This action might not be possible to undo. Are you sure you want to continue?
NET WORK SECURIT Y
Getting Started Guide
SonicWALL NSA 2400 Getting Started Guide
This Getting Started Guide provides instructions for basic installation and configuration of the SonicWALL Network Security Appliance (NSA) 2400 running SonicOS Enhanced. After you complete this guide, computers on your Local Area Network (LAN) will have secure Internet access.
This document contains the following sections:
1 2 3 4 5 6
Pre-Configuration Tasks - page 3 Registering Your Appliance on MySonicWALL - page 9 Deployment Scenarios - page 15 Additional Deployment Configuration - page 37 Support and Training Options - page 59 Product Safety and Regulatory Information - page 67
SonicWALL NSA 2400 Getting Started Guide Page 1
SonicWALL NSA 2400 Physical Characteristics
Network Security Appliance
Form Factor 1U rack-mountable Dimensions 17 x 10.25 x 1.75 in 43.18 x 26.04 x 4.44 cm Weight 8.05 lbs/ 3.71 kg WEEE Weight 8.05 lbs/ 3.71 kg Voltage 1 Amp / 50-60Hz
Note: Always observe proper safety and regulatory guidelines when removing administrator-serviceable parts from the SonicWALL
NSA appliance. Proper guidelines can be found in the Safety and Regulatory Information section, on page 68 of this guide.
Page 2 SonicWALL NSA 2400 Physical Characteristics
page 5 The Front Panel .Pre-Configuration Tasks 1 In this Section: This section provides pre-configuration information.page 7 SonicWALL NSA 2400 Getting Started Guide Page 3 .page 6 The Back Panel . Review this section before setting up your SonicWALL NSA 2400 appliance.page 4 Obtain Configuration Information . • • • • Check Package Contents .
html> *The included power cord is intended for use in North America only. A listing of the most current support documents are available online at: <http://www.Check Package Contents Before setting up your SonicWALL NSA appliance.com/us/support. a power cord is not included.sonicwall. please contact SonicWALL support. **This item is not included in the below illustration. For European Union (EU) customers. verify that your package contains the following parts: 1 2 3 4 5 Any Items Missing? If any items are missing from your package. NSA 2400 Appliance DB9 -> RJ45 (CLI) Cable Standard Power Cord* Ethernet Cable Red Crossover Cable 6 7 8 9 Release Notes Global Support Services Guide Getting Started Guide Rack Mount Kit ** SonicOS Release Notes 1 Network Security Appliance 2400 Contents 6 2 3 4 5 SonicWALL Network Security Appliances NET WORK SECURIT Y 7 NSA 2400 Getting Started Guide 8 Page 4 Check Package Contents .
. Record the subnet mask for the local subnet where you are installing your SonicWALL appliance. . Select a static IP address for your Ethernet WAN.sonicwall. (default is password) Registration Information Serial Number: Record the serial number found on the bottom panel of your SonicWALL appliance. .com/us/support. . Note: If you are not using one of the network configurations above. . Networking Information LAN IP Address: . . Record the authentication code found on the bottom panel of your SonicWALL appliance. This setting only applies if you are already using an ISP that assigns a static IP address. . .168.html>. refer to <http://www. Admin Password: Authentication Code: Obtain Internet Service Provider (ISP) Information Record the following information about your current Internet service: If you connect using DHCP Static IP Please record No information is usually required: Some providers may require a Host name: IP Address: Subnet Mask: Default Gateway: Primary DNS: DNS 2 (optional): DNS 3 (optional): . .Obtain Configuration Information Please record and keep for future reference the following setup information: Administrator Information Admin Name: Select an administrator account name. (default is admin) Select an administrator password.168. . . you can use the default IP address (192. . Subnet Mask: . Ethernet WAN IP Address: . Select a static IP address for your SonicWALL appliance that is within the range of your local subnet. . . .168). SonicWALL NSA 2400 Getting Started Guide Page 5 . . . . . . . If you are unsure. . .
Gigabit Ethernet ports for LAN and WAN connections. Used to access the SonicOS Command Line Interface (CLI) via the DB9 -> RJ45 cable. Gigabit Ethernet ports for other configurable Ethernet connections. X0 (LAN). Power LED: Indicates the SonicWALL NSA appliance is powered on. Solid: Indicates that the appliance is in test mode.The Front Panel Network Security Appliance 2400 A A Icon Feature Reset Button Console Port USB Ports (2) LED (Top to Bottom) B C Description D E F Press and hold the button for a few seconds to manually reset the appliance using SafeMode. Steady blinking: Indicates the appliance is in SafeMode. Test LED: Flickering: Indicates the appliance is initializing. For future use. X1 (WAN) X2-X5 (LAN) Page 6 The Front Panel . Alarm LED: Indicates an alarm condition.
SonicWALL NSA 2400 Getting Started Guide Page 7 .The Back Panel Icon Feature Fans(2) Power Supply Description The SonicWALL NSA 2400 includes two fans for system temperature control. The SonicWALL NSA 2400 power supply.
Page 8 The Back Panel .
firmware updates. • • • • • • Before You Register .page 14 Registration Next Steps .page 10 Creating a MySonicWALL Account .Registering Your Appliance on MySonicWALL 2 In this Section: This section provides instructions for registering your SonicWALL NSA 2400 appliance.page 12 Registering a Second Appliance as a Backup .page 11 Licensing Security Services and Software . and technical support. SonicWALL NSA 2400 Getting Started Guide Page 9 .page 14 Note: Registration is an important part of the setup process and is necessary in order to receive the benefits of SonicWALL security services.page 11 Registering and Licensing Your Appliance on MySonicWALL .
page 22. You can also postpone registration until after having set up the appliance.mysonicwall.Before You Register You need a MySonicWALL account to register the SonicWALL NSA appliance. ViewPoint Reporting and other services. you must also register the appliance from the SonicOS management interface. See Accessing the Management Interface . This section describes how to create an account by using the Web site. Skip ahead to Deployment Scenarios . Page 10 Before You Register . go to Registering and Licensing Your Appliance on MySonicWALL .page 15 and register your appliance directly from the management interface once you reach Accessing the Management Interface . or software before you even connect your device. you can use MySonicWALL to register your SonicWALL appliance and activate or purchase licenses for Security Services. If you already have a MySonicWALL account.com or directly from the SonicWALL management interface. You can create a new MySonicWALL account on www. if any. This allows the unit to synchronize with the SonicWALL License Server and to share licenses with the associated appliance.page 22. Note: For a High Availability configuration.page 11 to register your appliance on MySonicWALL. Note: After registering a new SonicWALL appliance on MySonicWALL. This method allows you to prepare for your deployment before making any changes to your existing network. support. If you do not yet have a MySonicWALL account. you must use MySonicWALL to associate a backup unit that can share the Security Services licenses with your primary SonicWALL. Note: Your SonicWALL NSA appliance does not need to be powered on during account creation or during the MySonicWALL registration and licensing process.
select the Product Group if any. 2. Complete the Registration form and then click Register. in the Register A Product field.com.com. 1.mysonicwall. perform the following steps: 1. Login to your MySonicWALL account.page 11 Licensing Security Services and Software . 4. click Continue. navigate to www. SonicWALL NSA 2400 Getting Started Guide Page 11 .page 14 Product Registration You must register your SonicWALL security appliance on MySonicWALL to enable full functionality. type the friendly name for the appliance.page 12 Registering a Second Appliance as a Backup . 3. click If you are not a registered user. you can create one at www. In the screen confirming that your account was created. 3. type the authentication code into the appropriate text boxes. Verify that the information is correct and then click Submit. type the appliance serial number and then click Next. On the Product Survey page. On the My Products page. 2.mysonicwall. In your browser. In the login screen. 4. 5. and then click Register. fill in the requested information and then click Continue. Registering and Licensing Your Appliance on MySonicWALL This section contains the following subsections: • • • Product Registration .Creating a MySonicWALL Account To create a MySonicWALL account. under Add New Product. If you do not have an account. On the main page. Click here.
Associated Products page in MySonicWALL lists security services. Your current licenses are indicated in the Status column with either a license key or an expiration date. You can purchase additional services now or at a later time. Intrusion Prevention. support options. Anti-Spyware. The following products and services are available for the SonicWALL NSA 2400: • Service Bundles: • Client/Server Anti-Virus Suite • Comprehensive Gateway Security Suite • Gateway Services: • Gateway Anti-Virus. and software such as ViewPoint that you can purchase or try with a free trial. click the Info button. Application Firewall • Global Management System • Content Filtering: Premium Edition • Stateful High Availability Upgrade • Desktop and Server Software: • Enforced Client Anti-Virus and Anti-Spyware • Global VPN Client • Global VPN Client Enterprise • ViewPoint • Support Services: • Dynamic Support 8x5 • Dynamic Support 24x7 • Software and Firmware Updates Page 12 Registering and Licensing Your Appliance on MySonicWALL .Licensing Security Services and Software The Service Management . For details.
Your initial purchase may have included security services or other software bundled with the appliance.To manage your licenses. you will have an Activation Key for the product. You can use the license keyset to manually apply all active licenses to your SonicWALL appliance. In the Activate Service page. check the Applicable Services table for services that your SonicWALL appliance is already licensed for. These licenses are enabled on MySonicWALL when the SonicWALL appliance is delivered to you. To license a product of service. 5. Depending on the product. 2 year. The Service Management page is also updated to show the status of the free trial. or 3 year license row and then click Add to Cart. 6. In the Buy Service page. do one of the following: • To try a Free Trial of a service. 2. click Buy Now. expiration date. Locate the product on the Service Management page and click Enter Key in that row. A 30-day free trial is immediately activated. 4. you will see an expiration date or a license key string in the Status column when you return to the Service Management page. In the MySonicWALL Service Management . type the number of licenses you want in the Quantity column for either the 1 year. or is on the front of the certificate that was included with your purchase. follow the instructions to complete your purchase. The key is added to the license keyset. and links to installation instructions or other documentation. click Try in the Service Management page. SonicWALL NSA 2400 Getting Started Guide Page 13 . If you purchased a service subscription or upgrade from a sales representative separately. see Registration Next Steps . For more information. The Status page displays relevant information including the activation status. This key is emailed to you after online purchases. type or paste your key into the Activation Key field and then click Submit. number of licenses.page 14. In the Checkout page. perform the following tasks: 1.Associated Products page. The MySonicWALL server will generate a license key for the product. • To purchase a product or service. 3.
