid is the port number.
  • Page 84 Press any key to stop displaying statistics. When using remote configuration, use the form of the command to specify the target(s) of the command, where devname is the Page 84 SSL-IA/SSL-R User’s Guide...
  • Page 85 Version MacAddr IPaddr Device types are networked SSL-IA, SSL-R, SSL-R3, and SSL-R6 devices and local SSL-PCI cards. For SSL-R3 and SSL-R6 devices, one instance is displayed in the device list for each SSL module (“Server”/”Network” port pair) on the appliance.
  • Page 86 Page 86 SSL-IA/SSL-R User’s Guide...
  • Page 87 Appendix C Command Summary Command: show ip domain-name on <devname|groupname|all> show ip domain-name Remote, Serial, Telnet Availability: Description: Displays DNS configuration information for a single device. When using remote configuration, use the form of the command to specify the target(s) of the command, where devname is the name of a single device, groupname is the name of a user-defined device group, and represents all appropriate devices.
  • Page 88 Command: show profile Availability: Remote Description: Displays current user preferences setting. Command: show rack Availability: Remote Description: Displays a list of discovered SSL-R3 and SSL-R6 systems. Page 88 SSL-IA/SSL-R User’s Guide...
  • Page 89 Appendix C Command Summary Command: show remote-management on <devname|groupname|all> show remote-management Remote, Serial, Telnet Availability: Description: Displays remote management information for a single device. When using remote configuration, use the form of the command to specify the target(s) of the command, where devname is the name of a single device, groupname is the name of a user-defined device group, and represents all appropriate devices.
  • Page 90 SSL System Write Broken Connection Errors to Client SSLR SSL System Read Errors from Client SSLRBC SSL System Read Broken Connection Errors from Client SVRW System Write Errors to Remote Server SVRWBC Broken Connection Write Errors to Remote Server Page 90 SSL-IA/SSL-R User’s Guide...
  • Page 91 Appendix C Command Summary Error Description SVRR System Read Errors from Remote Server SVRRBC Broken Connection Read Errors from Remote Server Command: show ssl key [<keyname>] on <devname|groupname|all> show ssl key [<keyname>] Remote, Serial, Telnet Availability: Description: Displays summary data for the specified public/private key pair loaded on a single device, where keyname is the name of the key.
  • Page 92 When using remote configuration, use the form of the command to specify the target(s) of the command, where devname is the name of a single device, groupname is the name of a user-defined device group, and represents all appropriate devices. Page 92 SSL-IA/SSL-R User’s Guide...
  • Page 93 Appendix C Command Summary Command: show terminal Remote, Serial, Telnet Availability: Description: Displays terminal setting information. Command: show version Remote, Serial, Telnet Availability: Description: Displays configuration manager version information. Command: [no] terminal history <length> Remote, Serial, Telnet Availability: Sets the number of commands saved in the history buffer, where length is the Description: number of commands.
  • Page 94 Resets all SSL statistics for a single device. When using remote configuration, use form of the command to specify the target(s) of the command, where devname is the name of a single device, groupname is the name of a user-defined device group, and represents all appropriate devices. Page 94 SSL-IA/SSL-R User’s Guide...
  • Page 95 Remote Description: Uploads a SonicWALL image file to the device flash, where filename is the path and name of the file. You are prompted for the file name if you do not provide it on the command line. When using remote configuration, use the...
  • Page 96 Command: copy to flash <url> Serial, Telnet Availability: Uploads a SonicWALL image file to the device flash, where url is the URL of the file. Description: Command: copy to running-configuration [<filename>] on <devname|groupname|all> copy to running-configuration [<filename>]...
  • Page 97 Appendix C Command Summary name of a single device, groupname is the name of a user-defined device group, represents all appropriate devices. Command: erase startup-configuration on <devname|groupname|all> erase startup-configuration Remote, Serial, Telnet Availability: Description: Erases the startup configuration stored in flash on the device. You must specify a device unless only one device is attached.
  • Page 98 Page 98 SSL-IA/SSL-R User’s Guide...
  • Page 99 Appendix C Command Summary Command: write network <url> Serial, Telnet Availability: Writes the configuration of the device to a file on a remote host, where url is the Description: URL of the file. Command: write terminal on <devname|groupname|all> write terminal Remote, Serial, Telnet Availability: Description:...

