Instruction/ maintenance manual of the product 4000 SonicWALL
Go to page of 68
C O M P R E H E N S I V E I N T E R N E T S E C U R I T Y b SonicWALL SSL VPN 4000 Getting Started Guide SonicWALL Internet Security Appliances.
SonicWALL SSL VPN 4000 Getting Started Guide Page 1 SonicWALL SSL VPN 4000 Appliance Getting Started Guide This Getting St arted Guide contains inst allation procedures an d configuration guidelines for deploying a SonicW ALL SSL VPN 4000 appliance into an existi ng or new network.
Page 2 Befor e Y ou Begin Chec k Pa c ka g e Contents • One SonicW ALL SSL VP N 4000 appliance • One SonicW ALL SSL VP N 4000 Getting S tarted Guide • One SonicW ALL SSL VPN Release Notes • On.
SonicWALL SSL VPN 4000 Getting Started Guide Page 3 Networ k Conf igur a tion Informa tion Collect the following information abo ut your current network configuration: Primary DNS: Secondary DNS (opti.
Page 4 Selecting a SonicWALL R ecommended Deplo yment Scenario The deployment scenarios described in this section are based on actua l custo m er deployment s and are SonicW ALL-recommended deployment best practices. This section describes three common deplo yments of the SonicW ALL SSL VPN 4000.
SonicWALL SSL VPN 4000 Getting Started Guide Page 5 Applying P ower to th e SonicWALL SSL VPN 4000 1. Plug the power cord into th e SonicW ALL SSL VPN 4000 and into an appro priate power outlet. 2. T urn on the power switch on the rear of the appliance next to the power cord .
Page 6 Accessing the Manag ement Interface T o access the W eb-based manage ment interface of the SonicW ALL SSL VPN 4000: 1. Connec t one end of a crossover cable int o the X0 port of your SonicW ALL SSL VPN 4000. Connect the other end of the cable into the computer you are using to manage the SonicW ALL SSL VPN 4000.
SonicWALL SSL VPN 4000 Getting Started Guide Page 7 5. The SonicW ALL SSL VPN management interfac e displays and prompts you to enter your user name and p assword. Enter “admin” in the User Name field, “passwor d” in the Password field, select LocalDomain from the Domain drop - do wn list and click the Login button.
Page 8 Configuring Y our SonicWALL SSL VPN 4000 Once your SonicW ALL SSL VPN 4000 is connected to a computer through the management port (X0) , it can be configured through the W eb-based ma nagement interface.
SonicWALL SSL VPN 4000 Getting Started Guide Page 9 Setting Y our Administr a tor P assw or d 1. Select the Users > Local Users page 2. Click the Configure button corresponding to the “admin” account. Note: Changing your password from the factory default is optio nal but strongly recommended.
Page 10 6. Select Us er from the User T ype drop-down menu. 7. Click the Add button. Setting Time Zone 1. Select the System > Time page. 2. Select the appr opriate time zone from the drop-down menu . 3. Click the Accept button. Note: Setting the time correctly is essential to many of th e op er at ions of the SonicWALL SS L VPN 4000.
SonicWALL SSL VPN 4000 Getting Started Guide Page 11 3. Enter your primary DNS ser ver information in the Primary DNS Server field. 4. (Optional) Enter a secondary DNS server in the Secondary DNS Server field. 5. (Option al) Enter your DNS Domain in the DNS Domain Field.
Page 12 When you click OK , you will lose your connec tion to the SSL VP N. 4. Reset the computer you use to mana ge the SonicW ALL SSL VPN 4000 to have a static IP address in th e range you ju st set for the X0 interface, f or example, 10.1.1.20 or 192.
SonicWALL SSL VPN 4000 Getting Started Guide Page 13 Config uring a Default R oute Refer to the following t able to correctly configure your default r oute. If you do not know your scenario, refer to “Selecting a SonicW ALL Recommended Deployment Scenario” o n pag e 4.
Page 14 4. Enter your subnet mask in the Subn et Mask field. 5. Click the Add button to add this client route. Setting your NetExtender Addr ess Range The NetExtender IP range defines the IP address pool from which addresses will be assigned to remote users during NetExtender sessions.
SonicWALL SSL VPN 4000 Getting Started Guide Page 15 T o set your NetExtender addr ess ran ge, per form the following steps: 1. Select the NetExtender > Client Setting s page. 2. Enter an address ra nge for you r clients in the Client Address Range Begin and Client Address Ra nge End fields.
Page 16 For example, if your current T ransparent range is 67.1 15.1 18.75 through 67.1 15.1 18.80, and you wish to support 50 concurrent NetExt ender clients, configure your SSL VP N X0 interface with an available IP address in the T ransparent range, such as 67.
