Page 1
WXA 1.3
User’s Guide
| 1
Page 2
Notes, Cautions, and Warnings
NOTE: A NOTE indicates important information that helps you make better use of your system.
CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions
are not followed.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2014 Dell Inc.
Trademarks: Dell™, the DELL logo, SonicWALL™, and all other SonicWALL product and service names and
slogans are trademarks of Dell Inc.
2014 – 02 P/N 232-002401-00 Rev. A
2 | Dell SonicWALL WXA 1.3 User’s Guide
Page 3
Table of Contents
Part: Introduction
Chapter 1 Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Organization of this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Guide Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Dell SonicWALL Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
More Information on Dell SonicWALL Products . . . . . . . . . . . . . . . . . . . . . .12
Current Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Chapter 2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
What is WAN Acceleration? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
New Features in WXA 1.3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Key Features in WXA 1.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Deployment Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Deployment Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
WXA Series Appliance Management Interface . . . . . . . . . . . . . . . . . . . . . . . 18
Part: Status
Chapter 3 Viewing Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
WAN Acceleration > Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Status Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Settings Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Chapter 4 Configuring the WXA Series Appliance . . . . . . . . . . . . . . . . . . . . . . . 33
Configuring Network Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Part: TCP Acceleration
Chapter 5 Viewing the TCP Acceleration Page. . . . . . . . . . . . . . . . . . . . . . . . . . 41
WAN Acceleration > TCP Acceleration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Statistics Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Statistics Breakdown Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Connections Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Chapter 6 Configuring TCP Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
WAN Acceleration > TCP Acceleration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Configuring TCP Acceleration on a Site-to-Site VPN . . . . . . . . . . . . . . . . . .47
Configuring TCP Acceleration on a Non-VPN (Routed Mode) . . . . . . . . . . . 49
Table of Contents | 3
Page 4
Configuring the TCP Acceleration > Configuration Tab. . . . . . . . . . . . . . . . .56
Verifying the TCP Acceleration Configuration. . . . . . . . . . . . . . . . . . . . . . . .59
Part: WFS Acceleration
Chapter 7 Viewing the WFS Acceleration Page . . . . . . . . . . . . . . . . . . . . . . . . . 63
WAN Acceleration > WFS Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
WFS Acceleration Page Using Unsigned SMB. . . . . . . . . . . . . . . . . . . . . . .65
WFS Acceleration Page Using Signed SMB. . . . . . . . . . . . . . . . . . . . . . . . .67
Chapter 8 Configuring WFS Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
WAN Acceleration > WFS Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Configuring WFS Acceleration Using Unsigned SMB. . . . . . . . . . . . . . . . . .98
Configuring WFS Acceleration Using Signed SMB. . . . . . . . . . . . . . . . . . . .99
Verifying the WFS Acceleration Configuration . . . . . . . . . . . . . . . . . . . . . . 117
Part: Web Cache
Chapter 9 Viewing the Web Cache Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
WAN Acceleration > Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Status Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
Statistics Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Tools Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Chapter 10 Configuring the Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
WAN Acceleration > Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Configuring the Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Verifying Web Cache Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Diagnosing and Testing Performance of the Web Cache . . . . . . . . . . . . . . 135
Part: System
Chapter 11 Viewing the System Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
WAN Acceleration > System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
System Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Interface Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Management Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Settings Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Firmware Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Part: Log
Chapter 12 Viewing the Log Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
WAN Acceleration > Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Part: Appendices
Appendix A: Configuring the WXA to the Domain Without Using the WXA Management Interface153
Automatically Joining the Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
4 | Dell SonicWALL WXA 1.3 User’s Guide
Page 5
Configuring Custom Zones for WXA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Configuring Reverse Lookup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Manually Adding SPN Hostnames in DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Appendix B: Configuring the NetExtender WAN Acceleration Client . . . . . . . 159
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Requirements / Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Deployment Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Enabling WXAC on the Central Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Configuring WXAC on a Remote PC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
Table of Contents | 5
Page 6
6 | Dell SonicWALL WXA 1.3 User’s Guide
Page 7
Introduction
| 7
Page 8
8 | Dell SonicWALL WXA 1.3 User’s Guide
Page 9
About this Guide
Welcome to the WXA 1.3 User’s Guide. This manual provides the information you need to
successfully activate, configure, and administer a WXA series appliance.
Note Always check http://www.sonicwall.com/us/support.html for the latest version of this manual
as well as other Dell SonicWALL products and services documentation.
Organization of this Guide
The WXA 1.3 User’s Guide organization is structured into the following parts that parallel the
WAN Acceleration Web Management Interface. Within these parts, individual chapters
correspond to the Dell SonicWALL WXA series appliance management interface layout.
Chapter 1
Preface
Part 1 Introduction
Provides an overview of new Dell SonicWALL WXA series appliance features, guide
conventions, support information, and an overview of the WXA series appliance management
interface.
Part 2 Status
An overview of the Status page, providing a dashboard view of the System Information, TCP
Acceleration, WFS Acceleration, and Web Cache of your Dell SonicWALL WXA series
appliance.
Part 3 TCP Acceleration
Details the TCP Acceleration page, providing options to configure and monitor the TCP
Acceleration service. This section details the functions of the Configuration, St atistics, S tatistics
breakdown, and Connections tabs.
Preface | 9
Page 10
Part 4 WFS Acceleration
Covers the management interface functions and configuration procedures for the WFS
Acceleration page. The WFS Acceleration service can be configured to use Unsigned and/or
Signed SMB. Unsigned SMB is used for networks that do not require traffic signing. Signed
SMB is used for networks that require traffic signing for security reasons, and provides two
configuration modes for the WFS Acceleration service: Basic or Advanced. The Basic
configuration mode provides basic WFS Acceleration configuration options for a quick and easy
deployment of the WFS Acceleration feature. The Advanced configuration mode provides
detailed WFS Acceleration configuration options for the domain details and file shares.
Part 5 Web Cache
Covers the management interface functions and configuration procedures for the Web Cache
page. Configure, monitor , and diagnose the Web Cache feature using the S tatus, S tatistics, and
Tools tabs.
Part 6 System
Details the System page, describing the management interface functions and configurations
procedures for the System Stat us, Interface S t atus, Management, Settings, and Firmware tabs.
Part 7 Log
Covers the Log page, which displays a detailed list of the Dell SonicWALL WXA series
appliance’s log event messages. This page has multiple options to customize how log event
messages are viewed.
Part 8 Appendices
This part contains appendices for configuring the WXA series appliance to join the domain
without using the WAN Acceleration management interface, and for configuring the
NetExtender WAN Acceleration Client (WXAC).
10 | Dell SonicWALL WXA 1.3 User’s Guide
Page 11
Guide Conventions
The following conventions used in this guide are as follows:
Convention Use
Bold Highlights items you can click or select on the WXA series
appliance management interface. For example, “Click the
Caching Strategy drop-down menu and select Minimal.”