  • Page 100: Group Configuration Command Set

    Displays information for a specific command, where command is the name of the Description: command. If no command is specified, help information is displayed for all Group Configuration commands. Command: info Availability: Remote Description: Displays current information about the group being created or edited. Page 100 SSL-IA/SSL-R User’s Guide...

  • Page 101: Configuration Command Set

    Appendix C Command Summary Configuration Command Set Use Configuration mode commands to configure the Ethernet interface and SSL functions of the SSL device. Enter Configuration mode using the configure command in Privileged mode. Command: [no] access-list <id> <permit | deny> <ipaddr> <mask> Remote, Serial, Telnet Availability: Adds an access list entry to the end of the specified access list, where id is the list...
  • Page 102 IP address. The metric flag is used to show the total number of hops to the destination IP address. Use flag to delete the specified static route entry from the device’s routing table. Page 102 SSL-IA/SSL-R User’s Guide...
  • Page 103 Appendix C Command Summary Command: [no] ip route default <ipaddr> Remote, Serial, Telnet Availability: Sets the default route for the current device, where ipaddr is the IP address of the Description: default router to use. Use the flag to clear the IP address for the default router. Command: [no] keepalive-monitor <ipaddr>...
  • Page 104 Sets the shared secret passphrase used for encryption, where passphrase is the shared secret. You are prompted for this passphrase the next time an attach attempt is made. Use the form of the command to delete the passphrase. Page 104 SSL-IA/SSL-R User’s Guide...
  • Page 105 Appendix C Command Summary Command: [no] rip [v1|v2] Remote, Serial, Telnet Availability: Description: Enables Routing Interface Protocol (RIP) for the current device. You must specify either versions of the protocol. Using the flag disables RIP completely if you do not specify a version to disable. Example: no rip v2 The first command enables both RIP versions.
  • Page 106 Enables generic SNMP traps. Use the no flag to disable generic SNMP traps. Command: Availability: Remote, Serial, Telnet Description: Enters the SSL Configuration mode for the current SSL device. See the section "SSL Configuration Command Set" for more information. Page 106 SSL-IA/SSL-R User’s Guide...
  • Page 107 Appendix C Command Summary Command: [no] syslog <ipaddr> Remote, Serial, Telnet Availability: Adds the specified IP address to the syslog list for the device, where ipaddr is the Description: specified IP address. Using the flag removes the specified IP address from the syslog list of the current device.
  • Page 108 If you do not specify a command, help information is displayed for all Interface Configuration commands. Command: speed <10|100> Availability: Remote, Serial, Telnet Description: Forces the speed of the current Ethernet interface to 10 Mbps or 100 Mbps. Page 108 SSL-IA/SSL-R User’s Guide...
  • Page 109 Appendix C Command Summary SSL Configuration Command Set Use these commands to set up and manage the SSL configuration for the current SSL device. Enter the SSL Configuration mode by using the configure command in the Privileged mode and the ssl command in Configuration mode. Command: [no] cert <certname>...
  • Page 110 The flag is used to remove a server. You may have up to 255 servers configured. See the section "Server Configuration Command Set" for more information. Page 110 SSL-IA/SSL-R User’s Guide...
  • Page 111 Appendix C Command Summary Certificate Configuration Command Set Use Certificate Configuration commands to set up and manage certificate objects. Enter Certificate Configuration mode by using the configure command in Privileged mode, the ssl command in Configuration mode, and the cert command in SSL Configuration mode. Command: binhex <value>] Remote, Serial, Telnet...
  • Page 112 After the command is entered, you are prompted to paste a certificate from the cut buffer. You can use a text editor to copy the certificate from a file. After the certificate is pasted, you must press Enter twice to complete the command. Page 112 SSL-IA/SSL-R User’s Guide...
  • Page 113 Appendix C Command Summary Certificate Group Configuration Command Set Use Certificate Group Configuration commands to set up and manage certificate groups utilized for chaining. Enter Certificate Group Configuration mode by using the configure command in Privileged mode, the ssl command in Configuration mode, and the certgroup command in SSL Configuration mode.
  • Page 114 Remote, Serial, Telnet Description: Loads a private key into the key entity, where key-filename is the name of the key file exported from IIS 4 only. You must enter a private key password. If you do not Page 114 SSL-IA/SSL-R User’s Guide...
  • Page 115 Appendix C Command Summary enter the file name, you are prompted for it. You must enter the path if the file is not located in the current directory. Command: pem [<key-filename>] Remote, Serial, Telnet Availability: Loads a PEM-encoded X509 private key into the key object, where key-filename is Description: the path and name of the PEM-encoded key file.
  • Page 116 Exits Security Policy Configuration mode, activates all changes, and returns to SSL Configuration mode. Command: exit Availability: Remote, Serial, Telnet Description: Exits Security Policy Configuration mode, activates all changes, and returns to SSL Configuration mode. Page 116 SSL-IA/SSL-R User’s Guide...
  • Page 117 Appendix C Command Summary Command: help [command>] Remote, Serial, Telnet Availability: Displays help information for the specified command, where command is the name Description: of the command. If you do not specify a command, help information is displayed for all Security Policy Configuration commands. Command: info Remote, Serial, Telnet...
  • Page 118 Remote, Serial, Telnet Description: Exits Server Configuration mode, activates all changes, and returns to SSL Configuration mode. Command: exit Availability: Remote, Serial, Telnet Description: Exits Server Configuration mode, activates all changes, and returns to SSL Configuration mode. Page 118 SSL-IA/SSL-R User’s Guide...
  • Page 119 Appendix C Command Summary Command: help [command] Remote, Serial, Telnet Availability: Displays help information for the specified command, where command is the name Description: of the command. If you do not specify a command, help information is displayed for all Server Configuration Commands. Command: info Remote, Serial, Telnet...
  • Page 120 Enables to servers to function as a transparent proxy (default). The flag is used to disable this behavior. When transparent proxy behavior is disabled, the device accepts connections on the device’s IP address rather than on the server’s address. Page 120 SSL-IA/SSL-R User’s Guide...