2. On the Create Association Page. as well as a Status value of 0 in the Associated Products / Child Product Type section.Associated Products page. Registration Next Steps Your SonicWALL NSA 2400 HA Pair is now registered and licensed on MySonicWALL. This will ensure that you do not miss any reporting data in the event of a failover. and then click Continue. 5. select the Product Group if any.page 48 4. On the Service Management . you must purchase a separate ViewPoint license for the backup unit. Although the Stateful High Availability Upgrade and all the Security Services licenses can be shared with the HA Primary unit. in the Register A Product field. Page 14 Registering a Second Appliance as a Backup . type the friendly name for the appliance. Under Desktop & Server Software. under Add New Product. To register a second appliance and associate it with the primary. The second SonicWALL will automatically share the Security Services licenses of the primary appliance. On the main page.page 22 Activating Licenses in SonicOS . click the radio button to select the primary unit for this association. fill in the requested information and then click Continue.page 44 Applying Security Services to Network Zones . 3. To return to the Service Management . and then click Register. Login to your MySonicWALL account.Associated Products page. To complete the registration process in SonicOS and for more information. You can purchase the license associate the two appliances as part of the registration process on MySonicWALL. type the appliance serial number and then click Next. you can purchase a license to associate a second SonicWALL of the same model as the first in a high availability (HA) pair. You should see the HA Primary unit listed in the Parent Product section. scroll down to the Associated Products section to verify that your product registered successfully. 7. type the authentication code into the appropriate text boxes.page 24 Enabling Security Services in SonicOS . see: • • • • Accessing the Management Interface . click Buy Now for ViewPoint. 6.Registering a Second Appliance as a Backup To ensure that your network stays protected if your SonicWALL appliance has an unexpected failure. perform the following steps: 1. The screen only displays units that are not already associated with other appliances. On the My Products page. Follow the instructions to complete the purchase. click the serial number link for this appliance. On the Product Survey page. The Create Association Page is displayed.
Deployment Scenarios 3 In this Section: This section provides detailed overviews of advanced deployment scenarios as well as configuration instructions for connecting your SonicWALL NSA 2400.page 35 Tip: Before completing this section. SonicWALL NSA 2400 Getting Started Guide Page 15 .page 16 • Scenario A: NAT/Route Mode Gateway . fill out the information in Obtain Configuration Information . You will need to enter this information during the Setup Wizard.page 25 Configuring a State Sync Pair in NAT/Route Mode .page 18 • Scenario C: L2 Bridge Mode . • • • • • Selecting a Deployment Scenario .page 5.page 28 Configuring L2 Bridge Mode .page 19 Initial Setup .page 17 • Scenario B: State Sync Pair in NAT/Route Mode .page 20 Upgrading Firmware on Your SonicWALL .
NAT with State Sync Pair A Network Security Appliance B 2400 Network Security Appliance C 2400 Network Security Appliance 2400 Network Security Appliance 2400 Scenario A: NAT/Route Mode Gateway Page 16 Registration Next Steps page 17 Scenario B: State Sync Pair in NAT/Route Mode - page 18 Scenario C: L2 Bridge Mode - page 19 .Selecting a Deployment Scenario Before continuing.NAT with State Sync Pair A .NAT/Route Mode Gateway C . Reference the table below and the diagrams on the following pages for help in choosing a scenario.NAT/Route Mode Gateway B . Use Scenario A . Existing SonicWALL gateway appliance SonicWALL NSA in addition to an existing SonicWALL gateway appliance. Existing Internet gateway appliance SonicWALL NSA as replacement for an existing gateway appliance.Layer 2 Bridge Mode B . Current Gateway Configuration No gateway appliance New Gateway Configuration Single SonicWALL NSA as a primary gateway. select a deployment scenario that best fits your network scheme. SonicWALL NSA in addition to an existing gateway appliance. Pair of SonicWALL NSA appliances for high availability.
the added benefits of high availability with a stateful synchronized pair are not available. the SonicWALL NSA 2400 is configured in NAT/Route mode to operate as a single network gateway.Scenario A: NAT/Route Mode Gateway For new network installations or installations where the SonicWALL NSA 2400 is replacing the existing network gateway. In this scenario. SonicWALL NSA 2400 Getting Started Guide Page 17 . Because only a single SonicWALL appliance is deployed. follow the steps covered in Initial Setup . LAN Zone A SonicWALL NSA Network Security Appliance Internet 2400 To set up this scenario. continue to Additional Deployment Configuration .page 20. Two Internet sources may be routed through the SonicWALL appliance for load balancing and failover purposes.page 37 to complete configuration. If you have completed setup procedures in that section.
page 37 to complete configuration.page 20 and the Configuring a State Sync Pair in NAT/ Route Mode . one SonicWALL NSA 2400 operates as the primary gateway device and the other SonicWALL NSA 2400 is in passive mode. continue to the Additional Deployment Configuration . If you have completed setup procedures in those sections.page 28 sections. B SonicWALL NSA 1 Network Security Appliance 2400 Internet HA Link SonicWALL NSA 2 Network Security Appliance 2400 Page 18 Registration Next Steps . In this scenario.Scenario B: State Sync Pair in NAT/Route Mode For network installations with two SonicWALL NSA 2400 appliances configured as a stateful synchronized pair for redundant high-availability networking. To set up this scenario. follow the steps covered in the Initial Setup . All network connection information is synchronized between the two devices so that the backup appliance can seamlessly switch to active mode without dropping any connections if the primary device loses connectivity.
the original gateway is maintained. providing the benefits of deep packet inspection and comprehensive security services on all network traffic. If you have completed setup procedures in those sections. C SonicWALL NSA Network Security Appliance Network Gateway L2 Bridge Link LAN 2400 X0 Internet or LAN Segment 2 X1 Network Resources SonicWALL NSA 2400 Getting Started Guide Page 19 . multicast. continue to the Additional Deployment Configuration .page 20 and thme Configuring L2 Bridge Mode page 35 sections.Scenario C: L2 Bridge Mode For network installations where the SonicWALL NSA 2400 is running in tandem with an existing network gateway.1Q VLANs. including IEEE 802. broadcast and IPv6. Using L2 Bridge Mode.page 37 to complete configuration. follow the steps covered in the Initial Setup . The SonicWALL NSA 2400 is integrated seamlessly into the existing network. To set up this scenario. enabling it to pass and inspect traffic types that cannot be handled by many other methods of transparent security appliance integration. L2 Bridge Mode employs a secure learning bridge architecture. In this scenario. Spanning Tree Protocol. L2 Bridge Mode can pass all traffic types. a SonicWALL security appliance can be non-disruptively added to any Ethernet network to provide in-line deep-packet inspection for all traversing IPv4 TCP and UDP traffic.
This section contains the following subsections: • • • • • • • • • • System Requirements .Initial Setup This section provides initial configuration instructions for connecting your SonicWALL NSA 2400.page 22 Using the Setup Wizard .page 20 Connecting the LAN Port .0 or higher 9. Connect the other end of the cable to the X1 (WAN) port on your SonicWALL NSA Series appliance. Connect one end of an Ethernet cable to your Internet connection.0 or higher 2.10 or higher for Windows 2.0 or higher for MacOS Connecting the WAN Port 1.page 22 Connecting to Your Network . B.page 20 Connecting the WAN Port .page 25 Accepted Browser Internet Explorer Firefox Netscape Opera Safari Browser Version Number 6. check to verify that you have: • An Internet connection • A Web browser supporting Java Script and HTTP uploads 2400 Internet X0 X1 Management Station Page 20 Initial Setup . SonicWALL NSA 2400 Network Security Appliance System Requirements Before you begin the setup process.page 21 Accessing the Management Interface . Follow these steps if you are setting up scenario A.0 or higher 9. 2.page 21 Applying Power . or C.page 23 Activating Licenses in SonicOS .page 23 Testing Your Connection .page 24 Upgrading Firmware on Your SonicWALL .
This typically occurs within a few minutes of applying power to the appliance. indicating an active connection: .Unlit while the right (activity) LED is illuminated indicates 10 Mbps Plug the power cord into an appropriate power outlet. The Link LED above the X0 (LAN) port will light up in green or amber depending on the link throughput speed. Connect the other end of the cable to the X0 port on your SonicWALL NSA Series. restart the appliance by cycling power. Applying Power 1. 2. The Power LED and the Test on the front panel lights up blue when you LED may light up LED will light up and may blink while the plug in the SonicWALL NSA. Connect one end of the provided Ethernet cable to the computer you are using to manage the SonicWALL NSA Series. I o To power source SonicWALL NSA 2400 Getting Started Guide Page 21 . Note: If the Test or Alarm LEDs remain lit after the SonicWALL NSA appliance has been booted. When the Power LEDs are lit and the Test LED is no longer lit. the SonicWALL NSA is ready for configuration. The Alarm 2. Turn on the power switch on the rear of the appliance next to the power cords. appliance performs a series of diagnostic tests.Connecting the LAN Port 1.Green indicates 100 Mbps .Amber indicates 1 Gbps .
