Dell NSA E8150 User Manual

Getting Started Guide
Dell SonicWALL E-Class NSA Appliances
NETWORK SECURITY
NSA E8510
Notes, Cautions, and Warnings
NOTE: A NOTE indicates important information that helps you make better use of your system.
CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2013 Dell, Inc. Trademarks: Dell™, the DELL logo, SonicWALL™, SonicWALL GMS™, SonicWALL Analyzer™, Reassembly-Free Deep Packet
Inspection™, Dynamic Security for the Global Network™, SonicWALL SuperMassive™ Appliances, SonicWALL Dynamic Support 24x7™, SonicWALL Comprehensive Gateway Security Suite™, SonicWALL McAfee Client/Server Anti-Virus Suite™, and all other SonicWALL product and service names and slogans are trademarks of Dell, Inc.
Microsoft Windows, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies
and are the sole property of their respective manufacturers. 2013 – 02 P/N 232-001858-51 Rev. A
2

In this Guide

I o
I o
E8510
Network Security Appliance
10GE
The Dell SonicWALL E-Class Network Security Appliance (NSA) E8510 is designed to be the most scalable, reliable, and best performing multifunction appliance in its class.
This Getting Started Guide provides instructions for basic installation and configuration of the Dell SonicWALL NSA E8510.
Note: Always observe proper safety and regulatory guidelines when removing administrator-serviceable parts from the Dell
SonicWALL NSA E8510. Proper guidelines can be found in the Product Safety and Regulatory Information section, on page 68 of this guide.
3 | In this Guide
This Getting Started Guide contains the following sections:
Chapter 1 Sections Include
Pre-Configuration Tasks - page 6 Dell SonicWALL NSA E8510 Package Contents - page7
Obtain Configuration Information - page 8
The Front Panel - page 10
The Back Panel - page 11
Front Bezel Control Features - page 12
LAN IP Configuration Example - page 16
Chapter 2 Sections Include
Registering Your Appliance - page 18 Before You Register - page 19
Creating a MySonicWALL Account - page 20
Registering and Licensing Your Appliance on MySonicWALL - page 20
Chapter 3 Sections Include
Deployment Scenarios - page 26 Selecting a Deployment Scenario - page 27
Initial Setup - page 31
Configuring a Stateful HA Pair - page 38
Configuring L2 Bridge Mode - page 44
4
Chapter 4 Sections Include
Additional Deployment Configuration - page 46 An Introduction to Zones and Interfaces - page 47
Creating a NAT Policy - page 48
Enabling Security Services in SonicOS - page 51
Applying Security Services to Zones - page 52
Troubleshooting Diagnostic Tools - page 52
Chapter 5 Sections Include
Support and Training Options - page 54 Customer Support - page 55
Knowledge Portal - page 55
User Forums - page 56
Training - page57
Related Documentation - page 58
Dynamic Tooltips - page 59
Dell SonicWALL Live Product Demos - page 59
Dell SonicWALL Secure Wireless Network Integrated Solutions Guide - page 60
Chapter 6 Sections Include
Rack Mounting Instructions - page 62 Rack Mounting Instructions - page 63
Chapter 7 Sections Include
Product Safety and Regulatory Information -
page 68
Safety and Regulatory Information - page 69
Warranty Information - page 73
Copyright Notice - page 73
5 | In this Guide

Pre-Configuration Tasks

1
In this Section:
This section provides pre-configuration information. Review this section before setting up your Dell SonicWALL NSA E8510.
Dell SonicWALL NSA E8510 Package Contents - page 7
Obtain Configuration Information - page 8
The Front Panel - page 10
The Back Panel - page 11
Front Bezel Control Features - page 12
LAN IP Configuration Example - page 16
6

Dell SonicWALL NSA E8510 Package Contents

E8510
Network Security Appliance
10GE
1
3
4
2
5
7
6
Getting Started Guide
Dell SonicWALL E-Class NSA Appliances
NETWORK SECURITY
NSA E8510
(x2)
Before you begin the setup process, verify that your package contains the following items:
1. One Dell SonicWALL NSA E8510 appliance
2. One serial CLI cable
3. One Ethernet cable
4. Two power cords*
5. One Rack Mounting Kit
6. One Dell SonicWALL NSA E8510 Getting Started Guide
*The included power cord(s) are approved for use only in specific countries or regions. Before using a power cord, ve rify that it is rated and approved for use in you r location. The power cords are for AC mains installation only. Field conversion DC power cable is diff erent, see Safety and Regulatory Informa tion for more information .
Missing Items? If any items are missing from your package, contact Dell SonicWALL Support: Web: http://www.sonicwall.com/us/Support.html Email: customer_service@sonicwall.com
7 | Dell SonicWALL NSA E8510 Package Contents

