SonicWALL NSA Series Getting Started Manual
  1. Manuals
  2. Brands
  3. SonicWALL Manuals
  4. Firewall
  5. NSA 250M series
  6. Getting started manual

SonicWALL NSA Series Getting Started Manual

Hide thumbs Also See for NSA Series:
Table of Contents

Advertisement

Quick Links

NSA_5000_4500_3500_GSG.book Page 1 Wednesday, January 19, 2011 6:21 PM
SonicWALL Network Security Appliances
NSA 5000/4500/3500
NET WORK SECURIT Y
Getting Started Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NSA Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for SonicWALL NSA Series

Summary of Contents for SonicWALL NSA Series

  • Page 1 NSA_5000_4500_3500_GSG.book Page 1 Wednesday, January 19, 2011 6:21 PM SonicWALL Network Security Appliances NSA 5000/4500/3500 NET WORK SECURIT Y Getting Started Guide...
  • Page 2 SonicWALL NSA Getting Started Guide This Getting Started Guide provides instructions for basic installation and configuration of the SonicWALL Network Security Appliance (NSA) 5000/4500/3500 running SonicOS Enhanced. After you complete this guide, computers on your Local Area Network (LAN) will have secure Internet access.
  • Page 3 11.30 lbs/5.14 kg WEEE Weight 11.30 lbs/5.14 kg Note: Always observe proper safety and regulatory guidelines when removing administrator-serviceable parts from the SonicWALL section, on page 56 NSA appliance. Proper guidelines can be found in the Safety and Regulatory Information of this guide.
  • Page 4 NSA_5000_4500_3500_GSG.book Page 3 Wednesday, January 19, 2011 6:21 PM Pre-Configuration Tasks In this Section: This section provides pre-configuration information. Review this section before setting up your SonicWALL NSA Series appliance. Check Package Contents • - page 4 Obtain Configuration Information •...
  • Page 5 NSA_5000_4500_3500_GSG.book Page 4 Wednesday, January 19, 2011 6:21 PM Check Package Contents Before setting up your SonicWALL NSA appliance, verify that your Any Items Missing? package contains the following parts: If any items are missing from your package, please contact SonicWALL support.
  • Page 6 SonicWALL appliance. Obtain Internet Service Provider (ISP) Information Authentication Code: Record the authentication code found on the bottom panel of your SonicWALL Record the following information about your current Internet service: appliance. If you connect Please record...
  • Page 7 Press and hold the button for a few seconds to manually reset the appliance using SafeMode. LED (from left to right) -Power LED: Indicates the SonicWALL NSA appliance is powered on. -Test LED: Flickering: Indicates the appliance is initializing. Steady blinking: Indicates the appliance is in SafeMode.
  • Page 8 NSA_5000_4500_3500_GSG.book Page 7 Wednesday, January 19, 2011 6:21 PM The Back Panel Icon Feature Description Fans (2) The SonicWALL NSA Series includes two fans for system temperature control. Power Supply The SonicWALL NSA Series power supply. SonicWALL NSA 5000/4500/3500 Getting Started Guide Page 7...
  • Page 9 NSA_5000_4500_3500_GSG.book Page 8 Wednesday, January 19, 2011 6:21 PM Page 8 The Back Panel...

  • Page 10: Table Of Contents

    • - page 14 Note: Registration is an important part of the setup process and is necessary in order to receive the benefits of SonicWALL security services, firmware updates, and technical support. SonicWALL NSA 5000/4500/3500 Getting Started Guide Page 9...

  • Page 11: Before You Register

    Security Services licenses with your primary SonicWALL. Note: Your SonicWALL NSA appliance does not need to be powered on during account creation or during the mysonicwall.com registration and licensing process.

  • Page 12: Creating A Mysonicwall.com Account

    Registration Next Steps • - page 14 Product Registration You must register your SonicWALL security appliance on mysonicwall.com to enable full functionality. Login to your mysonicwall.com account. If you do not have an account, you can create one at sonicwall.com <http://www.sonicwall.com/us/support.html>.

  • Page 13: Licensing Security Services And Software

    Status column with either a license key or an expiration date. You can purchase additional services now or at a later time. The following products and services are available for the SonicWALL NSA Series: • Service Bundles: •...
  • Page 14 Management page. A 30-day free trial is immediately Products page, check the Applicable Services table for activated. The Status page displays relevant services that your SonicWALL appliance is already licensed for. Your initial purchase may have included information including the activation status, expiration...