168.168 to your pop-up blocker’s allow list. such as 192.168.168. or add the management IP address of your SonicWALL (192.20. Depending on the changes made during your setup configuration. Note: Disable pop-up blocking software or add the management IP address http://192. • Some pop-up blockers may prevent the launch of the Setup Wizard.168. the SonicWALL may restart. The Setup Wizard launches only upon initial loading of the SonicWALL NSA management interface. The SonicWALL Setup Wizard launches and guides you through the configuration and setup of your SonicWALL NSA appliance. 3. 2. • Select Setup Wizard and click Next to launch the Setup Wizard. Enter http://192. 4. verify the following configurations: • Did you correctly enter the management IP address in your Web browser? • Are the Local Area Connection settings on your computer set to use DHCP or set to a static IP address on the 192.168. • Click the Wizards button on the System > Status page.188.8.131.52.x/24 subnet.168 by default) to your popup blocker's allow list. Page 22 Initial Setup . To access the SonicOS Enhanced Web-based management interface: 1.168. You can temporarily disable your popup blocker. Follow the on-screen prompts to complete the Setup Wizard.x/24 subnet? • Do you have the Ethernet cable connected to your computer and to the X0 (LAN) port on your SonicWALL? • Is the connector clip on your network cable properly seated in the port of the security appliance? • Some browsers may not launch the Setup Wizard automatically. In this case: • Log into SonicWALL NSA appliance using “admin” as the user name and “password” as the password. Using the Setup Wizard If you cannot connect to the SonicWALL NSA appliance or the Setup Wizard does not display.168 (the default LAN management IP address) in the Location or Address field.Accessing the Management Interface The computer you use to manage the SonicWALL NSA Series must be set up to have an unused IP address on the 192.168.168. Start your Web browser.
sonicwall. try one of these solutions: • Restart your Management Station to accept new network settings from the DHCP server in the SonicWALL security appliance. Ports X1 and X0 are preconfigured as WAN and LAN. If you cannot view the SonicWALL home page. X0 SonicPoint X3 X5 4. the SonicWALL will disable its own DHCP server to prevent conflicts.Connecting to Your Network Internet Testing Your Connection 1. if a DHCP server is already active on your LAN. After you exit the Setup Wizard. 3. zones in the example above are configured as: • X1: WAN • X2: LAN • X3: WLAN • X5: DMZ SonicWALL NSA 2400 Getting Started Guide Page 23 .com>. Open another Web browser and navigate to: <http://www. LAN Zone WLAN Zone DMZ Zone The SonicWALL NSA 2400 ships with the internal DHCP server active on the LAN port. However. you have configured your SonicWALL NSA appliance correctly. As an example. • Restart your Internet Router to communicate with the DHCP Client in the SonicWALL security appliance. The remaining ports (X2-X5) can be configured to meet the needs of your network. the login page reappears. If you can view the SonicWALL home page. Log back into the Management Interface and verify your IP and WAN connection.com. X1 SonicWALL NSA 2400 Network Security Appliance 2400 2. renew your management station DHCP address. such as sonicwall. If you still cannot view a Web page. Ping a host on the Internet.
sonicwall. see the following sections: • • Enabling Security Services in SonicOS . The Setup Wizard automatically synchronizes all licenses with MySonicWALL if the appliance has Internet access during initial setup. • Paste the license keyset into the Manual Upgrade Keyset field. This section describes how to activate your licenses.page 48 To activate licensed services in SonicOS. 2. Navigate to the System > Licenses page.Activating Licenses in SonicOS After completing the registration process in SonicOS. Page 24 Initial Setup . It is available on <http://www. Under Manage Security Services Online do one of the following: • Enter your MySonicWALL credentials. you can synchronize licenses from the System > Licenses page. To activate licenses in SonicOS: 1. 3.com> at the top of the Service Management page for your SonicWALL NSA appliance. The license keyset includes all license keys for services or software enabled on MySonicWALL. or you can synchronize all licenses at once with MySonicWALL. you can enter the license keyset manually. then click the Synchronize button to synchronize licenses with MySonicWALL. For instructions on how to enable security services and apply services to network zones. Click Submit. If initial setup is already complete. you must perform the following tasks to activate your licenses and enable your licensed services from within the SonicOS user interface: • • • Activate licenses Enable security services Apply services to network zones Manual upgrade using the license keyset is useful when your appliance is not connected to the Internet.page 44 Applying Security Services to Network Zones .
In addition to using the backup feature to save your current configuration state to the SonicWALL security appliance. SonicWALL NSA 2400 Getting Started Guide Page 25 . To export your settings to a local file. 2.page 25 Saving a Backup Copy of Your Preferences . make a system backup of your SonicWALL security appliance configuration settings.Upgrading Firmware on Your SonicWALL The following procedures are for upgrading an existing SonicOS Enhanced image to a newer version: • • • • • 1.page 25 Upgrading the Firmware with Current Settings . Your configuration preferences are saved. Saving a Backup Copy of Your Preferences Before beginning the update process. The backup feature saves a copy of the current configuration settings on your SonicWALL security appliance.page 26 Upgrading the Firmware with Factory Defaults . A popup window displays the name of the saved file.page 26 To obtain a new SonicOS Enhanced firmware image file for your SonicWALL security appliance. The System Backup shows you the current configuration and firmware in a single. Obtaining the Latest Firmware . protecting all your existing settings in the event that it becomes necessary to return to a previous configuration state. click Create Backup.mysonicwall. Obtaining the Latest Firmware 2. This file serves as an external backup of the configuration preferences.com>. clickable restore image. Perform the following procedures to save a backup of your configuration settings and export them to a file on your local management station: 1. you can export the configuration preferences file to a directory on your local management station.page 26 Using SafeMode to Upgrade Firmware . click Export Settings. and can be imported back into the SonicWALL security appliance. Copy the new SonicOS Enhanced image file to a convenient location on your management station. connect to your MySonicWALL account at <http://www. On the System > Settings page. The System Backup entry is displayed in the Firmware Management table.
Refer to Registering and Licensing Your Appliance on MySonicWALL . Download the SonicOS Enhanced firmware image file from MySonicWALL and save it to a location on your local computer. Upgrading the Firmware with Factory Defaults Perform the following steps to upload new firmware to your SonicWALL appliance and start it up using the default configuration: 1. Page 26 Upgrading Firmware on Your SonicWALL . Your new SonicOS Enhanced image version information is listed on the System > Settings page. click the Boot icon in the row for Uploaded Firmware. The SafeMode feature allows you to recover quickly from uncertain configuration states with a simplified management interface that includes the same settings available on the System > Settings page. 2. click Upload New Firmware. click OK. select the file and click the Upload button. click Create Backup. Enter the default user name and password (admin/ password) to access the SonicWALL management interface. On the System > Settings page. On the System > Settings page. Enter your user name and password. 5. Click Upload New Firmware. 7. click the Boot icon in the row for Uploaded Firmware with Factory Default Settings. select the file and click the Upload button. In the confirmation dialog box. Download the SonicOS Enhanced firmware image file from MySonicWALL and save it to a location on your local computer. 4.page 11 for more information. you can restart the SonicWALL security appliance in SafeMode. 4. click OK. 2. On the System > Settings page. Browse to the location where you saved the SonicOS Enhanced firmware image file. Browse to the location where you saved the SonicOS Enhanced firmware image file. On the System > Settings page. Using SafeMode to Upgrade Firmware If you are unable to connect to the SonicWALL security appliance’s management interface. 3. 3. 1. The SonicWALL restarts and then displays the login page. 6. In the confirmation dialog box. 5. 6. Tip: The appliance must be properly registered before it can be upgraded.Upgrading the Firmware with Current Settings Perform the following steps to upload new firmware to your SonicWALL appliance and use your current configuration settings upon startup. The SonicWALL restarts and then displays the login page.
6. Connect your computer to the X0 port on the SonicWALL appliance and configure your IP address with an address on the 192..168. After successfully booting the firmware. If you have made any configuration changes to the security appliance. The reset button is in a small hole next to the USB ports.NAT/Route Mode Gateway Proceed to Section: Additional Deployment Configuration page 37 B . 8. Click Upload New Firmware.page 35 5.New! Use this option to restart the appliance with your current configuration settings. Select the boot icon in the row for one of the following: • Uploaded Firmware . SonicWALL NSA 2400 Getting Started Guide Page 27 .168. If you booted with factory default settings. • The Test light starts blinking when the SonicWALL security appliance has rebooted into SafeMode. select the file and click the Upload button. The SafeMode management interface displays.168. Point the Web browser on your computer to 192. Your settings will be saved when the appliance restarts. to press and hold the reset button on the front of the security appliance for one second. To configure the appliance in SafeMode.168. perform one of the following: • Use a narrow.New! Use this option to restart the appliance with default configuration settings. click OK to proceed.20. 3.page 28 C .L2 Bridge Mode Configuring L2 Bridge Mode .168.NAT with State Sync Pair Configuring a State Sync Pair in NAT/ Route Mode . straight object. 7. perform the following steps: 1. select the Create Backup On Next Boot checkbox to make a backup copy of your current settings. like a straightened paper clip or a toothpick.168. and then browse to the location where you saved the SonicOS Enhanced firmware image. such as 192.168. enter the default user name and password (admin / password) to access the SonicWALL management interface. 4.0/24 subnet. • Uploaded Firmware with Factory Defaults .To use SafeMode to upgrade firmware on the SonicWALL security appliance. the login screen is displayed. 2. If You Are Following Scenario.. A . In the confirmation dialog box.
On the back panel of the Backup SonicWALL security appliance.page 29 Configuring Advanced HA Settings . When done. Network Security Appliance Internet SonicWALL NSA 1 2400 X5 (HA Link) X0 (LAN) X0 (LAN) 5. locate the serial number and write the number down. Verify that the Primary SonicWALL and Backup SonicWALL security appliances are registered. perform the following setup: 1.page 33 Associating Pre-Registered Appliances . Make sure the Primary SonicWALL and Backup SonicWALL security appliances’ LAN. This section is relevant to administrators following deployment scenario B. but a connection using a dedicated 100Mbps hub/switch is also valid. 6. 4. WAN and other interfaces are properly configured for failover. and running the same SonicWALL Security services.page 34 X1 (WAN) 3. disconnect the workstation. The Primary and Backup SonicWALL security appliances must have a dedicated connection. running the same SonicOS Enhanced versions. the High Availability configuration in an upcoming step takes care of this issue. You need to enter this number in the High Availability > Settings page. SonicWALL recommends crossconnecting the two together using a CAT 6 crossover Ethernet cable.page 32 Configuring HA License Overview . 2. and then power up the Backup SonicWALL security appliance.page 31 Synchronizing Firmware . This section contains the following subsections: Initial High Availability Setup Before you begin the configuration of HA on the Primary SonicWALL security appliance.Configuring a State Sync Pair in NAT/Route Mode This section provides instructions for configuring a pair of SonicWALL NSA appliances for high availability (HA). Network Security Appliance 2400 SonicWALL NSA 2 X1 (WAN) Local Network Page 28 Configuring a State Sync Pair in NAT/Route Mode . • • • • • • • Initial High Availability Setup . Do not make any configuration changes to the Primary’s X5.page 28 Configuring High Availability .page 29 Synchronizing Settings . Connect the X5 ports on the Primary SonicWALL and Backup SonicWALL appliances with a CAT6-rated crossover cable (red crossover cable). Power up the Primary SonicWALL security appliance.