Note: This only applies to sections in this document that contain
configuration procedures or management interface
descriptions
Italic Highlights a value to enter into a field. For example, “Type
192.168.168.168 in the IP Address field.”
Menu Item > Menu Item Indicates a multiple step Management Interface menu choice. For
example, “Navigate to the WAN Acceleration > System page
means select WAN Acceleration then select System.
Dell SonicWALL Technical Support
For timely resolution of technical support questions, visit Dell SonicWALL on the Internet at
http://www.sonicwall.com/us/Support.html. Web-based resources are available to help you
resolve most technical issues or contact Dell SonicWALL Technical Support. To contact Dell
SonicWALL telephone support, see the telephone numbers listed below:
North America Telephone Support
U.S./Canada: +1 888.793.2830 or +1 408.837.4317
International Telephone Support
Australia: + 1800.35.1642
Austria: +43(0)820.400.105
EMEA: +31(0)411.617.810
France: +44 193.257.3927
Germany: +44 193.257.3910
Hong Kong: +1 800.93.0997
India: 000.800.100.3395
Italy: +44 193.257.3928
Japan: 0120.569122
New Zealand: + 800.446489
Singapore: + 800.110.1441
Spain: +44 193.257.3921
Switzerland: +44 193.257.3929
UK: +44 193.257.3929
Preface | 11
Page 12
More Information on Dell SonicWALL Products
Contact Dell SonicWALL, Inc. for information about Dell SonicWALL products and services at:
Web:http://www.sonicwall.com
E-mail:sales@sonicwall.com
Phone:(408) 745-9600
Fax:(408) 745-9300
Current Documentation
Check the Dell SonicWALL documentation Web site for that latest versions of this manual and
all other Dell SonicWALL product documentation.
http://www.sonicwall.com/us/Support.html
12 | Dell SonicWALL WXA 1.3 User’s Guide
Page 13
Introduction
WXA 1.3 is the latest version of firmware for the Dell SonicWALL WXA series appliance. This
chapter provides an overview of the WAN Acceleration feature, the WAN Acceleration
management interface, deployment prerequisites and considerations, supported platforms, and
details the key features in the WXA 1.3 and previous releases. This chapter contains the
following sections:
• What is WAN Acceleration? on page 13
• New Features in WXA 1.3 on page 15
• Key Features in WXA 1.3 on page 16
• Deployment Prerequisites on page 17
• Deployment Considerations on page 17
• Supported Platforms on page 18
• WXA Series Appliance Management Interface on page 18
Chapter 2
Introduction
What is WAN Acceleration?
The WAN Acceleration service allows network administrators to accelerate WAN traffic
between a central site and a branch site, using Transmission Control Protocol (TCP)
acceleration methods, Windows File Sharing (WFS) acceleration, and Web caching. The Dell
SonicWALL WXA series appliance is deployed in conjunction with a Dell SonicWALL NSA/TZ
series appliance. In this type of deployment, the NSA/TZ series appliance provides dynamic
security services, such as attack prevention, Virtual Private Network (VPN), routing, and Web
Content Filtering. The WAN Acceleration service can increase application performance.
Introduction | 13
Page 14
The illustration below displays the basic network topology for the Dell SonicWALL WXA se ries
Internet
PC
PC
PC
Branch Site
Central Site
WXA series
appliance
NSA/TZ series
appliance
NSA/TZ series
appliance
WXA series
appliance
Domain
Controller
Switch
Switch
File
Server
Email
Server
Web
Server
appliance and the NSA/TZ series appliances.
Transmission Control Protocol Acceleration
The TCP Acceleration service is a process that decreases the amount of data passing over the
WAN by using compression, which accelerates selected traffic passing between a central site
and a branch site. The selected traffic is stored in the Dell SonicW ALL WXA series appliances’
shared databases as blocks of data and tagged with reference indexes. This allows the WXA
series appliances to only send the reference indexes (which are smaller in size) over the WAN
instead of the actual data.
Refer to Configuring TCP Acceleration on page 47, for details on how to configure TCP
Acceleration.
Windows File Sharing Acceleration
WAN Acceleration refers to a wide range of technologies that are aimed at accelerating
applications, improving throughput, and reducing latency. Windows File Sharing (WFS)
Acceleration is a subset of WAN Acceleration.
The use of WFS Acceleration within your network reduces the impact of high-latency and lowbandwidth links by approximating streaming behavior through the use of read-ahead and writebehind functionality and differential file transfer to avoid re-transferring parts of files that have
not changed. WFS Acceleration allows branch users to access and share commonly used files
at near-LAN speeds over the WAN. Distributed enterprises that deploy WFS Acceleration
solutions are often able to consolidate storage to corporate central sites, eliminating the need
to back up and manage data that previously resided in their branch sites.
14 | Dell SonicWALL WXA 1.3 User’s Guide
Page 15
Web Cache
The WXA series appliance offers WFS Acceleration for Unsigned SMB and Signed SMB traf fic.
In a network that supports unsigned SMB traffic, the WFS Acceleration service configuration is
greatly simplified. The reason for this is Unsigned SMB traffic does not have a security layer,
so the WXA series appliance can intercept the traffic without joining the domain, eliminating the
need to configure custom zones, configuring reverse lookup, and add file shares. In a network
that supports SMB signing, it is required that the WXA series appliance join the domain, due to
the presence of a security layer in Signed SMB traffic. Although this type of configuration is
more complex than unsigned SMB, it offers a more granular configuration of the WFS
Acceleration service. Supporting SMB signing provides the option to configure WFS
Acceleration in a Basic or Advanced configuration modes.
Refer to Configuring WFS Acceleration on page 97, for details on how to configure WFS
Acceleration.
The Web Cache feature stores copies of Web pages passing through the network that are
frequently and recently requested. So when a user requests one of these Web pages, it is
retrieved from the local web cache instead of the Internet, saving bandwidth and response time.
Minimal, Moderate, and Aggressive caching strategies are available, these determine which
objects are placed into the web cache and how long they stay there.
Refer to Configuring the Web Cache on page 131, for details on configuring the web cache.
New Features in WXA 1.3
The WXA 1.3 release includes the following new features:
• Increased Supported Connections— WXA 1.3 runs as a 64-bit system, offering
significant increases in concurrent connections over a 32-bit system.
• Extended Support for Localization— Firmware support for Brazilian Portuguese,
Simplified Chinese, Japanese, and Korean languages is available.
• Web Cache Improvements— Additional data fields and charts are added to the Web
Cache > Statistics page, allowing the user to filter the page to display data for particular
subnets and certain IP addresses.
• Manual Server Entry for Signed SMB— The option to manually enter a server or share
name is added to the Signed SMB configuration.