Obtain Configuration Information

Please record and keep for future reference the following setup information:

Registration Information

Serial Number:
Authentication Code:
Record the serial number found on the bottom panel of your Dell SonicWALL appliance.
Record the authentication code found on the bottom panel of your Dell SonicWALL appliance.

Networking Information

LAN IP Address:
. . .
Subnet Mask:
. . .
Ethernet WAN IP Address:
. . .
Select a static IP address for your Dell SonicWALL appliance that is within the range of your local subnet. If you are unsure, you can use the default IP address (192.168.168.168).
Record the subnet mask for the local subnet where you are installing your Dell SonicWALL appliance.
Select a static IP address for your Ethernet WAN. This setting only applies
if you are already using an ISP that assigns a static IP address.

Administrator Information

Admin Name:
Admin Password:
Select an administrator account name. (default is admin)
Select an administrator password. (default is password)
Obtain Configuration Information | 8

Obtain Internet Service Provider (ISP) Information

Record the following information about your current Internet service:
If You connect using
DHCP No information is usually required: Some providers
Static IP IP Address:
Please record
may require a Host name:
. . .
Subnet Mask: . . .
Default Gateway: . . .
Primary DNS: . . .
DNS 2 (optional): . . .
DNS 3 (optional): . . .
Note: If you are not using one of the network configurations
above, refer to the SonicOS Administrator’s Guide:
www.sonicwall.com/us/support
9 | Obtain Configuration Information

The Front Panel

E8510
Network Security Appliance
10GE
LCD Screen
Control Buttons
Console Port
USB Ports (2)
Reset Button
LED Indicators (left to right)
HA Port
X2-X3 (SFP)
X0-X1 (Copper)
Bypass Status LED
Access the SonicOS Command Line Interface (CLI) via the DB9 -> RJ45 cable
For future feature extensions
Press and hold for several seconds to manually reset the appliance
High speed Gigabit Ethernet ports
Lit: Indicates when fail to wire bypass mode is armed
Power (2): Blue: Indicates power supplies are operating correctly, Yellow: Indicates an unconnected power supply or failure Test: Quick blinking: Initializing, Slow blinking: SafeMode Solid: test mode.
Alarm: Alarm condition HD: Future extension
Navigate the LCD screen
Interface to display status, make conguration changes, restart the appliance or boot into SafeMode
Hot-pluggable “small form-factor pluggable transceiver” interfaces; 10GB SFP+ connectors are required (not included)
High Availability primary/secondary Gigabit Ethernet port
X4-X5 (10 GE)
10-Gigabit Ethernet ports
10

The Back Panel

I
o
I
o
Expansion Bay
Fans (2)
Power Supplies (2)
For SonicWall approved expansion modules
Dual auto-throttling fans for system temperature control
Dual power supplies for redundant AC power and added reliability Field conversion is available to convert to DC mains DC power supplies use different input connector and power cables
Warning: Potential Hazard from Fan
This manual contains specific warning and caution statements where they apply. Please read the Safety Instructions before use! See the Product Safety and Regulatory Information on page 68.
11 | The Back Panel

Front Bezel Control Features

Network Security Appliance
B
A
C
E
The Dell SonicWALL NSA E8510 is equipped with a front panel bezel interface that allows an administrator to customize certain aspects of the appliance or simply monitor its status without having to log into it through a separate terminal.
Icon Feature Description
LCD Screen Displays the front panel bezel interface
which can be used to display status information, perform basic configurations, restart the appliance or boot the appliance in SafeMode.
Control Buttons Up, Down, Left and Right buttons,
used to navigate the LCD menu system.
Note: Using the front bezel for configuration purposes prior to
completing initial setup will bypass the Setup Wizard’s automatic launch at startup.