  • Page 15: Registering A Second Appliance As A Backup

    HA Primary unit listed in the Parent Product section, as well as a Status value of 0 in the Associated Products / second SonicWALL of the same model as the first in a high Child Product Type section. availability (HA) pair. You can associate the two appliances as Although the Stateful High Availability Upgrade and all the part of the registration process on mysonicwall.com.
  • Page 16 Configuring L2 Bridge Mode • - page 35 Tip: Obtain Configuration Information Before completing this section, fill out the information in - page 5. You will need to enter this information during the Setup Wizard. SonicWALL NSA 5000/4500/3500 Getting Started Guide Page 15...

  • Page 17: Selecting A Deployment Scenario

    Current Gateway Configuration New Gateway Configuration Use Scenario No gateway appliance Single SonicWALL NSA as a primary gateway. A - NAT/Route Mode Gateway Pair of SonicWALL NSA appliances for high B - NAT with State Sync Pair availability.

  • Page 18: Scenario A: Nat/Route Mode Gateway

    For new network installations or installations where the SonicWALL NSA Series is replacing the existing network gateway. SonicWALL NSA In this scenario, the SonicWALL NSA Series is configured in ISP 1 Network Security Appliance Internet NAT/Route mode to operate as a single network gateway. Two Internet sources may be routed through the SonicWALL appliance for load balancing and failover purposes.

  • Page 19: Scenario B: State Sync Pair In Nat/Route Mode

    HA / Failover Pair Network Security Appliance Network Security Appliance In this scenario, one SonicWALL NSA Series operates as the HA Link primary gateway device and the other SonicWALL NSA Series SonicWALL NSA 1 is in passive mode.

  • Page 20: Scenario C: L2 Bridge Mode

    NSA_5000_4500_3500_GSG.book Page 19 Wednesday, January 19, 2011 6:21 PM Scenario C: L2 Bridge Mode For network installations where the SonicWALL NSA Series is Third Party Gateway running in tandem with an existing network gateway. Internet or L2 Bridge Link LAN Segment 2 In this scenario, the original gateway is maintained.

  • Page 21: Initial Setup

    Initial Setup Accepted Browser Version This section provides initial configuration instructions for Browser Number connecting your SonicWALL NSA Series. Follow these steps if Internet Explorer 6.0 or higher you are setting up Scenario A, B, or C. Firefox 2.0 or higher...
  • Page 22 When the Power LEDs are lit and the Test LED is no longer lit, the SonicWALL NSA is ready for configuration. This typically occurs within a few minutes of applying power to the appliance.
  • Page 23 Accessing the Management Interface Accessing the Setup Wizard The computer you use to manage the SonicWALL NSA Series If you cannot connect to the SonicWALL NSA appliance or the must be set up to accept a dynamic IP address, or it must have Setup Wizard does not display, verify the following an unused IP address on the 192.168.168.x/24 subnet, such as...
  • Page 24 Restart your Management Station to accept new server active on the LAN port. However, if a DHCP server is network settings from the DHCP server in the already active on your LAN, the SonicWALL will disable its own SonicWALL security appliance. DHCP server to prevent conflicts.
  • Page 25 It is available on mysonicwall.com at the top your licensed services from within the SonicOS user interface: of the Service Management page for your SonicWALL NSA appliance. • Activate licenses To activate licenses in SonicOS: •...

  • Page 26: Upgrading Firmware On Your Sonicwall

    The following procedures are for upgrading an existing your SonicWALL security appliance configuration settings. The SonicOS Enhanced image to a newer version: backup feature saves a copy of the current configuration settings on your SonicWALL security appliance, protecting all Obtaining the Latest Firmware • - page 25...
  • Page 27 In the confirmation dialog box, click OK. The SonicWALL Using SafeMode to Upgrade Firmware restarts and then displays the login page. If you are unable to connect to the SonicWALL security Enter your user name and password. Your new SonicOS appliance’s management interface, you can restart the Enhanced image version information is listed on the System >...

  • Page 28: Configuring A State Sync Pair In Nat/Route Mode Configuring L2 Bridge Mode

    • Uploaded Firmware - New! Use this option to restart the appliance with your Connect your computer to the X0 port on the SonicWALL current configuration settings. appliance and configure your IP address with an address on the 192.168.168.0/24 subnet, such as 192.168.168.20.

  • Page 29: Initial High Availability Setup

    This section provides instructions for configuring a pair of SonicWALL NSA appliances for high availability (HA). This On the bottom panel of the Backup SonicWALL security section is relevant to administrators following deployment appliance, locate the serial number and write the number scenario B.