Introduction | 15
Page 16
Key Features in WXA 1.3
The WXA 1.3 release includes the following Key features:
• Wan Acceleration— The WAN Acceleration service allows network administrators to
accelerate WAN traffic between a central site and a branch site by using Transmission
Control Protocol (TCP) and Windows File Sharing (WFS).
• TCP Acceleration— The TCP Acceleration service is a process that decreases the amount
of data passing over the WAN by using compression, which accelerates selected traffic
passing between a central site and a branch site.
• WFS Acceleration— WAN Acceleration refers to a wide range of technologies that are
aimed at accelerating applications, improving throughput, and enabling bandwidth
scalability using Windows File Sharing (WFS).
–
Unsigned SMB— In a network that supports unsigned SMB traffic, the WFS
Acceleration service configuration is greatly simplified. The reason for this is unsigned
SMB traffic does not have a security layer, so the WXA series appliance can intercept
the traffic without joining the domain, eliminating the need to configure custom zones,
configuring reverse lookup, and add file shares. Unsigned SMB is enabled by default.
–
Signed SMB— In a network that supports SMB signing, it is required that the WXA
series appliance join the domain, due to the presence of a security layer in signed SMB
traffic. Although this type of configuration is more complex than unsigned SMB, it offers
a more granular configuration of the WFS Acceleration service. The WAN Acceleration
> WFS Acceleration page displays a warning when signed SMB traffic is detected on
the network. If this warning is present, please enable the Support SMB Signing
checkbox, join the WXA appliance to the domain, and access the signed shares through
the WXA appliance’s shares.
• WFS Basic Configuration Mode— The Basic configuration mode is a simplified and user
friendly way to have the Dell SonicWALL WXA series appliance join the domain, add
servers to the configuration, and create the necessary records on the domain. The Basic
mode is available when using Signed SMB and is the preferred mode for configuring WFS
Acceleration.
• Web Cache Management— The Web Cache feature stores copies of Web pages passing
through the network that are frequently and recently requested. When a user requests one
of these Web pages, it is retrieved from the local web cache instead of the Internet, which
can result in significant reductions in downloaded data and bandwidth usage.
–
YouTube Web Caching— The Web Cache feature is capable of caching YouTube
videos (currently only Flash video format is supported). This feature is only available
when using Moderate and Aggressive web caching strategies.
• WXA Setup Wizard (requires the NSA/TZ series appliance to be running SonicOS
5.9)— The WXA Setup Wizard in the SonicOS management interface guides you through
the setup of the WXA series appliance, allowing the user to easily enable TCP Acceleration,
WFS Acceleration (unsigned and signed SMB), and Web Caching. If you choose to use
signed SMB, the WFS Setup Wizard is automatically launched from the initial WXA Setup
Wizard. This wizard enables WFS Acceleration support for signed SMB, and walks the user
through joining the domain and configuring file servers.
• WAN Acceleration Client (requires the NSA/TZ series appliance to be running SonicOS
5.9)— The WAN Acceleration Client (WXAC) gives remote users the benefit of WAN
Acceleration when using SonicWALL NetExtender.
16 | Dell SonicWALL WXA 1.3 User’s Guide
Page 17
Deployment Prerequisites
The pre-requisites for deploying the WAN Acceleration service are as follows:
• A NSA/TZ series appliance is required to deploy the Dell SonicWALL WXA series
appliance.
• Traffic passing through the Dell SonicWALL WXA series appliance requires Internet
Protocol version 4 (IPv4). The WAN Acceleration service is not compatible with IPv6.
Deployment Considerations
Consider the following when deploying the Dell SonicWALL WXA series appliance:
• The WXA series appliance is supported to work with Dell SonicWALL E-class NSA, NSA,
or TZ series appliances running SonicOS 5.8.1.0 or higher firmware. Some WXA features
are not supported unless running SonicOS 5.8.1.11 or higher firmware.
• The WFS Acceleration service and Web Cache feature are not supported when running the
WXA 500 Live CD in Memory mode.
• Typically the WXA series appliances are deployed in a site-to-site VPN configuration
through their respective NSA/TZ series appliances. However, you can also use routing or
L2 Bridge Mode, refer to the SonicOS 5.8.1 Administrators Guide for details.
• If a WXA series appliance is used in a high availability configuration, a switched connection
to both appliances high availability pairs is required.
• The initial configuration of the WXA series appliance should be performed by using the
WXA Setup Wizard, which is available by clicking the Wizards button in the top-right corner
of the NSA/TZ series appliance’s management interface. However, this is currently only
available if running SonicOS 5.9 firmware. If your NSA/TZ series appliance is using 5.8.1.x
or 6.1.x firmware use the procedures in this chapter for the initial configuring of the WXA
series appliance. For more information on the WXA Setup Wizard refer to the SonicOS 5.9
Administrator’s Guide.
• Encrypted traffic is highly randomized and does not materially benefit from the WXA series
appliance’s WAN Acceleration service. Therefore, SSL and TLS traffic types are not
accelerated.
• WFS Acceleration using Signed SMB supports Windows file services using Active
Directory, Kerberos, and NTLM for authentication and authorization.
• WFS Acceleration using Signed SMB supports NTLM clients which provide credentials to
the Dell SonicWALL WXA series appliance and are valid in the domain. The Dell
SonicWALL WXA series appliance obtains the Kerberos credentials through the Domain
Controller. This permits client devices which have not joined the domain to be used by
users, who on behalf of the client, have valid domain credentials.
• Create a DHCP scope on the managing NSA/TZ security appliance before the WXA series
appliance is physically connected.
• If the branch offices have Domain Controllers and DNS Servers, it is recommended that you
use those DNS server addresses and domain DNS name in the DHCP scope. Configure
the Domain Name and Domain DNS server IP addresses in the configured DHCP scope.
The WXA appliance will auto-discover Kerberos, LDAP, and NTP servers based on this type
of information to assist in joining the appliance to the domain.
• Review the LDAP, Kerberos, and NTP services. In a multi-site domain where sites and
services are not explicitly configured, the WXA series appliance might not choose the
closest servers.
Introduction | 17
Page 18
• Dell SonicWALL recommends that the WXA series ap pliance retrieve NTP updates from the
Domain Controller.
• Dell SonicWALL recommends that the DNS server accept secure updates.