4. 3.Configuring High Availability The first task in setting up HA after initial setup is configuring the High Availability > Settings page on the Primary SonicWALL security appliance. 2. Tip: Preempt mode is automatically disabled after enabling Stateful Synchronization. 3. 2. Select the Enable Virtual MAC checkbox. type in the serial number for the Backup SonicWALL appliance. Click OK. especially when the SonicWALL is under a heavy load. Navigate to the High Availability > Advanced page. 4. Virtual MAC allows the Primary and Backup appliances to share a single MAC address. The serial number for the Primary SonicWALL is automatically populated. You can find the serial number on the back of the SonicWALL security appliance. or in the System > Status screen of the backup unit. preempt mode may prompt a failover. select Enable Stateful Synchronization. Only the WAN switch to which the two appliances are connected to needs to be notified. For example if both devices are idle. The settings it shows are minimum recommended values. To configure HA on the Primary SonicWALL. Under SonicWALL Address Settings. To backup the firmware and settings when you upgrade the firmware version. select Generate/Overwrite Backup Firmware and Settings When Upgrading Firmware. Configuring Advanced HA Settings 1. perform the following steps: 1. Navigate to the High Availability > Settings page. You can use higher values if your SonicWALL handles a lot of network traffic. it communicates the settings to the Backup SonicWALL security appliance. This greatly simplifies the process of updating network ARP tables and caches when a failover occurs. Select the Enable High Availability checkbox. Click Apply to retain these settings. Once you configure HA on the Primary SonicWALL security appliance. SonicWALL NSA 2400 Getting Started Guide Page 29 . To configure Stateful HA. All outside devices will continue to route to the single shared MAC address. Lower values may cause unnecessary failovers. This is because preempt mode can be over-aggressive about failing over to the backup appliance. A dialog box is displayed with recommended settings for the Heartbeat Interval and Probe Interval fields.
and Dynamic Route Hold-Down Time fields to their default settings. 9. Typically. Election Delay Time (seconds). . 6. Click Synchronize Settings to synchronize the settings between the Primary and Backup appliances. You can set the Probe IP Address(es) on the High Availability > Monitoring screen. These fields can be tuned later as necessary for your specific network environment: . and the allowed range is 5 to 255 seconds. Click Apply to retain the settings on this screen. The default value is 45 seconds.The Election Delay Time is the number of seconds allowed for internal processing between the two units in the HA pair before one of them takes the primary role. 10. When the Dynamic Route Hold-Down Time duration expires. Synchronize Firmware is typically used after taking your Secondary appliance offline while you test a new firmware version on the Primary unit before upgrading both units to it. Click Synchronize Firmware if you previously uploaded new firmware to your Primary unit while the Secondary unit was offline. it deletes the old routes and implements the new routes it has learned from RIP or OSPF. Less than this may cause unnecessary failovers. In large or complex networks. The default is 5000 milliseconds. the minimum recommended value is 1000 milliseconds. 7.The Dynamic Route Hold-Down Time setting is used when a failover occurs on a HA pair that is using either RIP or OSPF dynamic routing.5. - Page 30 Configuring a State Sync Pair in NAT/Route Mode . a larger value may improve network stability during a failover. When a failover occurs. Dynamic Route Hold-Down Time is the number of seconds the newly-active appliance keeps the dynamic routes it had previously learned in its route table. Select the Include Certificates/Keys checkbox to have the appliances synchronize all certificates and keys. The Heartbeat Interval controls how often the two units communicate.The Failover Trigger Level sets the number of heartbeats that can be missed before failing over. and it is only displayed when the Advanced Routing option is selected on the Network > Routing page. 8. especially when the SonicWALL is under a heavy load. the newly-active appliance relearns the dynamic routes in the network. and it is now online and ready to upgrade to the new firmware.The Probe Level sets the interval in seconds between communication with upstream or downstream systems. this is set to 5 missed heartbeats. SonicWALL recommends leaving the Heartbeat Interval. The default is 20 seconds. During this time. . By default. .
experiment with disconnecting each monitored link to ensure correct configuration. the Include Certificate/Keys setting is enabled. You should see a HA Peer Firewall has been updated message at the bottom of the management interface page. then log back into the management interface. power the Primary SonicWALL back on. this is generally not a security concern. the associated private keys are also copied. SonicWALL NSA 2400 Getting Started Guide Page 31 . click the Synchronize Settings button. The management interface should now display Logged Into: Backup SonicWALL Status: (green ball) Active in the upperright-hand corner. Now. including its IP addresses and Ethernet MAC addresses. If you are using the Monitor Interfaces feature. This specifies that certificates. then trigger a test failover by logging into the Primary unit and doing a restart.Synchronizing Settings Once you have configured the HA setting on the Primary SonicWALL security appliance. assumes the complete identity of the Primary. Log into the Backup SonicWALL’s unique LAN IP address. By default. The Backup SonicWALL security appliance should quickly take over. When local certificates are copied to the Backup unit. when active. certificate revocation lists (CRL) and associated settings (such as CRL auto-import URLs and OCSP settings) are synchronized between the Primary and Backup units. test connectivity through the Backup SonicWALL by accessing a site on the public Internet – note that the Backup SonicWALL. Because the connection between the Primary and Backup units is typically protected. the management GUI should still display Logged Into: Backup SonicWALL Status: (green ball) Active in the upper-right-hand corner. If stateful synchronization is enabled (automatically disabling preempt mode). Tip: A compromise between the convenience of synchronizing certificates and the added security of not synchronizing certificates is to temporarily enable the Include Certificate/Keys setting and manually synchronize the settings. To verify that Primary and Backup SonicWALL security appliances are functioning correctly. From your management workstation. and then disable Include Certificate/Keys. wait a few minutes. wait a few minutes. Also note that the management interface displays Logged Into: Primary SonicWALL Status: (green ball) Active in the upperright-hand corner.
Synchronizing Firmware Selecting the Synchronize Firmware Upload and Reboot checkbox allows the Primary and Backup SonicWALL security appliances in HA mode to have firmware uploaded on both devices at once. you are notified via a message dialog box that the firmware is loaded on the Backup SonicWALL security appliance. You initiate this process by clicking on the Synchronize Firmware button. in staggered sequence to ensure that security is always maintained. and then the Primary SonicWALL security appliance. During the firmware upload and reboot. Page 32 Configuring a State Sync Pair in NAT/Route Mode .
Note that the Backup appliance of your HA pair is referred to as the HA Secondary unit on MySonicWALL. you must first activate the Stateful High Availability Upgrade license for the primary unit in SonicOS. License synchronization is used during HA so that the Backup appliance can maintain the same level of network protection provided before the failover. you can select a registered unit and then add a new appliance with which to associate it. you can use the SonicOS UI to configure your two appliances as a HA pair in Active/Idle mode. and then choosing an already-registered unit to associate it with. To enable HA. See Registering and Licensing Your Appliance on MySonicWALL . You can associate two units that are both already registered.Configuring HA License Overview You can configure HA license synchronization by associating two SonicWALL security appliances as HA Primary and HA Secondary on MySonicWALL. Note: After registering new SonicWALL appliances on MySonicWALL. This allows each unit to synchronize with the SonicWALL license server and share licenses with the associated appliance. MySonicWALL provides several methods of associating the two appliances. This is automatic if your appliance is connected to the Internet.page 11. SonicWALL NSA 2400 Getting Started Guide Page 33 . you must also register each appliance from the SonicOS management interface by clicking the registration link on the System > Status page. You can start by registering a new appliance. You must purchase a single set of security services licenses for the HA Primary appliance. To use Stateful HA. Or.
2. 7. 5. The product group setting specifies the MySonicWALL users who can upgrade or modify the appliance. scroll down to find the appliance that you want to use as the parent. Login to MySonicWALL.Associated Products page. Page 34 Configuring a State Sync Pair in NAT/Route Mode . Click the product name or serial number. unit. scroll down to the Associated Products section. click HA Secondary. If You Are Following Scenario. Proceed to Section: B . perform the following steps: 1. 6. under Registered Products. Select the group from the Product Group drop-down list.NAT with State Sync Pair Additional Deployment Configuration page 37 4. Under Associated Products. 3. On the My Products page. or primary..Associated Products page. Click Register.Associating Pre-Registered Appliances To associate two already-registered SonicWALL security appliances so that they can use HA license synchronization.. 8. in the text boxes under Associate New Products. In the left navigation bar. type the serial number and the friendly name of the appliance that you want to associate as the child/secondary/backup unit. On the My Product . click My Products. On the Service Management .
The only step involved in setting up your primary bridge interface is to ensure that the WAN interface is configured for a static IP address.page 36 Configuring the Primary Bridge Interface The primary bridge interface is your existing Internet gateway device. Note: The primary bridge interface must have a static IP assignment.page 35 Configuring the Secondary Bridge Interface .page 35 Configuring the Primary Bridge Interface . Connection Overview Connect the X1 port on your SonicWALL NSA 2400 to the LAN port on your existing Internet gateway device. This section is relevant to users following deployment scenario C. Network Gateway SonicWALL NSA Network Security Appliance LAN Internet or LAN Segment 2 2400 X0 L2 Bridge Link X1 Network Resources SonicWALL NSA 2400 Getting Started Guide Page 35 .Configuring L2 Bridge Mode This section provides instructions to configure the SonicWALL NSA appliance in tandem with an existing Internet gateway device. This section contains the following subsections: • • • Connection Overview . You will need this static IP address when configuring the secondary bridge. Then connect the X0 port on your SonicWALL to your LAN.
Configuring the Secondary Bridge Interface
Complete the following steps to configure the SonicWALL appliance: 1. 2. Navigate to Network > Interfaces. Click the Configure icon in the right column of the X0 (LAN) interface.
Note: Do not enable Never route traffic on the bridge-pair
unless your network topology requires that all packets entering the L2 Bridge remain on the L2 Bridge segments. You may optionally enable the Block all non-IPv4 traffic setting to prevent the L2 bridge from passing non-IPv4 traffic.
If You Are Following Scenario... C - L2 Bridge Mode
Proceed to Section: Additional Deployment Configuration - page 37
3. 4. 5.
In the IP Assignment drop-down list, select Layer 2 Bridged Mode. In the Bridged to drop-down list, select the X1 interface. Configure management options (HTTP, HTTPS, Ping, SNMP, SSH, User logins, or HTTP redirects).
Page 36 Configuring L2 Bridge Mode
Additional Deployment Configuration
In this Section:
This section provides basic configuration information to begin building network security policies for your deployment. This section also contains several SonicOS diagnostic tools and a deployment configuration reference checklist. • •
• • • • •
Creating Network Access Rules - page 38 Creating a NAT Policy - page 40 Creating Address Objects - page 42 • Configuring NAT Policies - page 43 • Enabling Security Services in SonicOS - page 44 Applying Security Services to Network Zones - page 48 Deploying SonicPoints for Wireless Access - page 49 Troubleshooting Diagnostic Tools - page 54 Deployment Configuration Reference Checklist - page 58
SonicWALL NSA 2400 Getting Started Guide Page 37
Creating Network Access Rules
A Zone is a logical grouping of one or more interfaces designed to make management, such as the definition and application of access rules, a simpler and more intuitive process than following a strict physical interface scheme. By default, the SonicWALL security appliance’s stateful packet inspection allows all communication from the LAN to the Internet, and blocks all traffic from the Internet to the LAN. The following behaviors are defined by the “Default” stateful inspection packet access rule enabled in the SonicWALL security appliance:
Originating Zone Destination Zone Action Allow Allow Deny Deny
To create an access rule: 1. 2. On the Firewall > Access Rules page in the matrix view, select two zones that will be bridged by this new rule. On the Access Rules page, click Add.