  • Page 30: Configuring High Availability

    Navigate to the High Availability > Advanced page. The first task in setting up HA after initial setup is configuring the High Availability > Settings page on the Primary SonicWALL To configure Stateful HA, select Enable Stateful security appliance. Once you configure HA on the Primary Synchronization.
  • Page 31 45 seconds. In large or complex networks, a larger milliseconds. Less than this may cause unnecessary value may improve network stability during a failover. failovers, especially when the SonicWALL is under a heavy Click the Include Certificates/Keys checkbox to have the load.

  • Page 32: Synchronizing Settings

    From your management workstation, test connectivity through note that the management interface displays Logged Into: the Backup SonicWALL by accessing a site on the public Primary SonicWALL Status: (green ball) Active in the upper- Internet – note that the Backup SonicWALL, when active, right-hand corner.

  • Page 33: Adjusting High Availability Settings

    • Election Delay Time – This timer can be used to specify an amount of time the SonicWALL will wait to consider an interface up and stable, and is useful when dealing with switch ports that have a spanning-tree delay set.

  • Page 34: Ha License Configuration Overview

    You can configure HA license synchronization by associating provided before the failover. To enable HA, you can use the two SonicWALL security appliances as HA Primary and HA SonicOS UI to configure your two appliances as a HA pair in Secondary on mysonicwall.com.

  • Page 35: Associating Pre-Registered Appliances

    Associating Pre-Registered Appliances Select the group from the Product Group drop-down list. The product group setting specifies the mysonicwall users To associate two already-registered SonicWALL security who can upgrade or modify the appliance. appliances so that they can use HA license synchronization, Click Register.
  • Page 36 Configuring the Secondary Bridge Interface • - page 36 Connection Overview Connect the X1 port on your SonicWALL NSA Series to the LAN port on your existing Internet gateway device. Then connect the X0 port on your SonicWALL to your LAN. Network Gateway...
  • Page 37 NSA_5000_4500_3500_GSG.book Page 36 Wednesday, January 19, 2011 6:21 PM Configuring the Secondary Bridge Interface Note: Complete the following steps to configure the SonicWALL Do not enable Never route traffic on the bridge-pair appliance: unless your network topology requires that all packets entering the L2 Bridge remain on the L2 Bridge Navigate to the Network >...
  • Page 38 Enabling Security Services in SonicOS • - page 44 Applying Security Services to Zones • - page 44 Troubleshooting Diagnostic Tools • - page 45 Deployment Configuration Reference Checklist • - page 47 SonicWALL NSA 5000/4500/3500 Getting Started Guide Page 37...
  • Page 39 Deny enforced by binding a zone to one or more physical interfaces (such as, X0, X1, or X2) on the SonicWALL UTM appliance. The X1 and X0 interfaces are preconfigured as WAN and LAN respectively. The remaining ports can be configured to meet the...
  • Page 40 The access rules are sorted from the most specific at the top to the least specific at the bottom of the table. At the bottom of the table is the Any rule. SonicWALL NSA 5000/4500/3500 Getting Started Guide Page 39...
  • Page 41 Comments field. • Specify the number of connections allowed as a percent of maximum number of connections allowed by the SonicWALL security appliance in the Number of connections allowed (% of maximum connections) field. • Select Create a reflexive rule if you want to create a...
  • Page 42 Address Objects as a defining criterion. You can create multiple NAT policies on a SonicWALL running SonicOS Enhanced for the same object – for instance, you can Since there are multiple types of network address expressions,...
  • Page 43 Default Address Objects - displays Address Objects If you selected Network, enter the network IP address configured by default on the SonicWALL security and netmask in the Network and Netmask fields. If you selected MAC, enter the MAC address and appliance.
  • Page 44 IP address of interfaces of the SonicWALL security appliance – just replace the SonicWALL security appliance WAN port, and not from the the Original Source with the subnet behind that interface, internal private IP address.
  • Page 45 DMZ or Wireless LAN (WLAN), you must apply the security services to the network zones. For example, you can configure SonicWALL Intrusion Prevention Service for incoming and outgoing traffic on the WLAN zone to add more security for Intrusion Prevention internal network traffic.
  • Page 46 Troubleshooting Diagnostic Tools The Ping test bounces a packet off a machine on the Internet and returns it to the sender. This test shows if the SonicWALL SonicOS provides a number of diagnostic tools to help you security appliance is able to contact the remote host. If users on maintain your network and troubleshoot problems.
  • Page 47 The SonicOS user interface provides three windows to display different views of the captured packets. The SonicWALL security appliance maintains an Event log for tracking potential security threats. You can view the log in the Log > View page, or it can be automatically sent to an email address for convenience and archiving.
  • Page 48 Setting logging levels Configuring Log Categories (“Logging Level” section) Configuring threat prevention on all used zones Configuring Zones (“Enabling SonicWALL Security Services on Zones” section) Configuring Web filtering protection Configuring SonicWALL Content Filtering Service Changing administrator login Configuring Administration Settings ("Administrator Name &...
  • Page 49 NSA_5000_4500_3500_GSG.book Page 48 Wednesday, January 19, 2011 6:21 PM Page 48 Deployment Configuration Reference Checklist...
  • Page 50 NSA_5000_4500_3500_GSG.book Page 49 Wednesday, January 19, 2011 6:21 PM Support and Training Options In this Section: This section provides overviews of customer support and training options for the SonicWALL NSA Series. Customer Support • - page 50 Dynamic Tooltips •...