LCD Control Buttons

The LCD interface is controlled by a D-pad, consisting of four buttons: up, down, left, right. The table below describes the functions of the buttons:
Button Navigation Features Up/Down Selects options and navigates up and
Left Cancels changes and returns to the
Right Confirms choices and enters menus.
down lists.
previous menu.
Also sets the appliance to screen-saver mode when used from the main menu.
Front Bezel Control Features | 12

Main Menu

Status

Upon booting the LCD display will initially show the Main Menu. The menu is made up of four options:
Contains basic status values including system resources, connections and port configuration values.
Allows configuration of basic system values including X0 (LAN) and X1 (WAN) port configuration. Requires system PIN for access, default: 76642.
Provides the ability to restart the appliance. Requires system PIN for access.
Provides the ability to restart and boot the appliance into SafeMode. Requires system PIN for access.
Use the Up and Down button to select the menu you wish to enter and click the Right button to enter it.
The Status menu allows you to view specific aspects of the appliance. Once selected, the LCD displays the Status List. This list is navigated using the Up and Down button s. Status options available include:
• Appliance serial number
• Firmware / ROM versions
• Appliance name
• Date and Time
•Uptime
• CPU statistical readings
• Current number of connections
• Interface (X0, X1) network settings
• Interface (X0, X1) data transfer statistics The X1 DNS1-3 entries will only be displayed if they have been
set from the Configure menu. If their value is still 0.0.0.0 (default value), they will not appear in the Status List.
13 | Front Bezel Control Features

Configure

The Configure Menu allows you to configure specific aspects of the appliance. Once selected, the LCD will display a PIN request.
Note: The Default PIN is 76642. This number spells SONIC
on a phone keypad. The PIN number can be changed from the System > Administration page.
If you choose yes, the screen notifies you that the settings are updated.
All numbers are inputted using the 4 buttons. Select the individual digit field using the Left and Right button and select the desired number using the Up and Down Button. Digits increase incrementally from 0 to 9. Press the Right button to confirm your PIN and enter the Configuration Menu.
The appliance allows the user to navigate in and out of the Configuration Menu without having to re-enter the PIN. However, once the appliance enters Screen-Saver Mode, whether from the 6 second time out or from pressing the Left button from the Main Menu, the PIN number must be re-entered again to access the Configuration Menu.
After entering a new value for a setting in the configuration menu, you are asked if you want to commit changes. Using the 4-way D-pad, press the Right button for yes or the Left button for no.

Configuration Options

This option allows you to configure network port settings for the appliance. Once selected, the LCD displays a list of configurable options. Status options available include:
• X0 IP and subnet
• X1 Mode
• X1 IP and subnet
• X1 Gateway
• X1 DNS settings (3 available)
• Restore defaults The X1 Mode can be set to Static (default option) or to DHCP. If
DHCP is selected, manual configuration options are not shown for X1 IP, subnet, gateway and DNS.
Front Bezel Control Features | 14
The Restore Defaults option will reset the appliance to default factory settings. If selected it will prompt for confirmation twice before restoring defaults.
If an option is selected but not modified, the appliance will display a message stating that no changes were made and will return the user to the edit value screen. If a change was made, it will prompt the user for confirmation before effecting the change.

Screen-Saver

If no button is pressed for over 60 seconds, or if the Left button is pressed from the Main Menu, the appliance will enter Screen­Saver mode. In this mode, the Status List will cycle, displaying every entry for a few seconds.
If the Up or Down button is pressed while in Screen-Saver mode, the appliance will display the adjacent status entry.

Restart

This option allows you to safely restart without resorting to power cycling the appliance. Once selected, the LCD will display a confirmation prompt. Select Y for yes and press the
Right button to confirm. The appliance will reboot.

SafeMode

This option will set the appliance to SafeMode. Once selected, the LCD will display a confirmation prompt. Select Y for yes and press the Right button to confirm. The appliance will change to SafeMode. Once SafeMode is enabled, the Dell SonicWALL NSA E8510 must be controlled from the Web management interface using the default LAN IP address, 192.168.168.168.
15 | Front Bezel Control Features
To exit Screen-Saver mode, press the Right button.