LAN, WLAN DMZ WAN WAN and DMZ
WAN, DMZ WAN DMZ LAN or WLAN
The access rules are sorted from the most specific at the top to the least specific at the bottom of the table. At the bottom of the table is the Any rule.
Page 38 Creating Network Access Rules
In the Add Rule page in the General tab. you must define the service in the Add Service window. Enter any comments to help identify the access rule in the Comments field. Selecting Create New Network displays the Add Address Object window. Select a user or user group from the Users Allowed drop-down list. If the service is not listed. select Allow or Deny or Discard from the Action list to permit or block IP traffic. • • • • • • Select the service or group of services affected by the access rule from the Service drop-down list.3. Select a schedule from the Schedule drop-down list. The default schedule is Always on. Select the source of the traffic affected by the access rule from the Source drop-down list. Select Create New Service or Create New Group to display the Add Service window or Add Service Group window. SonicWALL NSA 2400 Getting Started Guide Page 39 . Selecting Create New Network displays the Add Address Object window. Select the destination of the traffic affected by the access rule from the Destination drop-down list.
first create Address Objects for your public and private IP addresses. • IIn the UDP Connection Inactivity Timeout (minutes) field. The default is 100%. The default value is 15 minutes. specify the percentage of maximum connections that is allowed by this access rule. that is. you can specify that an internal server uses one IP address when accessing Telnet servers. In the TCP Connection Inactivity Timeout (minutes) field.4. • Select Create a reflexive rule to create a matching access rule for the opposite direction. By default. Because the NAT engine in SonicOS Enhanced supports inbound port forwarding. Click OK to add the rule. Click on the Advanced tab. You can create multiple NAT policies on a SonicWALL running SonicOS Enhanced for the same object – for instance. Before configuring NAT Policies. set the length of TCP inactiviy after which the access rule will time out. 6. the SonicWALL security appliance has a preconfigured NAT policy to perform Many-to-One NAT between the systems on the LAN and the IP address of the WAN interface.1p Quality of Service coloring/marking to traffic governed by this rule. you must create all Address Objects that will be referenced by the policy. if you are creating a One-to-One NAT policy. The appliance does not perform NAT by default when traffic crosses between the other interfaces. Click on the QoS tab to apply DSCP or 802. • In the Number of connections allowed (% of maximum connections) field. The more granular the NAT Policy. more information on managing QoS marking in access rules. See the SonicOS Enhanced Administrator’s Guide for • Page 40 Creating a NAT Policy . The default value is 30 minutes. from your destination back to your source. the more precedence it takes. it is possible to access multiple internal servers from the WAN IP address of the SonicWALL security appliance. Creating a NAT Policy The Network Address Translation (NAT) engine in SonicOS Enhanced allows users to define granular NAT policies for their incoming and outgoing traffic. 5. For instance. and uses a different IP address for all other protocols. set the length of UDP inactivity after which the access rule will time out.
This Address Object. Network – Network Address Objects are like Range objects in that they comprise multiple hosts. For example.Address Objects are one of four object classes (Address. there are currently the following Address Objects types: • • • Host – Host Address Objects define a single host by its IP address.80. consider an internal Web server with an IP address of 67. the boundaries are defined by a valid netmask. FQDN Address – FQDN Address Objects allow for the identification of a host by its Fully Qualified Domain Names (FQDN).com. All Address Objects are available in the drop-down lists when creating a NAT policy. Since there are multiple types of network address expressions. SonicOS Enhanced provides a number of default Address Objects that cannot be modified or deleted. Range – Range Address Objects define a range of contiguous IP addresses. MAC Address – MAC Address Objects allow for the identification of a host by its hardware address or MAC (Media Access Control) address. Once you define an Address Object. “My Web Server”. can then be used in any configuration screen that employs Address Objects as a defining criterion. User. or you can create custom Address Objects to use. Rather than repeatedly typing in the IP address when constructing Access Rules or NAT Policies.115. such as www. Service and Schedule) in SonicOS Enhanced.118. • • SonicWALL NSA 2400 Getting Started Guide Page 41 . You can use the default Address Objects when creating a NAT policy.sonicwall. it becomes available for use wherever appliacable throughout the SonicOS management interface. but rather than being bound by specified upper and lower range delimiters. you can create an Address Object to store the Web server’s IP address.
enter the starting and ending IP addresses in the Starting IP Address and Ending IP Address fields. MAC. To add an Address Object: 1. Click OK. Below the Address Objects table. Navigate to the Network > Address Objects page. . . click Add. Select the zone to assign to the Address Object from the Zone Assignment drop-down list.For Range. 6. enter the network IP address and netmask in the Network and Netmask fields. 2. enter the MAC address and netmask in the Network and MAC Address field. Page 42 Creating a NAT Policy . 4. or FQDN from the Type menu. 3. . In the Add Address Object dialog box.For FQDN. enter the domain name for the individual site or range of sites (with a wildcard) in the FQDN field. .For Host. enter the IP address in the IP Address field. Custom Address Objects – displays Address Objects with custom properties. Default Address Objects – displays Address Objects configured by default on the SonicWALL security appliance.For MAC. You can view Address Objects in the following ways using the View Style menu: • • • All Address Objects – displays all configured Address Objects. . Select Host.Creating Address Objects The Network > Address Objects page allows you to create and manage your Address Objects. 5. Network.For Network. Range. enter a name for the Address Object in the Name field.
SonicWALL NSA 2400 Getting Started Guide Page 43 . One-to-One is the most common NAT policy used to route traffic to an internal server. For Comment. select X0. two policies are needed: one for the outbound traffic. For Outbound Interface. 8. For Translated Service. Destination IP address and Destination Services. Most of the time. For Original Service. select Create new address object and create a new address object using WAN for Zone Assignment and Host for Type. enter a short description. Policy-based NAT allows you to deploy different types of NAT simultaneously. 5. The Add NAT Policy dialog box displays. such as a Web Server. select Any. For Translated Source. and one for the inbound traffic. select Original. select HTTP. select X0 IP. 13. perform the following steps: 1. select Original. Select the Enable NAT Policy checkbox. For other NAT configurations. To add both parts of a One-toOne NAT policy. Select the Create a reflexive policy checkbox if you want a matching NAT Policy to be automatically created in the opposite direction. 6. 10. Click Add.Configuring NAT Policies NAT policies allow you to control Network Address Translation based on matching combinations of Source IP address. 2. Navigate to the Network > NAT Policies page. This section describes how to configure a One-to-One NAT policy. The following NAT configurations are available in SonicOS Enhanced: • • • • • • • Many-to-One NAT Policy Many-to-Many NAT Policy One-to-One NAT Policy for Outbound Traffic One-to-One NAT Policy for Inbound Traffic (Reflexive) One-to-Many NAT Load Balancing Inbound Port Address Translation via One-to-One NAT Policy Inbound Port Address Translation via WAN IP Address An example configuration illustrates the use of the fields in the Add NAT Policy procedure. 7. To add a One-to-One NAT policy that allows all Internet traffic to be routed through a public IP address. For Original Source. 12. 4. 9. For Inbound Interface. this means that incoming requests from external IPs are translated from the IP address of the SonicWALL security appliance WAN port to the IP address of the internal web server. 11. 3. Click OK. For Translated Destination. This will create the outbound as well as the inbound policies. select Any. see the SonicOS Enhanced Administrator’s Guide. For Original Destination.
Policies for subnets behind the other interfaces of the SonicWALL security appliance can be created by emulating these steps. Page 44 Enabling Security Services in SonicOS . and IM and P2P protocols. SMTP and POP3 traffic. Generic TCP Stream can optionally be enabled to inspect all other TCP based traffic. The core security services are Gateway Anti-Virus. Enabling Gateway Anti-Virus To enable Gateway Anti-Virus in SonicOS: 1.page 47 2. such as nonstandard ports of operation for SMTP and POP3. Select the Enable Inbound Inspection checkboxes for the protocols to inspect. See the following procedures to enable and configure the three security services that must be enabled: • • • Enabling Gateway Anti-Virus . Create a new NAT policy in which you adjust the source interface and specify the Original Source: the subnet behind that interface. SonicWALL GAV inspects all inbound HTTP.page 44 Enabling Intrusion Prevention Services . and AntiSpyware. Select the Enable Gateway Anti-Virus checkbox. CIFS/NetBIOS can optionally be enabled to allow access to shared files. By default. IMAP.page 46 Enabling Anti-Spyware . You must enable each security service individually in the SonicOS user interface. Enabling Security Services in SonicOS SonicWALL security services are key components of threat management in SonicOS. Navigate to the Security Services > Gateway Anti-Virus page. FTP. Intrustion Prevention Services.
Petite. Select Enable HTTP Clientless Notification Alerts and customize the message to be displayed when GAV detects a threat from the HTTP server. 7. Click Configure Gateway AV Settings. SonicWALL Gateway Anti-Virus currently recognizes the most common packed formats: UPX. • Restrict Transfer of MS-Office type files containing macros (VBA 5 and above) .) . SonicWALL NSA 2400 Getting Started Guide Page 45 . This option only functions on protocols that are enabled for inspection. Enabling Outbound Inspection for SMTP scans mail for viruses before it is delivered to an internally hosted SMTP server. they can be used with the intent of obfuscation. FSG. For each protocol you can restrict the transfer of files with specific attributes by clicking on the Settings button under the protocol.Disables the transfers of any MS Office files that contain VBA macros. and can make the executables less detectable by anti-virus applications. you can configure the following: • Restrict Transfer of password-protected Zip files Disables the transfer of password protected ZIP files over any enabled protocol. Although there are legitimate applications for these. In the Settings dialog box. Packers are utilities that compress and encrypt executables. FSG. 6. 5. Select the Disable SMTP Responses box to suppress the sending of email messages to clients from SonicWALL GAV when a virus is detected in an email or attachment. and ASPack. and then executes that file.Disables the transfer of packed executable files. The Gateway AV Settings window allows you to configure clientless notification alerts and create a SonicWALL GAV exclusion list. • Restrict Transfer of packed executable files (UPX. 4.3. PKLite32. etc. SonicWALL periodic GAV updates provide additional recognized packed formats as they become available. The packer adds a header that expands the file in memory.