• Configure the zone properties of an interface to which the WXA appliance is connected as
a LAN zone. Refer to the following KB articles: for more information
–
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=10781
–
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=10738
Supported Platforms
WAN Acceleration is currently available in the SonicOS Management Interface on the following
appliance models:
• NSA E-Series appliance
• NSA Series appliance
• TZ Series appliance
WXA Series Appliance Management Interface
The Dell SonicWALL WXA series appliance’s Web-based management interface provides an
easy-to-use graphical interface for configuring your Dell SonicWALL WXA series appliance . All
configuration procedures for the Dell SonicWALL WXA series appliance are performed through
the Dell SonicWALL NSA/TZ series appliance’s management interface. The following sections
provide an overview of the key management interface objects:
User Interface
• User Interface on page 18
• Navigating the Management Interface on page 19
• Common Icons in the Management Interface on page 19
• Status Bar on page 19
• Applying Changes on page 20
• Tooltips on page 20
• Getting Help on page 21
T able st atistics and log entries update within the user interface without requiring users to reload
their browsers. This lightweight user interface is designed to have no impact on the Web server ,
CPU utilization, bandwidth or other performance factors. You can leave your browser window
on an updating page indefinitely with no impact to the performance of your Dell SonicWALL
WXA series appliance.
18 | Dell SonicWALL WXA 1.3 User’s Guide
Page 19
Navigating the Management Interface
Navigating the WAN Acceleration management interface includes a hierarchy of menu buttons
on the navigation bar (left side of your browser window). When you click a menu button, related
management functions are displayed as submenu items in the navigation bar.
If the navigation bar continues below the bottom of your browser, an up-and-down arrow
symbol appears in the bottom right corner of the navigation bar. Mouse over the up or down
arrow to scroll the navigation bar up or down.
Common Icons in the Management Interface
The following describe the functions of common icons used in the WAN Acceleration
management interface:
• Clicking on the edit icon displays a window for editing the settings.
• Clicking on the delete icon deletes a table entry
• Moving the pointer over the Tooltip icon displays a description of the component.
Status Bar
The Status bar at the bottom of the management interface window displays the status of actions
executed in the management interface.
Introduction | 19
Page 20
Applying Changes
Clicking the Apply Changes button saves any configuration changes you made on the page.
If the settings are contained in a secondary window within the management interface, when you
click Apply, the settings are automatically applied to the WXA series appliance.
Tooltips
Tooltips are small pop-up windows that are displayed when you hover your mouse over a UI
element. They provide brief information describing the element. T ooltip s are displayed for many
forms, buttons, table headings and entries.
Note Not all UI elements have Tooltips. If a Tooltip does not display after hovering your mouse
over an element for a couple of seconds, you can safely conclude that it does not have an
associated Tooltip.
20 | Dell SonicWALL WXA 1.3 User’s Guide
Page 21
Getting Help
Note Accessing the Dell SonicWALL WXA series appliance online help requires an active Internet
Each Dell SonicWALL WXA series appliance includes Web-based online help available from
the management interface. Clicking the question mark button on the top-right corner of every
page accesses the context-sensitive help for the page.
connection.
Introduction | 21
Page 22
22 | Dell SonicWALL WXA 1.3 User’s Guide
Page 23
Status
| 23
Page 24
24 | Dell SonicWALL WXA 1.3 User’s Guide
Page 25
Viewing Status Information
WAN Acceleration > Status
The Status page displays a Status tab with a dashboard view of the System Information, TCP
Acceleration, WFS Acceleration, and Web Cache of your WXA series appliance. It also displays
a Settings tab that provides top level control of the WAN Acceleration service. To configure the
WXA series appliance, see Configuring the WXA Series Appliance on page 33.
This chapter is an overview of the Status page management interface and includes the
following sections:
• Status Tab on page 26
–
Action Items on page 27
–
WXA System Information Panel on page 27
–
TCP Acceleration Panel on page 28
–
WFS Acceleration Panel on page 29
–
Web Cache Panel on page 30
• Settings Tab on page 31
–
Action Items on page 31
Chapter 3
–
WXA Appliance Configuration Panel on page 31
–
WXAC on page 32
Viewing Status Information | 25
Page 26
Status Tab
Name Description
Action Items Provides the options to Refresh and Probe for the WXA series appliance.
See Action Items on page 27 for details.
WXA System Information
Panel
TCP Acceleration Panel Displays the status of the TCP Acceleration feature.
WFS Acceleration Panel Displays the status of the WFS Acceleration feature.
Web Cache Panel Displays the status of the Web Caching feature.
Displays system details of the WXA series appliance.
See WXA System Information Panel on page 27 for details.
See the TCP Acceleration Panel on page 28 for details.
See the WFS Acceleration Panel on page 29 for details.
See the Web Cache Panel on page 30 for more details.
26 | Dell SonicWALL WXA 1.3 User’s Guide
Page 27
Action Items
Name Description
Probe for WXA Checks for the presence of a WXA series appliance. This is a handshake
Refresh Refreshes the Status page. The refresh interval can be entered in the text
WXA System Information Panel
between the NSA/TZ series appliance and the WXA series appliance, and
confirms they are connected to each other.
field. The interval can be increased to a maximum of 999 seconds.
Click the Refresh symbol to manually update the Status page.
Click the Pause button to stop the auto-refresh of the Status page. To
resume auto-refresh, click the Start button.
Name Description
WAN Acceleration WAN Acceleration must be enabled (on the Settings tab) and a WXA
series appliance detected in order for traffic to be accelerated.
• Enabled—Indicates the WAN Acceleration service is enabled.
• Disabled—Indicates the WAN Acceleration service is disabled.
WXA Operational Status The current status of the WXA series appliance connection.
• Operational—Indicates the WAN Acceleration service is enabled and a
WXA series appliance is discovered and running.
• Unavailable—Indicates that probing did not detect a WXA series appliance. Ensure the connection between the WXA series appliance and the
SonicOS series appliance is properly set up before continuing with further
configuration.
• Resetting—Indicates that either the status of the WAN Acceleration
service or the presence of a WXA series appliance has just changed and
the configuration is being reset accordingly. Refresh the page in a few
moments.
• Unknown—Indicates the presence and status of a WXA series appliance is not known. This may be because the WAN Acceleration service is
disabled in which case probing is turned off. Alternatively it may be that
probing is just starting.
Uptime Displays the amount of time the appliance has been running.
Model Number Displays the WXA series appliance model number.
Serial Number Displays the WXA series appliance serial number.
Viewing Status Information | 27
Page 28
Name Description
Authentication Code Displays the authentication code used to register the WXA series appli-
Firmware Version Displays the firmware version that is currently loaded on the WXA series
TCP Acceleration Panel
ance.
Note:This is also used as the password for a machine account when
automatically provisioning the WXA series appliance.
appliance.
Name Description
TCP Acceleration • Enabled—Indicates that both the WAN Acceleration service and
the specific TCP Acceleration switches are enabled. TCP traffic is
sent to the WXA series appliance in order to be accelerated across
the network.
• Disabled—Indicates the TCP Acceleration service or the general
WAN Acceleration service is disabled.
Service Status on WXA The current status of the TCP Acceleration service.
• Running—Indicates the TCP Acceleration service on the WXA
series appliance is accelerating TCP connections
• Ready—Indicates the TCP Acceleration service on the WXA
series appliance is up and ready to accelerate TCP connections as
soon as the component is enabled.