  • Page 121: D Glossary

    Appendix D Glossary GLOSSARY 10Base-T The IEEE standard for 10 Mbps CSMA/CD networking on twisted-pair cable. 100Base-T The IEEE standard for 100 Mbps CSMA/CD networking over two pairs of Category 5 or packet signaling, on a cable. Access to the cable is based on CSMA/CD. Certificate Digital information that proves the identity of the server;...
  • Page 122 Page 122 SSL-IA/SSL-R User’s Guide...

  • Page 123: Eelectromagnetic Compatibility

    To maintain compliance with the limits of a Class A digital device, SonicWALL requires that you use quality interface cables when connecting to this device. During testing for certification, SonicWALL used Category 5 cables.
  • Page 124 VCCI Canadian Radio Frequency Emissions Statement This Class A digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada. Page 124 SSL-IA/SSL-R User’s Guide...
  • Page 125 Appendix E Electromagnetic Compatibility EC Declaration of Conformity—SSL-IA Page 125...
  • Page 126 EC Declaration of Conformity—SSL-R Page 126 SSL-IA/SSL-R User’s Guide...

  • Page 127: Index

    INDEX Ethernet interface 56 group configuration command set 100 access list GUI 33 definition 31 interface configuration command set 108 Apache mod_SSL 27 key 39 ApacheSSL 27 key configuration command set 114 management method comparison 33 non-privileged command set 82 Canadian Radio Frequency Emissions Statement 124 other secure protocols 60 certificate...
  • Page 128 29 QuickStart wizard key configuration command set 114 description 34 loading 39 starting 36 naming conventions 27 using 35 QuickStart wizard 39 using with configured appliance 45 using existing 27 key configuration command set 114 Page 128 SSL-IA/SSL-R User’s Guide...
  • Page 129 114 resetting to factory defaults 31 security policy configuration command set 116 server configuration command set 118 RIP 59 SonicWALL configuration components 31 SSL configuration command set 109 secure management versions supported 10 See encrypted management...
  • Page 130 36 software 21 Page 130 SSL-IA/SSL-R User’s Guide...

This manual is also suitable for:

Ssl-ia

Table of Contents