SonicWALL SSL VPN 4000 Getting Started Guide Page 17 Connecting the SonicWALL SSL VPN 4000 Before continuing, reference the diagra ms on the following pages to conne ct the SonicW ALL SSL VPN 4000 to your network.
Page 18 Scenario B: Configuring Y our Networ k Interface Configure your SonicW ALL SSL VPN 4000 to connect with your SonicW ALL UTM appliance under network configur ations given in Scenario B. On your SonicW ALL SSL VPN 4000: 1. Select the Network > Interface s page .
SonicWALL SSL VPN 4000 Getting Started Guide Page 19 Scenario B: Connecting the SonicWALL SSL VPN 4000 T o connect the SonicW ALL SSL VPN 4000 using Scenario B, perform the following steps: 1.
Page 20 4. Enter your subnet mask in the Subn et Mask field. 5. Click the OK button to apply chan ges. Scenario C: Connecting the SonicWALL SSL VPN 4000 T o connect the SonicW ALL SSL VPN 4000 using Scenario C, perform the fo llowing steps: 1. Connec t one end of a crossover cable to an unused port on your LAN hub or switch.
SonicWALL SSL VPN 4000 Getting Started Guide Page 21 Configuring Y our Ga tewa y De vice Now that you have set up your Soni cW ALL SSL VPN 4000, you need to config ur e your gateway device to work with the SonicW ALL SSL VPN 4000.
Page 22 Scenario A: Configuring a DMZ or OPT P ort in SonicOS Standar d 1. Select the Network > Settings p age. 2. Click Configure button for the DMZ or OPT interface. Select the DMZ in NA T Mode radio button. 3. Enter 192.168.200.2 in the DMZ Private Address field.
SonicWALL SSL VPN 4000 Getting Started Guide Page 23 4. In the Step 1: Access Rule T ype page, select Public Server Rule and click Next . 5. In the Step 2: Public Server p age, perform the following selections: Click Next .
Page 24 If you are allowing HTTP access to the SonicWALL SSL VPN appliance, create a public server access rule for HTTP: 1. In the Firewall > Access Rules page, click . 2. In the Welcome to t he Networ k Access R ules Wizard page, click Next . 3. In the Step 1: Access Rule T ype page, select Public Server Rule .
SonicWALL SSL VPN 4000 Getting Started Guide Page 25 6. In the Step 4: Acces s Rule Source Int erface and Addr ess page, per for m the following selections and click Next : Interface DMZ IP Address Begin The X0 IP address of the SonicWALL SSL VPN appliance, 192.
Page 26 7. In the Step 5: Acce ss Rule Des tination Interface a nd Addres s page, perform the following selections and click Next : 8. In the Step 6: Access Rule Time page, leave Time Ac t iv e s et to Always Active unless you want to lim it when you want SS L VPN clients to have access to the LAN.
SonicWALL SSL VPN 4000 Getting Started Guide Page 27 Create acce ss to the LAN for NetExtende r: 1. In the Firewall > Access Rules page, click . 2. In the Welcome to the SonicW ALL Network Access Rules p age, click Next . 3. In the Step 1: Access Rule T ype page, select General Rule .
Page 28 Scenario A: Adding a Ne w SSL VPN Custom Zone in SonicOS Enhanced 1. Select the Network > Interface s page . 2. Click Configure button f or the X2 inter face (or any other av ailable interfac e). 3. Select Create New Zone in Zone field. The Add Zone window opens.
SonicWALL SSL VPN 4000 Getting Started Guide Page 29 Scenario A: Allowing WAN -> SSL VPN Connection in SonicOS Enhanc ed Follow this procedure if you are co nnecting your SonicW ALL SSL VPN 4000 to a SonicW ALL UTM appliance run ning SonicOS Enhanced .
Page 30 5. In the Add Serv ice Group dia log box, create a se rvice group for HTTP and HTTPS: • Enter a name for the service. • Select both HTTP and HTTPS and click . • Click OK when both HTTP and HTTPS are in the right column. 6. In the Step 2: Se rver Private Network Conf iguration pa ge, enter: Click Next .
SonicWALL SSL VPN 4000 Getting Started Guide Page 31 7. In the Step 3: Server Public Informa tion page, either acc ept the default IP address or enter an IP address in your allowe d public IP range. Note: The default IP address is the WAN IP address of your SonicWALL UTM appliance.
Page 32 Scenario A: Allowing SSL VPN -> L AN Connection in SonicOS Enhanced When users have connecte d to the SSL VPN, they need to be able to connect to resources on the LAN. 1. In the administration interface, naviga te to the Network > Address Object s page.