• Unavailable—Indicates the TCP Acceleration service is either
not running on the connected WXA series appliance or there is an
error.
• Unknown—Indicates the status of the TCP Acceleration service
on the WXA series appliance is not known at the moment.
Total Data Reduction (%) The total percentage of data reduced by the TCP Acceleration ser-
vice.
28 | Dell SonicWALL WXA 1.3 User’s Guide
Page 29
Name Description
WAN Capacity Increase Factor The ratio of the amount of data conveyed, to the amount that is
Connections Displays the following information for TCP Acceleration connec-
WFS Acceleration Panel
actually sent. Use this as a guide for how much extra capacity the
WAN has gained without any increase in bandwidth.
tions:
• Max—The maximum number of TCP connections permitted at
any instant.
• Peak—The peak humber of TCP connections passing through the
WXA series appliance during the period covered by the statistics.
• Current—The current number of TCP connections passing
through the WXA series appliance.
• New - The number of new connections.
• Closed - The number of closed connections.
Name Description
WFS Acceleration • Enabled—Indicates that both the general WAN Acceleration ser-
vice and either of the specified WFS Acceleration (Supporting
Signed and Unsigned SMB) switches are enabled.
• Disabled—Indicates that both the general WAN Acceleration service and either of the specified WFS Acceleration (Supporting
Signed and Unsigned SMB) switches are disabled.
Service Status on WXA Displays current status of the WFS Acceleration service, reflecting
both Unsigned and Signed SMB.
• Running—Indicates the WFS Acceleration service on the WXA
series appliance is accelerating wide area file sharing operations.
• Ready—Indicates the WFS Acceleration service on the WXA
series appliance is up and ready to accelerating wide area file sharing operations as soon as the component is enabled.
Note: There are separate switches to control support for Signed
and Unsigned SMB traffic.
• No Domain—To accelerate Signed SMB traffic, the WXA series
appliance must join the Windows domain. This indicates that support for Signed SMB is enabled but either the WXA series appliance
has not joined the Domain or its status on the domain is unknown.
Note: This status will not display if using “Unsigned SMB” only.
• Unavailable—Indicates the WFS Acceleration service is not running on the connected WXA series appliance or there may be an
error.
• Unknown—Indicates the status of the WFS Acceleration service
on the connected WXA series appliance is not known at the present
time.
Viewing Status Information | 29
Page 30
Name Description
Windows Domain The Windows domain on which the WXA series appliance will
Total Data Reduction (%) The total percentage of data reduced by the WFS Acceleration ser-
WAN Capacity Increase Factor Displays the total amount of WAN capacity increase over the speci-
Cache Size Displays the amount of read-ahead data stored in the cache.
Web Cache Panel
accelerate access to configured shares.
Note: This field is not displayed if using “Unsigned SMB” only.
vice.
fied period of time.
Note: The WFS Cache statistics displayed in this page only represent Signed SMB traffic. If you are using Unsigned SMB, the WFS
Cache statistics do not apply.
Name Description
Web Cache • Enabled—Indicates that WAN Acceleration is enabled and that
web traffic passing through the NSA/TZ series appliance is to be
redirected to the Web Cache on the WXA series appliance.
• Disabled—Indicates that the Web Cache is not enabled and web
traffic passing through the NSA/TZ series appliance is not redirected to the Web Cache on the WXA series appliance.
Service Status on WXA The current operational status of the Web Cache.
• Running—Indicates the Web Cache service is running normally.
• Ready—Indicates the Web Cache service is ready to begin caching as soon as the component is enabled.
• Unavailable—Indicates the Web Cache service is not running on
the WXA series appliance, this may be due to an error.
• Unknown—Indicates that the status of the Web Cache service on
the connected WXA series appliance is not known at the present
moment.
Total Data Reduction (%) Displays the difference between the data conveyed and the data
sent, represented as a percentage.
WAN Capacity Increase Factor Indicates the total amount of WAN capacity increase over the speci-
fied period of time.
Cache Size Displays the current size of the cache used by the Web Cache.
Cache Free Space Displays the amount of disk space available to the Web Cache.
Number of Cached Objects Displays the number of objects currently stored in the Web Cache.
30 | Dell SonicWALL WXA 1.3 User’s Guide
Page 31
Settings Tab
Name Description
Action Items Provides the options to apply changes, probe for the presence of
the WXA series appliance, and create a static DHCP lease for the
WXA series appliance.
WXA Appliance Configuration Panel Enables and configures the WXA series appliance.
WXAC Panel Enables support for the NetExtender WAN Acceleration Client. See
WXAC on page 32 for details.
Note:This panel only displays if the NSA/TZ series appliance is
running SonicOS 5.9.
Action Items
Name Description
Apply Changes Applies the latest configuration changes.
Probe for WXA Checks for the presence of a WXA series appliance. This is a hand-
Create Static DHCP Lease for WXA Creates a static lease for the WXA series appliance.
WXA Appliance Configuration Panel
Name Description
Enable WAN Acceleration Checkbox Enables or disables the WAN Acceleration feature.
WXA Interface Drop-Down Selects the NSA/TZ series appliance interface that the WXA series
WXA IP Address Displays the IP address of the WXA series appliance.
shake between the NSA/TZ series appliance and the WXA series
appliance, and confirms they are connected to each other.
appliance is connected to.
Note: this field is read-only.
Viewing Status Information | 31
Page 32
WXAC
The NetExtender WAN Acceleration Client (WXAC) securely accelerates WAN traffic between
a remote PC and a central or branch office using SonicWALL NetExtender.The WXAC panel
will not display unless the NSA/TZ series appliance is running SonicOS 5.9 firmware.
Name Description
Enable NetExtender WAN Acceleration
Client (WXAC) Checkbox
Active Licenses Currently in Use Displays the number of active WXAC licenses that are currently
NetExtender WAN Acceleration Client
(WXAC) is not licensed
Enables support for NetExtender WXAC.
Note:WAN Acceleration must be enabled on NetExtender and a
WXAC licence must be purchased before you enable
WXAC on this page.
in use.
If the NSA/TZ series appliance detects that the WXAC licence is
not activated, the following displays:
To License the WXAC, navigate to the System >
Licenses page in the SonicOS management interface:
32 | Dell SonicWALL WXA 1.3 User’s Guide
Page 33
Configuring the WXA Series Appliance
Configuring Network Interfaces
The initial configuration of the WXA series appliance should be performed by using the WXA
Setup Wizard, which is available by clicking the Wizards button in the top-right corner of the
NSA/TZ series appliance’s management interface. However, this is currently only available if
running SonicOS 5.9 firmware. If your NSA/TZ series appliance is using 5.8.1.x or 6.1.x
firmware use the procedures in this chapter for the initial configuring of the WXA series
appliance. For more information on the WXA Setup Wizard refer to the SonicOS 5.9
Administrator’s Guide.