LAN IP Configuration Example

The Dell SonicWALL NSA E8510 is assigned the default LAN IP of 192.168.168.168. The following example provides steps for changing the default IP address to 192.168.168.10.
1. Press Right to exit screen-saver mode if not at the root menu.
2. Press Down to select the Configuration entry.
3. Press Right to enter Configuration Mode.
4. Input PIN (76642 by default; SONIC on a phone keypad.)
5. Press Up or Down until the cursor displays 7, press Right.
6. Continue this process until all of the numbers are entered.
7. Press Right to commit changes.
8. Press Down until X0 IP is selected (four times).
9. Press Right to configure X0 IP.
10. Edit X0 IP:
11. Press Right ten times to select the tenth digit.
12. Press UP or Down until the cursor displays 0.
13. Press Right once to select the next digit.
14. Press UP or Down until the cursor displays 1.
15. Press Right once to select the next digit.
16. Press Up or Down until the cursor displays 0.
17. Press Right to finish editing the X0 IP.
18. Press Right again to confirm changes.
LAN IP Configuration Example | 16
17 | LAN IP Configuration Example

Registering Your Appliance

2
In this Section:
This section provides instructions for registering your Dell SonicWALL NSA E8510.
Before You Register - page 19
Creating a MySonicWALL Account - page 20
Registering and Licensing Your Appliance on MySonicWALL - page 20
Note: Registration is an important part of the setup process and is necessary in order to receive the benefits of Dell SonicWALL security
services, firmware updates, and technical support.
18

Before You Register

You need a MySonicWALL account to register the Dell SonicWALL NSA E8510. You can create a new MySonicWALL account on www.mysonicwall.com or directly from the Dell SonicWALL management interface. This section describes how to create an account by using the Web site.
You can use MySonicWALL to register your Dell SonicWALL appliance and activate or purchase licenses for Security Services, Analyzer Reporting and other services, support, or software before you even connect your device. This allows you to prepare for your deployment before making any changes to your existing network.
For a High Availability configuration, you must use MySonicWALL to associate a secondary unit that can share the Security Services licenses with your primary appliance.
Note: Your Dell SonicWALL NSA E8510 does not need to be
powered on during account creation or during the MySonicWALL registration and licensing process.
Note: After registering a new Dell SonicWALL appliance on
MySonicWALL, you must also register the appliance from the SonicOS management interface. This allows the unit to synchronize with the Dell SonicWALL License Server and to share licenses with the associated appliance, if any. See the Accessing the
Management Interface section, on page 33.
19 | Before You Register

Creating a MySonicWALL Account

To create a MySonicWALL account, perform the following steps:
1. In your browser, navigate to:
www.mysonicwall.com
2. In the login screen, click the Register Now link if you are Not a registered user.
3. Complete the Registration form and then click Register.
4. Verify that the information is correct and then click Submit.
5. In the screen confirming that your account was created, click Continue.

Registering and Licensing Your Appliance on MySonicWALL

This section contains the following subsections:
Product Registration - page20
Licensing Application Intelligence and Control - page 21
Registering a Secondary Appliance - page 23
Registration Next Steps - page 24

Product Registration

You must register your Dell SonicWALL appliance on MySonicWALL to enable full functionality.
1. Login to your MySonicWALL account. If you do not have an account, you can create one at:
www.mysonicwall.com
2. On the main page, in the Register A Product field, type the appliance serial number and then click Next.
3. On the My Products page, under Add New Product, type the friendly name for the appliance, select the Product Group if any, type the authentication code into the appropriate text boxes, and then click Register.
4. On the Product Survey page, fill in the requested information and then click Continue.
Creating a MySonicWALL Account | 20

Licensing Application Intelligence and Control

In SonicOS 5.8 and higher, Application Intelligence and Application Control are available as licensed services.
• The Intelligence component is licensed as App Visualization, and provides identification and reporting of application traffic on the Dashboard > Real-Time Monitor and App Flow Monitor pages.
• The Control component is licensed as App Control, and allows you to create and enforce custom App Control and App Rules policies for logging, blocking, and bandwidth management of application traffic handled by your network.
Application Visualization and App Control are licensed together in a bundle with other security services including Dell SonicWALL Gateway Anti-Virus (GAV), Anti-Spyware, and Intrusion Prevention Service (IPS).
Note: Upon registration on MySonicWALL, or when you load
SonicOS 5.8 onto a registered Dell SonicWALL appliance, supported Dell SonicWALL appliances begin an automatic 30-day trial license for App Visualization and App Control, and application signatures are downloaded to the appliance.
Once the App Visualization feature is manually enabled on the
Log > Flow Reporting page by selecting the Enable Flow Reporting and Visualization checkbox, you can view real-time
application traffic on the Dashboard > Real-Time Monitor page and application activity in other Dashboard pages for the identified/classified flows from the Dell SonicWALL application signature database.
To begin using App Control, sele ct the Enable App Control checkbox on the Firewall > App Control Advanced page.
To create policies using Ap p Rules, which is included with the App Control license, select Enable App Rules on the Firewall > App Rules page.
The Dell SonicWALL Licensing server provides the App Visualization and App Control license keys to the Dell SonicWALL appliance when you begin a 30-day trial (upon registration) or purchase a Security Services license bundle.
For more information regarding Application Intelligence and Control, reference the following documents on:
www.sonicwall.com/us/support/:
• SonicOS 5.8 Application Control Feature Module
• SonicOS 5.8 NetFlow Reporting Feature Module
21 | Registering and Licensing Your Appliance on MySonicWALL