SonicWALL SSL VPN 4000 Getting Started Guide Page 33 Click OK to create the object. 6. In the middl e of the Network > Address Object s page, below the Ad dress Gr oup s table, click .
Page 34 10. In the Add Rule window , create a rule to allow the address gr oup you just created access to the LAN: Click Add to create the rule. Continue t o S tep Action Allow From Zone SSL VPN T o Z.
SonicWALL SSL VPN 4000 Getting Started Guide Page 35 Scenario B: SSL VPN on Existing DMZ This section provides procedures to co nfigure your gateway appliance based on Scenario B.
Page 36 4. In the Step 1: Access Rule T ype page, select Public Server Rule and click Next . 5. In the Step 2: Public Server page, perf orm the following selections: Click Next . 6. In the Congratulations p age, click Apply to create the rules and allow access fr om the W AN to the SonicW ALL SSL VPN appliance on the DMZ.
SonicWALL SSL VPN 4000 Getting Started Guide Page 37 If you are allowing HTTP access to the SonicW ALL SSL VPN appliance, create a public server access rule for HTTP: 1. In the Firewall > Access Rules page, click . 2. In the Welcome to the Network Acces s Rules Wiza rd p age, click Next .
Page 38 6. In the Step 4: Access Rule Source Interface and Address p age, perform the following selections and click Next : Interface DMZ IP Address Begin The X0 IP address of the SonicWALL SSL VPN appliance within your DMZ range, for example 10.1.1.200 .
SonicWALL SSL VPN 4000 Getting Started Guide Page 39 7. In the Step 5: Access Rule Destina tion Interface and Address p age, perform th e following selections and click Next : 8. In the Step 6: Access Rule Time p age, leave Time Ac ti v e set to Always Active unless you want to limit when you want SSL V PN clients to have access to the LAN.
Page 40 Create access to the LAN for NetExtender: 1. In the Firewall > Access Rules page, click . 2. In the Welcome to the SonicW ALL Network Access Ru les page , click Next . 3. In the Step 1: Access Rule T ype page, select General Rule . Click Next .
SonicWALL SSL VPN 4000 Getting Started Guide Page 41 Scenario B: Allowing WAN -> DMZ Connection in SonicOS Enhanced Follow this procedure if you are co nnecting your SonicW ALL SSL VPN 4000 to a SonicW ALL UTM appliance run ning SonicOS Enhanced .
Page 42 5. In the Add Serv ice Group dia log box, create a se rvice group for HTTP and HTTPS: • Enter a name for the service. • Select both HTTP and HTTPS and click . • Click OK when both HTTP and HTTPS are in the right co lumn. 6. In the Step 2: Se rver Private Network Conf iguration pa ge, enter: Click Next .
SonicWALL SSL VPN 4000 Getting Started Guide Page 43 7. In the Step 3: Server Public Informa tion page, either acc ept the default IP address or enter an IP address in your allowe d public IP range. Note: The default IP address is the WAN IP address of your SonicWALL UTM appliance.
Page 44 Scenario B: Allowing DMZ -> LA N Conn ecti on in Soni cOS Enhanc ed When users have connecte d to the SSL VPN, they need to be able to connect to resources on the LAN. 1. In the administration interface, naviga te to the Network > Address Object s page.
SonicWALL SSL VPN 4000 Getting Started Guide Page 45 Click OK to create the object. 6. In the middl e of the Network > Address Object s page, below the Ad dress Gr oup s table, click .
Page 46 10. In the Add Rule window , create a rule to allow the address gr oup you just created access to the LAN: Click OK to create the rule. Continue t o S tep Action Allow From Zone DMZ T o Zone L.
SonicWALL SSL VPN 4000 Getting Started Guide Page 47 Scenario C: SSL VPN on the LAN This section provides procedures to co nfigure your gateway appliance based on Scenario C.
Page 48 Scenario C: Setting Public Ser v er Access in SonicOS St andar d 1. Select Wizards in the left naviga tio n bar . 2. Click the Network Access Rules Wizard option and press the Ne xt button. 3. Select Public Server Rule . 4. Enter a comment, such as “W AN to SSL VPN” to describe your connectio n.
SonicWALL SSL VPN 4000 Getting Started Guide Page 49 Scenario C: Setting Pub lic Serv er Access in SonicOS Enhanced 1. Select Wizards in the left navigation bar . 2. Click the Public Server Wizard option and press the Ne xt button. 3. Select Web Server from the Server T ype drop-d own menu.
Page 50 T esting Y our SSL VPN Connection Now you have configured your Son icW ALL UTM appliance and SonicW ALL SSL VPN 4000 for se cure SSL VPN remote acce ss.This section provides instructions to verify your SSL VPN conn ectio n using a remote client on the W AN.