The initial setup includes configuring network interfaces for the WXA series appliance, enabling
the WAN Acceleration service, and creating a st atic DHCP lease for the WXA series appliance.
All configuration procedures are performed on the NSA/TZ series appliance’s management
interface.
For licensing information, refer to the WXA 500 Live CD Getting Started Guide or WXA 5000
Virtual Appliance Getting Started Guide.
After completing the initial configuration steps in this chapter, refer to Configuring TCP
Acceleration on page 47 and Configuring WFS Acceleration on page 97 to configure the TCP
and WFS Acceleration services.
Chapter 4
Note This configuration example uses the X5 interface, but you can use any spare interface on
the NSA/TZ security appliance.
Configuring the WXA Series Appliance | 33
Page 34
To configure your NSA/TZ security appliance to be used with the WXA series appliance,
perform the following steps:
Step 1 Open a Web browser.
Step 2 Access the SonicOS Management interface.
Step 3 Navigate to the Network > Interfaces page.
Step 4 Click the Edit button in the row for the interface you want the WXA series appliance to
connected to.
The Interface Settings > General tab is displayed.
Step 5 Enter and do the following:
• Zone: Drop-down — LAN
• Mode/IP Assignment: Drop-down — Static IP Mode
• IP Address: Text Field — Enter the IP Address for the port. This example uses
10.203.30.162.
• Subnet Mask: Text Field — Enter the subnet mask for the port. This should be a subnet
not already used on the network, and private to the WXA series appliance.
34 | Dell SonicWALL WXA 1.3 User’s Guide
Page 35
• (Optional) Comment: Text Field — Enter text that describes the device.
For example, WXA connection.
• (Optional) Management: checkboxes — Select the management methods.
• Click OK.
Step 6 Navigate to the Network > DHCP Server page.
Step 7 Under the DCHP Server Lease Scopes, click Add Dynamic.
The Dynamic Range Configuration window is displayed.
Step 8 Do the following:
a. Select the Enable this DHCP Scope checkbox.
b. Select the Interface Pre-Populate checkbox and then select port X5 in the Interface Pre-
Populate drop-down.
The information will be auto populated.
c. Click the OK button.
Note Configuring DNS is only required if you plan to use WFS Acceleration for Signed SMB. This
example assumes that the correct DNS server has already been entered in the Network >
DNS page. You can overwrite the DNS specified in the Network > DNS Server page. Click
the Edit button for the lease you want to change, and then click the DNS/WINS tab. Enter
the DNS IP Addresses in the text fields provided. You should also populate the Domain textfield, this speeds up the WFS Acceleration configuration and auto-detection of the server in
the case that reverse DNS is not configured.
Step 9 Connect an Ethernet cable from the WXA series appliance to the X5 port on the NSA/TZ
security appliance.
Configuring the WXA Series Appliance | 35
Page 36
Step 10 Navigate to the WAN Acceleration > Status page.
Step 11 Click the Settings tab.
Step 12 In the WXA Appliance Configuration panel, click the WXA Interface drop-down list and select
the X5 interface.
Step 13 Select the Enable WAN Acceleration checkbox.
Step 14 Click the Apply Changes button.
Step 15 Confirm that the NSA/TZ series appliance has a DCHP lease for the WXA series appliance.
Navigate to the Network > DHCP Server page.
36 | Dell SonicWALL WXA 1.3 User’s Guide
Page 37
Step 16 Navigate to the WAN Acceleration > Status page.
Step 17 Click the Settings tab.
Step 18 Click Create static DHCP lease for WXA.
A DHCP lease will be set for the WXA series appliance.
Step 19 Verify that the lease was created. Navigate to the Network > DHCP Server page.
A dynamic range is set for the WXA appliance.
Configuring the WXA Series Appliance | 37
Page 38
38 | Dell SonicWALL WXA 1.3 User’s Guide
Page 39
TCP Acceleration
| 39
Page 40
40 | Dell SonicWALL WXA 1.3 User’s Guide
Page 41
Viewing the TCP Acceleration Page
WAN Acceleration > TCP Acceleration
The WAN Acceleration > TCP Acceleration page provides options to configure and monitor the
TCP Acceleration service. This chapter details the management interface functions of the
Configuration, Statistics, Statistics breakdown, and Connections tabs.
Chapter 5
Name Description
Configuration Tab Enable the TCP Acceleration service and selects the mode, service object, and
exclude objects. The WAN Acceleration feature must be enabled before you can
enable or configure the TCP Acceleration service. Enable WAN Acceleration in
the WAN Acceleration > Status page. See Configuration Tab on page 42 for
details.
Statistics Tab Displays egress and ingress data for the TCP Acceleration service. See
Statistics Tab on page 43 for details.
Statistics Breakdown Graphs TCP Acceleration data by port, IP address and data reduction. See for
Statistics Breakdown Tab on page 44 details.
Connections Tab Displays a detailed list of the TCP Acceleration connection results, such as start
and end time stamps, source IP address and port, and destination IP address
and port. Use these results to monitor the performance of your TCP Acceleration
service. See Connections Tab on page 45 for details.
Viewing the TCP Acceleration Page | 41
Page 42
Configuration Tab
Name Description
Apply Changes Button Saves the changes to the configuration.
Bypassed Button Displays a pop-up window with a list of connections that have
either been excluded from the acceleration process or failed. This
button is greyed out if these condi ti o ns are not present.
Enable TCP Acceleration Enables or disables the TCP Acceleration service. This is selected
by default.
TCP Acceleration Mode Selects how the serv ice object is used. Either as services to be
accelerated or as services to be excluded from acceleration.
TCP Acceleration Service Object Selects service objects for the TCP Acceleration service. To add
new service objects to the drop-down list, navigate to Network >
Address Objects and create new service objects.
Note:The option for choosing a TCP Acceleration service object is
greyed out if the TCP Acceleration mode does not support it.
Address object always excluded from
TCP Acceleration
Selects address objects to always exclude from the TCP Acceleration service. To add an address object to the drop-down list, navigate to Network > Address Objects and create new address
objects.
42 | Dell SonicWALL WXA 1.3 User’s Guide
Page 43
Statistics Tab
Name Description
Covering Period Click the Covering Period drop-down list and select the period of time the data dis-
plays on the Statistics tab.
Chart Selects the graph style used to display the TCP Acceleration data.
Refresh Actions Refreshes the data displayed in the WAN Acceleration > Statistics tab. The
refresh interval can be entered in the text field. The interval can be increased to a
maximum of 999 seconds.
Click the Refresh symbol to manually update the Statistics tab.
Click the Pause button to stop updates on the page.