  • Page 51: Customer Support

    The Knowledge Portal is a resource that allows users to search customers who have a valid Warranty or who purchased a for SonicWALL documents, and set alerts when new content is Support Contract. Please review our Warranty Support Policy available, based on the following types of search tools: for product coverage.

  • Page 52: User Forums

    NSA_5000_4500_3500_GSG.book Page 51 Wednesday, January 19, 2011 6:21 PM User Forums The SonicWALL User Forums is a resource that provides users the ability to communicate and discuss a variety of security and appliance subject matters. In this forum, the following categories are available for users: •...

  • Page 53: Training

    NSA_5000_4500_3500_GSG.book Page 52 Wednesday, January 19, 2011 6:21 PM Training SonicWALL offers an extensive sales and technical training curriculum for Network Administrators, Security Experts and SonicWALL Medallion Partners who need to enhance their knowledge and maximize their investment in SonicWALL Products and Security Applications.

  • Page 54: Related Documentation

    SonicWALL ViewPoint 4.1 Administrator’s Guide • SonicWALL GAV 2.1 Administrator’s Guide • SonicWALL IPS 2.0 Administrator’s Guide • SonicWALL Anti-Spyware Administrator’s Guide • SonicWALL CFS Administrator’s Guide For further information, visit: <http://www.sonicwall.com/us/support/289.html> SonicWALL NSA 5000/4500/3500 Getting Started Guide Page 53...

  • Page 55: Dynamic Tooltips

    SonicWALL Live Product Demos SonicOS features a dynamic tooltips that appear over various The SonicWALL Live Demo Site provides free test drives of elements of the GUI when the mouse hovers over them. SonicWALL security products and services through interactive...
  • Page 56 In this Section: This section provides regulatory along with trademark and copyright information. Safety and Regulatory Information • - page 56 Copyright Notice • - page 59 Trademarks • - page 59 SonicWALL NSA 5000/4500/3500 Getting Started Guide Page 55...
  • Page 57 Choose a mounting location where all four mounting holes line The Lithium Battery used in the SonicWALL Internet security appliance may not be replaced by the user. The SonicWALL must be returned to a up with those of the mounting bars of the 19-inch rack mount SonicWALL authorized service center for replacement with the same or cabinet.
  • Page 58 Stellen Sie sicher, dass das Gerät vor Wasser und hoher Luft- Geräten in Innenräumen. Schließen Sie an die Anschlüsse der feuchtigkeit geschützt ist. SonicWALL keine Kabel an, die aus dem Gebäude in dem sich das • Stellen Sie sicher, dass die Luft um das Gerät herum zirkuli- Gerät befindet ,herausgeführt werden.
  • Page 59 Caution: Modifying this equipment or using this equipment for purposes not shown EN 60950-1 (2006) +A11 in this manual without the written consent of SonicWALL, Inc. could void the user’s National Deviations: AR, AT, AU, BE, BR, CA, CH, CN, CZ, authority to operate this equipment.
  • Page 60 Specifications and descriptions subject to change without notice. Trademarks SonicWALL is a registered trademark of SonicWALL, Inc. Microsoft Windows 98, Windows Vista, Windows 2000, Windows XP, Windows Server 2003, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation.
  • Page 61 NSA_5000_4500_3500_GSG.book Page 60 Wednesday, January 19, 2011 6:21 PM Page 60 Trademarks...
  • Page 62 F +1 408.745.9300 P/N 232-001265-52 Rev A 01/11 ©2011 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice.

This manual is also suitable for:

Nsa 5000Nsa 4500Nsa 3500

Table of Contents