SonicWALL SSL VPN 4000 Getting Started Guide Page 51 4. Select NetExt ender from the lef t navigation bar . This will start th e NetExtender client installation. 5. Click the NetExtender button and complete th e client inst allation. When complete, the following message is displayed: 6.
Page 52 R e gistering Y our SonicWALL SSL VPN 4000 Befor e Y ou Re gister V erify that the time, DNS, and default r oute settings on your SonicW ALL SSL VPN are correct bef ore you regis ter your ap pliance. T o veri fy or configur e the time s ettings, navigate to the System > Time p age.
SonicWALL SSL VPN 4000 Getting Started Guide Page 53 3. On the System > Licenses page, click Activate, Upgrade , or Renew serv ic es . The License Man agement page is displayed. 4. If you have a mySonicW ALL.com account, enter yo ur mySonicW ALL.com user name and password into the fields and then click Submit .
Page 54 5. Enter a descriptive name for yo ur SonicW ALL SSL VPN in the Friendly Name field. 6. Under Product Survey , fill in the r equested information a nd then click Submit . Th e display changes to inf orm you th at your Sonic WALL SSL VPN 400 0 is regist er e d.
SonicWALL SSL VPN 4000 Getting Started Guide Page 55 Configuring Dynamic DNS To begin using Dynamic DNS, you must first set up an account with one of the 4 free service providers listed below: • DynDNS.org • changeip.com • No-IP .com •y i . o r g It is possible to use multiple providers simult aneously.
Page 56 To configure Dynamic DNS on the SonicW ALL UTM ap pliance, perform these steps: 1. On the Network > Dynamic DNS page, click the Add button. The Add DDNS Profile window is displayed.
SonicWALL SSL VPN 4000 Getting Started Guide Page 57 7. Enter the fully qualified d omain nam e (FQDN) of the hostnam e you regist ered with dyndns.org. Make sure you provide the same hostname and domain as you configured. 8. Y ou may optionally select Enable Wildcard and/or configure an MX entry in the Mail Exchanger field.
Page 58 Configuring a Static IP Addr ess If you did not enable the SonicW ALL UTM appliance DHCP server , you must configure each computer with a st atic IP address from your LAN or WLAN IP address range.
SonicWALL SSL VPN 4000 Getting Started Guide Page 59 Windows NT 1. From th e Star t menu, highlight Settings and then select Control Panel . 2. Open Network . 3. Double-click TCP/IP in the TCP/IP Properties window . 4. Select Specify an IP Address . 5.
Page 60 Mounting Guidelines The SonicW ALL SSL VPN 4000 is designed to be mounted in a standar d 19-inch rack mount cabinet. The following condi tions are required for proper inst allation: • Use the mounting hardwar e recommended by the rack manufacturer and en sure that the rack is adequate for the application.
SonicWALL SSL VPN 4000 Getting Started Guide Page 61 Glossary of Net wor king T erms ActiveX - A technology that allows the sharing of applications and data across the W eb.
Page 62 SSL VPN - Secure Socket Layer Virtual Private Networking. A secured p rivate communications network usually used within a company , or by several different companies or organizations, communicating over a public network. SSL technology is used either for tunneling the entire network stack, or for securing what is essentially a Web proxy .
SonicWALL SSL VPN 4000 Getting Started Guide Page 63 SonicWALL SSL VPN 4000 Appliance Re gulatory Sta tement and Saf ety Instr uctions Detailed regulatory info rmation can be found in the electronic file, “ SonicW ALL_SSL-VPN_Regulatory_St atement.
Page 64 Copyright Notice © 2008 SonicW ALL, Inc. All rights reserved . Under the copyright laws, this manual or the soft ware described within, can not be copied, in whole or p art, without the written consent of the manufactur er , except in the normal use of the sof tware to make a backu p copy .
SonicWALL SSL VPN 4000 Getting Started Guide Page 65 Notes.
Page 66 Notes.
©20 0 8 So n ic WA LL , In c . i s a r e gi s te re d tr a d em a rk o f S o ni c WAL L , I n c . O t h er p ro d uc t n a me s me nt i on e d he r ei n m ay b e tr a d em a rk s a n d /o r r e gi s te re d tr a d em a rk s o f th e ir re s p e c ti v e c om p a ni e s.
An important point after buying a device SonicWALL 4000 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought SonicWALL 4000 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data SonicWALL 4000 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, SonicWALL 4000 you will learn all the available features of the product, as well as information on its operation. The information that you get SonicWALL 4000 will certainly help you make a decision on the purchase.
If you already are a holder of SonicWALL 4000, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime SonicWALL 4000.
However, one of the most important roles played by the user manual is to help in solving problems with SonicWALL 4000. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device SonicWALL 4000 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