Data and Graphs Displays read-only data for the following:
• Total Data Reduction percentage
• WAN capacity increase factor
• New Connections
• Closed Connections
• Peak Connections
• Egress/Ingress data illustrated with bar graphs (corresponding to the site you are
viewing from)
Viewing the TCP Acceleration Page | 43
Page 44
Statistics Breakdown Tab
Name Description
Display Drop-Down
Menu
Show Top Drop-Down
Menu
Determined By DropDown Menu
Configure Button Click the Configure button to access the advanced configuration options:
Selects one of the following options:
• Dest. Port - Displays the volume of data (or “Detemined By” value) compared to the destination port numbers of the accelerated connections.
• Dest. Address - Displays the volume of data compared to the destination IP
address of the accelerated TCP connections.
• Src. Address - Displays the volume of data compared to the source IP
address of the accelerated TCP connections.
• Address on WAN - Displays the volume of data compared to the destination
address on the WAN of the acc ele ra te d TC P c onn ect i on s.
• Address on LAN - Displays the volume of data compared to the destination
address on the LAN of the accelerated TCP connections.
Note: Connections can be initiated by a machine on the LAN or WAN.
Selects how many ports or IP addresses display in the graph.
Selects the criteria that displays in the graph.
44 | Dell SonicWALL WXA 1.3 User’s Guide
Page 45
Name Description
Plot Graph Displays a graphical representation of the selected criteria.
Refresh Button Refreshes the graph with the most recent TCP Acceleration data.
Data and Graphs Displays read-only data for the Remote Node, Direction, Threshold, Total Con-
Connections Tab
nections, and Covering Period. This data is also displayed in the graph.
Action Items
Name Description
Remote Node Filters the table of connections based on the remote node (the WXA series appli-
ance at the far end of the connection).
# Entries Selects the number of entries to display in the Connections table.
Incl. Non-Intercepted Enables or disables the inclusion of non-intercepted traffic to display in the Con-
nections table. The definition of “Non-intercepted” is traffic that is diverted from the
NSA/TZ series appliance to the WXA series appliance, but is not accelerated.
Refresh Actions Refreshes the WAN Acceleration > Connections tab. The refresh interval can
be entered in the text field. The interval can be increased to a maximum of 999
seconds.
Click the Refresh symbol to manually update the Connections tab.
Click the Pause button to stop updates on the page.
Viewing the TCP Acceleration Page | 45
Page 46
Column/Field Headings
Name Description
Start Time Indicates the starting time of a connection.
End Time Indicates the ending time of a connection.
Initiator Displays which end of the network initiated the connection. LAN for connections
started locally, and WAN for connections started from a remote site.
Remote Node Displays the WXA series appliance at the far end of the connection.
Src IP Displays the IP address where the connection started.
Src Port Displays the port number that the connection request was sent from.
Dest IP Displays the destination IP address.
Dest Port Displays the destination port number.
Egress Displays a bar graph that represents outgoing traffic on the network. The blue
colored bar is sent traffic and the grey bar is conveyed traffic.
Ingress Displays a bar graph that represents incoming traffic on the network. The blue
colored bar is sent traffic and the grey bar is conveyed traffic
Filter by Filter the results by entering text into the appropriate input box. A combination of
fields can be filtered.
46 | Dell SonicWALL WXA 1.3 User’s Guide
Page 47
Configuring TCP Acceleration
WAN Acceleration > TCP Acceleration
The initial configuration of TCP Acceleration should be performed by using the WXA Setup
Wizard, which is available by clicking the Wizards button in the top-right corner of the NSA/TZ
series appliance’s management interface. However, this is currently only available if running
SonicOS 5.9 firmware. If your NSA/TZ series appliance is using 5.8.1.x or 6.1.x firmware use
the procedures in this chapter for configuring TCP acceleratoin.The TCP Acceleration service
can be deployed in three different deployment scenarios including: site-to-site VPN, routed
mode, and layer 2 bridge mode. This chapter explains how to permit and configure these
deployment scenarios in the following subsections:
• Configuring TCP Acceleration on a Site-to-Site VPN, page 47
• Configuring TCP Acceleration on a Non-VPN (Routed Mode), page 49
• Configuring the TCP Acceleration > Configuration Tab, page 56
• Verifying the TCP Acceleration Configuration on page 59
Chapter 6
Configuring TCP Acceleration on a Site-to-Site VPN
Once your WXA series appliance is configured to permit TCP Acceleration, see Configuring the
TCP Acceleration > Configuration Tab, page 56 to finish configuring the TCP Acceleration
service.
To permit the TCP Acceleration service for use in a site-to-site Virtual Private Network (VPN),
follow the steps listed below:
Step 1 Navigate to the VPN > Settings page.
Step 2 Click the Configure button for the VPN policy you wish to use.
Configuring TCP Acceleration | 47
Page 48
The Configure VPN Policy pop-up window displays.
Step 3 Select the Advanced tab.
Step 4 Select the checkbox for Permit Acceleration.
Step 5 Click the OK button.
48 | Dell SonicWALL WXA 1.3 User’s Guide
Page 49
Configuring TCP Acceleration on a Non-VPN (Routed Mode)
Internet
PC
Branch Site
Central Site
WXA series
appliance
NSA/TZ series
appliance
NSA/TZ series
appliance
WXA series
appliance
Web
Server
Switch
192.168.10.0
10.12.10.0
Router
Switch
192.168.20.0
10.26.55.0
Router
If you do not have a VPN configured on your network and you are using a custom routing policy ,
you need to add two routing policies on each site: One for outgoing traffic, and one for incoming
traffic. Both routing policies are configured to permit acceleration.
Note Once both routing policies have been created and configured to permit TCP Acceleration,
see Configuring the TCP Acceleration > Configuration Tab, page 56 to finish configuring the
TCP Acceleration service.
The illustration below displays the configuration between two non-VPN sites. Refer to this
Illustration as an example for the steps in the following sections:
• Configure Routing Policies for Outgoing Traffic on page 50
• Configure Routing Policies for Incoming Traffic on page 53
Configuring TCP Acceleration | 49
Page 50
Configure Routing Policies for Outgoing Traffic
On the central site, configure a routing policy for outgoing traffic to the branch site. On the
branch site, configure a routing policy for outgoing traffic to the central site.
The steps in this section are an example of configuring a routing policy on the branch site, for
traffic going to the central site (outgoing):
Step 1 Navigate to the Network > Address Objects page.
Step 2 Click the Add button.
The Add Address Object Group pop-up window displays.
Step 3 Enter a name (Central Site) for the address object in the Name text field.
Step 4 Click the Zone Assignment drop-down, select WAN.
Step 5 Click the Type drop-down, select Network.
Step 6 Enter the LAN IP address of the Central Site (192.168.10.0) in the Network text field.
Step 7 Enter the netmask IP address (255.255.255.0) in the Netmask text field.
Step 8 Click the Add button.