Licensing Security Services and Software

The Service Management - Associated Products page in MySonicWALL lists security services, support options, and software such as Analyzer that you can purchase or try with a free trial. For details, click the Info button. Your current licenses are indicated in the Status column with either a license key or an expiration date. Y ou can purchase additional services now or at a later time.
The following products and services are available for the Dell SonicWALL NSA E8510:
• Service Bundles:
• Client/Server Anti-Virus Suite
• Comprehensive Gateway Security Suite
• Gateway Services:
• Gateway AV / Anti-Spyware/Intrusion Prevention Service
• Content Filtering: Premium Edition
• Stateful High Availability
• Active/Active High Availability
• Application Visualization
• Application Control
• Comprehensive Anti-Spam (CASS)
• Desktop and Server Software:
• Enforced Client Anti-Virus and Anti-Spyware
• Global VPN Client
• Global VPN Client Enterprise
• VPN Policy Upgrade (for site-to-site VPN)
• SSL-VPN
• Virtual Assist
• Global Management System
• Analyzer
• Support Services:
• Dynamic Support 24x7
• Software and Firmware Updates
• Consulting Services:
• Implementation Service
• GMS Preventive Maintenance Service
To manage your licenses, perform the following tasks:
1. In the MySonicWALL Service Management - Associated Products page, check the Applicable Services table for services that your Dell SonicWALL appliance is already licensed for. Your initial purchase may have included security services or other software bundled with the appliance. These licenses are enabled on MySonicWALL when the Dell SonicWALL appliance is delivered to you.
2. If you purchased a service subscription or upgrade from a sales representative separately, you will have an Activation Key for the product. This key is emailed to you after online purchases, or is on the front of the certificate that was included with your purchase. Locate the product on the Services Management page and click Enter Key in that row.
Registering and Licensing Your Appliance on MySonicWALL | 22
3. In the Activate Service page, type or paste your key into the Activation Key field and then click Submit. Depending on the product, you will see an Expire date or a license key string in the Status column when you return to the Service Management page.
4. To license a product of service, do one of the following:
• To try a Free Trial of a service, click Try in the Service
Management page. A 30-day free trial is immediately activated. The Status page displays relevant information including the activation status, expiration date, number of licenses, and links to installation instructions or other documentation. The Service Management page is also updated to show the status of the free trial.
• To purchase a product or service, click Buy Now.
5. In the Buy Service page, type the number of licenses you want in the Quantity column for either the 1 year, 2 year , or 3 year license row and then click Add to Cart.
6. In the Checkout page, follow the instructions to complete your purchase.
The MySonicWALL server will generate a license key for the product. The key is added to the license keyset. You can use the license keyset to manually apply all active licenses to your Dell SonicWALL appliance.

Registering a Secondary Appliance

To ensure that your network stays protected if your Dell SonicWALL appliance has an unexpected failure, you can associate a second appliance with the first in a high availability (HA) pair. You can associate the two appliances as part of the registration process on MySonicWALL. The second Dell SonicWALL appliance will automatically share the Security Services licenses of the primary appliance.
To register a second appliance and associate it with the primary, perform the following steps:
1. Login to your MySonicWALL account.
2. On the main page, in the Register A Product field, type the appliance serial number and then click Next.
3. On the My Products page, under Add New Product, type the friendly name for the appliance, select the Product Group if any, type the authentication code into the appropriate text boxes, and then click Register.
4. On the Product Survey page, fill in the requested information and then click Continue. The Create Association Page is displayed.
23 | Registering and Licensing Your Appliance on MySonicWALL
Loading...
+ 51 hidden pages