In the IPS Config View window. 8. select Enable IPS Exclusion List and then click Add to define a range of IP addresses whose traffic will be excluded from SonicWALL IPS scanning. 7. Navigate to the Security Services > Intrusion Prevention page. In the Security Services > Gateway Anti-Virus page. click OK. Click Configure IPS Settings to enable IP packet reassembly before inspection and create a SonicWALL IPS exclusion list. To log all detected attacks. 10. Selecting the Prevent All and Detect All check boxes for High Priority Attacks and Medium Priority Attacks protects your network against the most dangerous and disruptive attacks. 2. When finished in the Add IPS Range dialog box.Select Enable Gateway AV Exclusion List and then click Add to define a range of IP addresses whose traffic will be excluded from SonicWALL GAV scanning. 4. In the Signature Groups table. 5. click OK. click Accept. In the Security Services > Intrusion Prevention page. Page 46 Enabling Security Services in SonicOS . When finished in the Add GAV Range dialog box. click Accept. 6. select the Prevent All and Detect All checkboxes for each attack priority that you want to prevent. click OK. To enforce a delay between log entries for detections of the same attack. In the IPS Config View window. enter the number of seconds to delay. 8. In the Gateway AV Config View window. Enabling Intrusion Prevention Services To enable Intrusion Prevention Services in SonicOS: 1. 3. leave the Log Redundancy Filter field set to zero. Select the Enable Intrusion Prevention checkbox. 9. click OK. 11.
11. 4.Enabling Anti-Spyware To enable Anti-Spyware in SonicOS: 1. In the Anti-Spyware Config View window. Select the Enable Anti-Spyware checkbox. 7. SonicWALL GAV inspects all inbound HTTP. FTP. 3. Click Configure Anti-Spyware Settings to configure clientless notification alerts and create a SonicWALL AntiSpyware exclusion list. SonicWALL NSA 2400 Getting Started Guide Page 47 . select the Prevent All and Detect All checkboxes for each spyware danger level that you want to prevent. 9. To log all spyware attacks. 10. Select the Enable Inbound Inspection checkboxes for the protocols to inspect. 8. When finished in the Add Anti-Spyware Range dialog box. Select the Disable SMTP Responses box to suppress the sending of e-mail messages to clients from SonicWALL Anti-Spyware when spyware is detected in an e-mail or attachment. In the Signature Groups table. 6. Navigate to the Security Services > Anti-Spyware page. 2. enter the number of seconds to delay. Select Enable HTTP Clientless Notification Alerts and customize the message to be displayed in the browser when SonicWALL Anti-Spyware detects a threat from the HTTP server. To enforce a delay between log entries for detections of the same attack. SMTP and POP3 traffic. click Accept. 5. 12. IMAP. click OK. leave the Log Redundancy Filter field set to zero. On the Security Services > Anti-Spyware page. Select Enable Anti-Spyware Exclusion List and then click Add to define a range of IP addresses whose traffic will be excluded from SonicWALL Anti-Spyware scanning. Select the Enable Inspection of Outbound Communication checkbox to enable scanning of traffic that originates internally. click OK. By default.
To apply services to network zones: 1. 2.Applying Security Services to Network Zones A network zone is a logical group of one or more interfaces to which you can apply security rules to regulate traffic passing from one zone to another zone. Click OK. For example. In the Edit Zone dialog box on the General tab. select the checkboxes for the security services that you want to enable. 4. you can configure SonicWALL Intrusion Prevention Service for incoming and outgoing traffic on the WLAN zone to add more security for internal network traffic. Security services such as Gateway Anti-Virus are automatically applied to the LAN and WAN network zones. To enable security services on other zones. click the Configure icon for the zone where you want to apply security services. To protect other zones such as the DMZ or Wireless LAN (WLAN). On the Edit Zone page. 3. select the checkboxes for the security services to enable on this zone. 5. 6. Page 48 Applying Security Services to Network Zones . In the Zone Settings table. repeat steps 2 through step 4 for each zone. Navigate to the Network > Zones page. you must apply the security services to the network zones.
see the SonicOS Enhanced Administrator’s Guide for the correct procedure. it will automatically download the correct version of the SonicPoint image from the SonicWALL server when you connect a SonicPoint device. Attach the SonicPoints to the interface in the Wireless zone and test. Any profile can apply to any number of zones.page 49 Configuring a Wireless Zone . The SonicPoint section of the SonicOS management interface lets you manage the SonicPoints connected to your system. it is automatically provisioned with the profile assigned to that zone.Deploying SonicPoints for Wireless Access This section describes how to configure SonicPoints with the SonicWALL NSA 2400. Before you can manage SonicPoints in the Management Interface. you can apply it to a Wireless zone. Assign profiles to wireless zones. named SonicPoint. Configure a Wireless zone.page 53 Updating SonicPoint Firmware If your SonicWALL appliance has Internet connectivity. Otherwise. Configuring SonicPoint Provisioning Profiles SonicPoint Profile definitions include all of the settings that can be configured on a SonicPoint. Once you have defined a SonicPoint profile. Each Wireless zone can be configured with one SonicPoint profile. SSID’s and channels of operation.page 51 Assigning an Interface to the Wireless Zone . See the following subsections: • • • • • Updating SonicPoint Firmware . such as radio settings for the 2. • • SonicWALL NSA 2400 Getting Started Guide Page 49 .page 52 Connecting the SonicPoint . When a SonicPoint is connected to a zone. You can modify this profile or create a new one.4GHz and 5GHz radios. you must first: • • • • Verify that the SonicPoint image is downloaded to your SonicWALL security appliance. SonicPoints in that zone will use the first profile in the list. This step is optional. Assign an interface to the Wireless zone. SonicWALL SonicPoints are wireless access points specially engineered to work with SonicWALL security appliances to provide wireless access throughout your enterprise. Configure your SonicPoint provisioning profiles. If you do not assign a default profile for a zone. SonicOS includes a default SonicPoint profile.page 49 Configuring SonicPoint Provisioning Profiles .
The remaining fields change depending on the selected authentication type.11g advanced options.11g radio.11g • 108 Mbps . use AutoChannel unless you have a reason to use or avoid specific channels. • For Radio Mode. see the SonicOS Enhanced Administrator’s Guide.11g Adv tab. all users in your company must use wireless access cards that support Turbo mode. You can choose from the following: • 11Mbps .802. select the speed that the SonicPoint will operate on. Note: WPA2 is a more secure replacement for the older WEP and WPA standards. • Enter a Name Prefix to be used as the first part of the name for each SonicPoint provisioned. • For Channel. In the Add/Edit SonicPoint Profile window on the General tab: • Select Enable SonicPoint. • 3.11g Radio tab: • Select Enable Radio. Under WEP/WPA Encryption.To add a new profile.Turbo G If you choose Turbo mode. • Select a schedule for the radio to be enabled from the drop-down list.11b • 54 Mbps . configure the advanced radio settings for the 802. The Deny List is enforced before the Allow List. To edit an existing profile. Page 50 Deploying SonicPoints for Wireless Access . SonicWALL recommends using WPA2 as the authentication type. select the Authentication Type for your wireless network. Select a MAC address group from the Deny List to automatically deny traffic from all devices with MAC addresses in the group. the default settings give optimum performance. • Enter a recognizable string for the SSID of each SonicPoint using this profile. 1. click Add below the list of SonicPoint provisioning profiles. For a full description of the fields on this tab. • Select the Country Code for where the SonicPoints are operating. In the 802.802. For most 802. Fill in the fields specific to the authentication type that you selected. select the profile and click the Configure icon in the same line as the profile you are editing. This is the name that will appear in clients’ lists of available wireless connections. Under ACL Enforcement. In the 802. select Enable MAC Filter List to enforce Access Control by allowing or denying traffic from specific devices. • • 2. Select a MAC address object group from the Allow List to automatically allow traffic from all devices with MAC addresses in the group.
select an address object to direct traffic to the SonicWALL SSL VPN appliance. checking Allow Interface Trust on the WLAN Zone creates the necessary Access Rules to allow hosts on these interfaces to communicate with each other.11a Advanced tabs are similar to the settings in the 802. Click the Wireless tab. select Only allow traffic generated by a SonicPoint to allow only traffic from SonicWALL SonicPoints to enter the WLAN Zone interface. select Enable Client AV Enforcement Service. if the WLAN Zone has both the X2 and X3 interfaces assigned to it. Configuring a Wireless Zone You can configure a wireless zone on the Network > Zones page. SonicWALL NSA 2400 Getting Started Guide Page 51 . click the icon in the Configure column. If your wireless network is already running WiFiSec. This provides maximum security on your WLAN. Typically. The settings in the 802. • 3. • • In the SSL VPN Server list. 5. IPS. 2. 4. 1. • In the Wireless Settings section.11a radio bands.11a Radio and 802.11a Adv tabs. In the 802. When finished. WPA traffic. Typically you would enable Gateway AntiVirus. select the service or group of services that you want to allow for clients authenticated through the SSL VPN.11a Radio and 802. In the SSL VPN Service list. Uncheck this option if you want to allow any traffic on your WLAN Zone regardless of whether or not it is from a SonicPoint. In the Edit Zone dialog box on the General tab. you can select WiFiSec Enforcement to require that all traffic that enters into the WLAN Zone interface be either IPsec traffic. • Select SSL VPN Enforcement to require that all traffic that enters into the WLAN Zone be authenticated through a SonicWALL SSL VPN appliance.11g Radio and 802.11a and 802.11g Advanced tabs.4. Select the checkboxes for the security services to enable on this zone. On the Network > Zones page in the WLAN row. If your wireless clients are all running SonicWALL Client Anti-Virus. For example. Therefore. and Anti-Spyware. Note: SSL VPN Enforcement allows the added security of one-time passwords when using a SonicWALL SSL VPN appliance. it can send and receive on both the 802. or both. you will configure the WLAN zone for use with SonicPoints. configure the settings for the operation of the 802. the Allow Interface Trust setting automates the creation of Access Rules to allow traffic to flow between the interfaces of a zone instance.11g bands at the same time. click OK. The SonicPoint has two separate radios built in.
In the Edit Interface dialog box on the General tab. 7. Whenever a SonicPoint connects to this zone. Click OK. • If you wish to run WPA or WPA2 in addition to WiFiSec. select the maximum number of SonicPoints allowed on this interface. you can assign an interface to it. 2. select the supported management protocol(s): HTTP. 5. select WLAN or the zone that you created from the Zone dropdown list. click the Configure icon in the row for the interface that you want to use. 3. SSH. you can specify the following: • Select WiFiSec Exception Service to select services that are allowed to bypass the WiFiSec enforcement. 6. The interface must be unassigned. If you want to allow selected users with limited management rights to log in to the security appliance. When finished. 5. HTTPS. 6. Optionally configure the settings on the Guest Services tab. Enter the IP address and subnet mask of the Zone in the IP Address and Subnet Mask fields. unless you have individually configured it with different settings. Additional fields are displayed. This is the interface where you will connect the SonicPoint. select HTTP and/or HTTPS in User Login. and/or SSH. Ping. select the SonicPoint Provisioning Profile you want to apply to all SonicPoints connected to this zone. 4. • Select Require WiFiSec for Site-to-Site VPN Tunnel Traversal to require WiFiSec security for all wireless connections through the WLAN zone that are part of a Site-to-Site VPN. X3. you can select Trust WPA/WPA2 traffic as WiFiSec to accept WPA and WPA2 as allowable alternatives to WiFiSec. If you have enabled WiFiSec Enforcement. click OK. On the Network > Interfaces page. If you want to enable remote management of the SonicWALL security appliance from this interface. Page 52 Deploying SonicPoints for Wireless Access . SNMP. Once the wireless zone is configured. you do not need to enable WiFiSec. it will automatically be provisioned by the settings in the SonicPoint Provisioning Profile. For information about configuring Guest Services. see the SonicOS Enhanced Administrator’s Guide.Assigning an Interface to the Wireless Zone Note: If you have configured WPA2 as your authentication type. In the SonicPoint Limit field. for example. • Under SonicPoint Settings. 1.
Connecting the SonicPoint When a SonicPoint unit is first connected and powered up. connect the SonicPoint to the interface that you configured. so that the SonicPoint can communicate with an authentication server for WPA-EAP support. As part of the provisioning process.168. SonicOS assigns the discovered SonicPoint device a unique name. it will have a factory default configuration (IP Address 192. 2. click the Synchronize SonicPoints button. it will enter into a standalone mode of operation with a separate stand-alone configuration allowing it to operate as a standard Access Point. Follow the instructions in the SonicPoint wizard.4GHz and 5GHz radio settings. Then connect the SonicPoint to a power source.20. see the SonicOS Enhanced Administrator’s Guide. The SonicWALL appliance downloads a SonicPoint image from the SonicWALL back-end server. It can also automatically assign the SonicPoint an IP address. and uses the profile associated with the relevant zone to configure the 2. 3. Using a Cat-5 Ethernet cable. If the SonicPoint locates a peer SonicOS device via the SonicWALL Discovery Protocol. For more information about wireless configuration. Be sure to select the same authentication type and enter the same keys or password that you configured in SonicOS. SonicWALL NSA 2400 Getting Started Guide Page 53 . the two units perform an encrypted exchange and the profile assigned to the relevant wireless zone is used to automatically configure (provision) the newly added SonicPoint unit. To connect the SonicPoint: 1. In the SonicOS user interface on the SonicPoint > SonicPoints page. password: password). it will attempt to find a SonicOS device with which to peer. If it is unable to find a peer SonicOS device.1. records the SonicPoint’s MAC address and the interface and zone on which it was discovered. if so configured. username: admin. Upon initializing.
page 55 Using the Active Connections Monitor .Troubleshooting Diagnostic Tools SonicOS provides a number of diagnostic tools to help you maintain your network and troubleshoot problems. and will stop when the buffer is full or when you click Stop.page 56 Using Log > View . and displays the captured packets.page 54 Using Ping . display settings and file export settings. Page 54 Troubleshooting Diagnostic Tools . If you simply click Start without any configuration. The Packet Capture screen has buttons for starting and stopping a packet capture. the SonicWALL appliance will capture all packets except those for internal communication. The captured packets contain both data and addressing information.page 57 Using Packet Capture Packet Capture allows you to capture and examine the contents of individual data packets that traverse your SonicWALL firewall appliance. This section contains the following subsections: • • • • Using Packet Capture . and others are available on other screens. Several tools can be accessed on the System > Diagnostics page. The System > Packet Capture page provides a way to configure the capture criteria.
The SonicOS user interface provides three windows to display different views of the captured packets: • • • Captured Packets Packet Detail Hex Dump • • • Display Filter – interfaces. try pinging the DNS server. Click the Configure button to customize the settings for the capture. packet types. click Start to begin capturing packets. If you can ping devices outside of the ISP. source/ destination Logging – automatic transfer of buffer to FTP server Advanced – generated packets. Once the configuration is complete. If the test is unsuccessful. management Using Ping Ping is available on the System > Diagnostics page. The settings available in the five main areas of configuration are summarized below: • • General – number of bytes to capture. GMS. or another machine at the ISP location. source/ destination The Ping test bounces a packet off a machine on the Internet and returns it to the sender. wrap capture buffer Capture Filter – interfaces. SonicWALL NSA 2400 Getting Started Guide Page 55 . then the problem lies with the ISP connection. This test shows if the SonicWALL security appliance is able to contact the remote host. syslog. try pinging devices outside the ISP. If users on the LAN are having problems accessing services on the Internet. packet types.
Select the Group Filters box next to any two or more criteria to combine them with a logical OR. This tool is available on the Systems > Diagnostics page. Src Interface and Dst Interface. Enter your filter criteria in the Active Connections Monitor Settings table. Destination IP. Page 56 Troubleshooting Diagnostic Tools . You can filter the results to display only connections matching certain criteria. Destination Port. You can filter by Source IP. filterable views of all connections to and through the SonicWALL security appliance.Using the Active Connections Monitor The Active Connections Monitor displays real-time. Protocol. The fields you enter values into are combined into a search string with a logical AND. exportable (plain text or CSV).
Select the Group Filters box next to any two or more criteria to combine them with a logical OR. You can view the log in the Log > View page. The fields you enter values into are combined into a search string with a logical AND. SonicWALL NSA 2400 Getting Started Guide Page 57 . You can filter the results to display only event logs matching certain criteria. The log is displayed in a table and can be sorted by column. Source (IP or Interface). Category. and Destination (IP or Interface).Using Log > View The SonicWALL security appliance maintains an Event log for tracking potential security threats. You can filter by Priority. or it can be automatically sent to an email address for convenience and archiving.
Deployment Configuration Reference Checklist Use this checklist to find more information about various deployment tasks within the SonicOS Enhanced Administrator’s Guide.. Configuring Access Rules Configuring Log Categories (“Logging Level” section) Configuring Zones (“Enabling SonicWALL Security Services on Zones“ section) Configuring SonicWALL Content Filtering Service Configuring Administration Settings ("Administrator Name & Password“ section) Configuring Log Automation (“Email Log Automation“ section) Configuring Interfaces (“Configuring Advanced Settings for the Interfaces“ section) Setting Up the DHCP Server Managing Users and Authentication Settings Configuring VPN Policies Managing SonicPoints Page 58 Deployment Configuration Reference Checklist ... Inspecting the rule base for inbound and outbound rules Setting logging levels Configuring threat prevention on all used zones Configuring Web filtering protection Changing administrator login Setting administrator email Disabling HTTP and ping access Disabling or enabling DHCP Configuring user management Configuring VPN policies Securing wireless access See this Chapter. For this Task..
page 63 Training .Support and Training Options 5 In this Section: This section provides overviews of customer support and training options for the SonicWALL NSA 2400.page 61 Knowledge Portal .page 65 SonicWALL NSA 2400 Getting Started Guide Page 59 .page 60 SonicWALL Live Product Demos .page 60 Support Services .page 61 Onboard Help .page 62 User Forums .page 64 Related Documentation . • • • • • • • • Customer Support .
that is not enough to keep your network safe these days. from our innovative implementation services to traditional statement of work-based services. For further information.sonicwall. So our support services also include crucial updates and upgrades.html> Support Services SonicWALL support services are designed not only to keep your security infrastructure current. Please review our Warranty Support Policy for product coverage. For further information. visit: <http://www.com/us/support/3870.com/us/support/contact. access to extensive electronic tools and timely hardware replacement. but also to react swiftly to any problem that may occur. the finest technical support. SonicWALL also offers a full range of consulting services to meet your needs.Customer Support SonicWALL offers Web-based and telephone support to customers who have a valid Warranty or who purchased a Support Contract.html> Page 60 Customer Support . visit: <http://www.sonicwall. However.
com/us/support.html> For further information. visit: <http://www.sonicwall.sonicwall.com> SonicWALL NSA 2400 Getting Started Guide Page 61 .SonicWALL Live Product Demos Get an interactive insight into SonicWALL security products and services with the following series of multimedia product demos: • • • • • • • • Unified Threat Management Platform Secure Cellular Wireless Continuous Data Protection SSL VPN Secure Remote Access Content Filtering Secure Wireless Solutions Email Security GMS and ViewPoint Knowledge Portal The Knowledge Portal is a resource which allows users to search for SonicWALL documents based on the following types of search tools: • • • Browse Search for keywords Full-text search For further information.livedemo. visit: <http://www.
0 features a dynamic Onboard Help in the form of helpful tooltips that appear over various elements of the GUI when the mouse hovers over them. and checkboxes. radio buttons. Tooltip display frequency can be configured from the System > Administration page. Page 62 Onboard Help . Elements that display these tooltips include: text fields. Select the Enable Tooltip checkbox to activate the Onboard Help.Onboard Help SonicOS 5. The Tooltip Delay time is a configurable value that determines how long the mouse must remain idle over a GUI element before the tooltip forms.
the following categories are available for users: • • • • • • • • • • • • Content Security Manager topics Continuous Data Protection topics Email Security topics Firewall topics Network Anti-Virus topics Security Services and Content Filtering topics GMS and Viewpoint topics SonicPoint and Wireless topics SSL VPN topics TZ 190 / Wireless WAN .com/> SonicWALL NSA 2400 Getting Started Guide Page 63 . In this forum.User Forums The SonicWALL User Forums is a resource that provides users the ability to communicate and discuss a variety of security and appliance subject matters.3G Capability topics VPN Client topics VPN site-to-site and interoperability topics For further information.sonicwall. visit: <https://forum.
visit: <http://www.sonicwall.html> Page 64 Training .Training SonicWALL offers an extensive sales and technical training curriculum for Network Administrators. SonicWALL Training provides the following resources for its customers: • • • • • E-Training Instructor-Led Training Custom Training Technical Certification Authorized Training Partners For further information. Security Experts and SonicWALL Medallion Partners who need to enhance their knowledge and maximize their investment in SonicWALL Products and Security Applications.com/us/support/training.
html> SonicWALL NSA 2400 Getting Started Guide Page 65 .0 Feature Modules • Application Firewall • Dashboard • HF License Sync • Multiple Admin • NAT Load Balancing • Packet Capture • RF Management • Single Sign On • SSL Control • Virtual Access Points SonicWALL GVC 4.sonicwall.Related Documentation See the following related documents for more information: • • • SonicOS Enhanced 5. visit: <http://www.1 Administrator’s Guide SonicWALL GAV 2.0 Release Notes SonicOS Enhanced 5.0 Administrator’s Guide SonicOS Enhanced 5.0 Administrator’s Guide SonicWALL ViewPoint 4.com/us/support/289.1 Administrator’s Guide SonicWALL IPS 2.0 Administrator’s Guide SonicWALL Anti-Spyware Administrator’s Guide SonicWALL CFS Administrator’s Guide • • • • • • For further information.
Page 66 Related Documentation .
page 70 Copyright Notice .page 71 SonicWALL NSA 2400 Getting Started Guide Page 67 . • • • • • Safety and Regulatory Information .page 68 Safety and Regulatory Information in German .page 71 Trademarks .page 69 FCC Part 15 Class A Notice . and copyright information. trademark.Product Safety and Regulatory Information 6 In this Section: This section provides regulatory.
must be used and hand tightened to ensure secure installation. Appropriate consideration of equipment nameplate ratings must be used when addressing this concern. • • • • • Cable Connections All Ethernet and RS232 (Console) cables are designed for intra-building connection to other equipment. Choose a mounting location where all four mounting holes line up with those of the mounting bars of the 19-inch rack mount cabinet. do so following the battery manufacturer's instructions. transmitters and broadband amplifiers. A minimum of 1 inch (25. The included power cord is intended for use in North America only. The SonicWALL must be returned to a SonicWALL authorized service center for replacement with the same or equivalent type recommended by the manufacturer. Route cables away from power lines. Particular attention must be given to power supply connections other than direct connections to the branch circuits such as power strips. Allow unrestricted airflow around the unit and through the vents on the side of the unit. The following conditions are required for proper installation: • • Use the mounting hardware recommended by the rack manufacturer and ensure that the rack is adequate for the application. Do not connect these ports directly to communication wiring or other wiring that exits the building where the SonicWALL is located. If. Lithium Battery Warning The Lithium Battery used in the SonicWALL Internet security appliance may not be replaced by the user. Mount in a location away from direct sunlight and sources of heat. a power cord is not included.44mm) clearance is recommended. the battery or SonicWALL Internet security appliance must be disposed of. Ensure that no water or excessive moisture can enter the unit. fluorescent lighting fixtures. and sources of noise such as radios. For European Union (EU) customers. • Mount the SonicWALL appliances evenly in the rack in order to prevent a hazardous condition caused by uneven mechanical loading. Page 68 Safety and Regulatory Information . Consideration must be given to the connection of the equipment to the supply circuit. for any reason. compatible with the rack design. Reliable grounding of rack-mounted equipment must be maintained.Safety and Regulatory Information Regulatory Model/Type 1RK14-053 Product Name NSA 2400 • • Rack Mounting the SonicWALL The above SonicWALL appliance is designed to be mounted in a standard 19-inch rack mount cabinet. A maximum ambient temperature of 104º F (40º C) is recommended. Four mounting screws. The effect of overloading the circuits has minimal impact on overcurrent protection and supply wiring.
Vergewissern Sie sich. vom Hersteller empfohlenen Batterietyp ersetzt. Stellen Sie sicher. Zum Austauschen der Batterie muss die SonicWALL in ein von SonicWALL autorisiertes Service-Center gebracht werden. Prüfen Sie dabei sorgfältig die Angaben auf dem Aufkleber des Geräts. Schließen Sie an die Anschlüsse der SonicWALL keine Kabel an.und RS232-C-Kabel eignen sich für die Verbindung von Geräten in Innenräumen. Für Kunden in der Europaïschen Union (EU) ist ein Netzkabel nicht im Lieferumfang enthalten. dass das Rack für dieses Gerät geeignet ist und verwenden Sie das vom Rack-Hersteller empfohlene Montagezubehör. das sich die Netzwerkkabel nicht in der unmittelbaren Nähe von Stromleitungen.herausgeführt werden. Dort wird die Batterie durch denselben oder entsprechenden. um mögliche Gefahren durch ungleiche mechanische Belastung zu vermeiden. Stellen Sie sicher. Für eine ordnungsgemäße Montage sollten die folgenden Hinweise beachtet werden: • • • Vergewissern Sie sich. bei Verwendung von Mehrfachsteckdosen. Hier ist ein Belüftungsabstand von mindestens 26 mm einzuhalten. Die Umgebungstemperatur darf nicht mehr als 40 °C betragen. Achten Sie darauf. B. dass das Gerät sicher im Rack befestigt ist. Beachten Sie bei einer Entsorgung der Batterie oder der SonicWALL Internet Security Appliance die diesbezüglichen Anweisungen des Herstellers. Hinweis zur Lithiumbatterie Die in der Internet Security Appliance von SonicWALL verwendete Lithiumbatterie darf nicht vom Benutzer ausgetauscht werden. Wählen Sie für die Montage einen Ort. dass die Luft um das Gerät herum zirkulieren kann und die Lüftungsschlitze an der Seite des Gehäuses frei sind. Verwenden Sie für eine sichere Montage vier passende Befestigungsschrauben. • • Prüfen Sie den Anschluss des Geräts an die Stromversorgung. Leuchtstoffröhren und Störquellen wie Funksendern oder Breitbandverstärkern befinden. • Kabelverbindungen Alle Ethernet. Das beigefügte Netzkabel ist nur für den Gebrauch in Nordamerikas Vorgesehen. der keinem direkten Sonnenlicht ausgesetzt ist und sich nicht in der Nähe von Wärmequellen befindet. damit der Überstromschutz sowie die elektrische Leitung nicht von einer eventuellen Überlastung der Stromversorgung beeinflusst werden. die aus dem Gebäude in dem sich das Gerät befindet . Insbesondere muss auf nicht direkte Anschlüsse an Stromquellen geachtet werden wie z. dass das Gerät vor Wasser und hoher Luftfeuchtigkeit geschützt ist. und ziehen Sie diese mit der Hand an. Bringen Sie die SonicWALL waagerecht im Rack an. • • • • SonicWALL NSA 2400 Getting Started Guide Page 69 .Safety and Regulatory Information in German Weitere Hinweise zur Montage Die oben genannten SonicWALL-Modelle sind für eine Montage in einem standardmäßigen 19-Zoll-Rack konzipiert.
FCC Part 15 Class A Notice NOTE: This equipment was tested and found to comply with the limits for a Class A digital device. FI. KE. this product may cause radio interference in which case the user may be required to take adequate measures. All certificates held by Secuwide. Complies with EN 55022 Class A and CISPR22 Class A. GB. All products with country code “B” are made in China. CA. IL. CZ. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. IT. KR. BE. This equipment generates. could void the user’s authority to operate this equipment. JP. HU. the device may cause harmful interference to radio communications. NL. FR. SG. BR. and can radiate radio frequency energy. DK. Cet appareil numérique de la classe A est conforme à toutes la norme NMB-003 du Canada. PL. Page 70 FCC Part 15 Class A Notice .C. IN. Declaration of Conformity Application of council Directive 2004/108/EC (EMC) and 2006/95/EC (LVD) Standards to which conformity is declared EN 55022 (2006) Class A EN 55024 (1998) +A2 EN 61000-3-2 (2006) +A2 EN 61000-3-3 (1995) +A2 EN 60950-1 (2001) +A11 National Deviations: AR. DE. SK. And if not installed and used in accordance with the instruction manual. MY. CN. CH. AT.O. US BMSI Statement Regulatory Information for Korea Ministry of Information and Telecommunication Certification Number VCCI Statement All products with country code “” (blank) and “A” are made in the USA. Corp. Inc. In a domestic environment. CISPR 22 (EN 55022) Class A Warning: This is a class A product. Canadian Radio Frequency Emissions Statement This Class A digital apparatus complies with Canadian ICES-003. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the interference at his own expense. AU. pursuant to Part 15 of the FCC Rules. SI. NO. GR. Caution: Modifying this equipment or using this equipment for purposes not shown in this manual without the written consent of SonicWALL. SE. uses. All products with country code "C" or "D" are made in Taiwan R.
Inc. Windows Vista. and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. All rights reserved. except in the normal use of the software to make a backup copy.S. Netscape Navigator and Netscape Communicator are also trademarks of Netscape Communications Corporation and may be registered outside the U.S. Trademarks SonicWALL is a registered trademark of SonicWALL. Netscape is a registered trademark of Netscape Communications Corporation in the U. Windows XP. Specifications and descriptions are subject to change without notice. whether or not sold. this manual or the software described within. or loaned to another person. Firefox is a trademark of the Mozilla Foundation. Acrobat. Internet Explorer. SonicWALL NSA 2400 Getting Started Guide Page 71 . Microsoft Windows 98. given.S. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies and are the sole property of their respective manufacturers. Windows Server 2003. This exception does not allow copies to be made for others. and Active Directory are trademarks or registered trademarks of Microsoft Corporation. without the written consent of the manufacturer. Adobe. Inc. cannot be copied. copying includes translating into another language or format. but all of the material purchased (with all backup copies) can be sold. in whole or part. and/or other countries. Under the law. Windows 2000. Under the copyright laws. and other countries.Copyright Notice © 2008 SonicWALL.
Notes Page 72 Notes .
Notes SonicWALL NSA 2400 Getting Started Guide Page 73 .
Notes Page 74 Notes .
Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice.sonicwall. 1143 Borregas Avenue Sunnyvale CA 94089-1306 T +1 408. is a registered trademark of SonicWALL.SonicWALL. . Inc.9600 F +1 408.745. Inc.745.com P/N 232-001276-50 Rev A 04/08 ©2008 SonicWALL. Inc.9300 www.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.