50 | Dell SonicWALL WXA 1.3 User’s Guide
Page 51
Step 9 Navigate to the Network > Routing page.
Step 10 Click the Add button.
Configuring TCP Acceleration | 51
Page 52
The Route Policy Settings pop-up window displays.
Step 11 Click the Source drop-down, select Any.
Step 12 Click the Destination drop-down, select the address object you created (Central Site.)
Step 13 Click the Service drop-down, select Any.
Step 14 Click the Gateway drop-down, select the X1 Default Gateway.
Step 15 Click the Interface drop-down, select the X1 interface.
Step 16 Enter 1 in the Metric text field.
This gives the route policy a high priority level. A larger metric number would have a lower
priority.
Step 17 Select the Permit Acceleration checkbox.
Step 18 Click the OK button.
52 | Dell SonicWALL WXA 1.3 User’s Guide
Page 53
Configure Routing Policies for Incoming Traffic
On the central site, configure a routing policy for incoming traffic from the branch site. On the
branch site, configure a routing policy for incoming traffic from the central site.
The steps in this section are an example of configuring a routing policy on the branch site, for
traffic coming from the central site (incoming):
Step 1 Navigate to the Network > Address Objects page.
Step 2 Click the Add button.
The Add Address Object Group pop-up window displays.
Step 3 Enter a name (Branch Site) for the address object in the Name text field.
Step 4 Click the Zone Assignment drop-down, select LAN.
Step 5 Click the Type drop-down, select Network.
Step 6 Enter the LAN IP address of the Branch Site (192.168.20.0) in the Network text field.
Step 7 Enter the netmask IP address (255.255.255.0) in the Netmask text field.
Step 8 Click the Add button.
Configuring TCP Acceleration | 53
Page 54
Step 9 Navigate to the Network > Routing page.
Step 10 Click the Add button.
54 | Dell SonicWALL WXA 1.3 User’s Guide
Page 55
The Route Policy Settings pop-up window displays.
Step 11 Click the Source drop-down, select Central Site.
Step 12 Click the Destination drop-down, select the address object you created (Branch Site.)
Step 13 Click the Service drop-down, select Any.
Step 14 Click the Gateway drop-down, select (0.0.0.0).
Step 15 Click the Interface drop-down, select the X0 interface.
Step 16 Enter 1 in the Metric text field.
This gives the route policy a high priority level. A larger metric number would have a lower
priority.
Step 17 Select the Permit Acceleration checkbox.
Step 18 Click the OK button.
Configuring TCP Acceleration | 55
Page 56
Configuring the TCP Acceleration > Configuration Tab
The Configuration tab gives you the option to select the mode, service object, and address
object or group that are included or excluded from the TCP Acceleration service.
To view a list, create, and edit service objects, navigate to the Network > Address Objects
page in the NSA/TZ series appliance management interface.
Below is three different examples of TCP Acceleration configurations:
Example 1
To configure acceleration of all the service objects, except those excluded by default. Follow
the steps below:
Step 1 Navigate to WAN Acceleration > TCP Acceleration.
Step 2 Select the Configuration tab.
Step 3 Select the Enable TCP Acceleration checkbox.
Step 4 Click the TCP Acceleration Mode drop-down, then select All TCP services except those
excluded by default.
By Default, the following ports are excluded from TCP Acceleration:
7, 22, 23, 37, 44, 49, 88, 107, 135, 136, 137, 138, 139, 179, 261, 443, 445, 448, 465, 513, 563,
585, 614, 636, 684, 695, 989, 990, 992, 993, 994, 995, 1494, 1701, 1718, 1719, 1720, 1723,
2000, 2001, 2002, 2003, 2252, 2427, 2478, 2479, 2482, 2484, 2492, 2598, 2679, 2727, 2762,
2998, 3077, 3078, 3183, 3191, 3220, 3269, 3389, 3410, 3424, 3471, 3496, 3509, 3529, 3539,
3660, 3661, 3713, 3747, 3864, 3885, 3896, 3897, 3995, 4031, 5007, 5060, 5061, 5631, 5900,
5901, 5902, 5903, 6000, 7674, 8443, 9802, 11751, 12109.
The option to choose a TCP Acceleration Service Object is read-only in this mode
Step 5 Click the Address Object always excluded from TCP Acceleration drop-down, then select
None.
Step 6 Click the Apply Changes button.
56 | Dell SonicWALL WXA 1.3 User’s Guide
Page 57
Example 2
Step 1 Navigate to WAN Acceleration > TCP Acceleration.
Step 2 Select the Configuration tab.
Step 3 Click the Enable TCP Acceleration checkbox.
Step 4 Click the TCP Acceleration Mode drop-down, then select Only TCP Services Specified in
Step 5 Click the TCP Acceleration Service Object drop-down, the select HTTP.
Step 6 Click the Address Object always excluded from TCP Acceleration drop-down, then select
To configure acceleration of only the HTTP web traffic, follow the steps below:
the Service Object.
None.
Step 7 Click the Apply Changes button.
Configuring TCP Acceleration | 57
Page 58
Example 3
Step 1 Navigate to WAN Acceleration > TCP Acceleration.
Step 2 Select the Configuration tab.
To configure acceleration of everything except Microsoft SQL database traffic or traffic to the
Guest Authentication Servers, follow the steps below:
Figure 1 Configuring TCP Acceleration Example 3
Step 3 Select the Enable TCP Acceleration checkbox.
Step 4 Click the TCP Acceleration Mode drop-down, then select All TCP services except those
specified in the Service Object and those excluded by default.
Step 5 Click the TCP Acceleration Service Object, then select Microsoft Structured Query
Language (MS SQL).
Step 6 Click the Address Object always excluded from TCP Acceleration drop-down, then select
Guest Authentication Servers.
Step 7 Click the Apply Changes button.
58 | Dell SonicWALL WXA 1.3 User’s Guide
Page 59
Verifying the TCP Acceleration Configuration
After you complete the TCP Acceleration configuration procedures, verify TCP Acceleration is
working by checking the TCP Acceleration > Statistics Tab.
Step 1 Navigate to the TCP Acceleration > Statistics Tab.
Step 2 View the statistics data and graphs to verify TCP Acceleration.
This indicates if the WXA series appliance is using TCP Acceleration for data transfer.
If the Statistics tab data and graphs do not display any information, TCP traffic is not being
accelerated. The TCP Acceleration feature is not configured correctly or is disabled.
Refer to the Configuring the TCP Acceleration > Configuration Tab on page 56 and check the
TCP Acceleration configuration.
Configuring TCP Acceleration | 59
Page 60
60 | Dell SonicWALL WXA 1.3 User’s Guide
Page 61
WFS Acceleration
| 61
Page 62
62 | Dell SonicWALL WXA 1.3 User’s Guide
Page 63
Viewing the WFS Acceleration Page
WAN Acceleration > WFS Acceleration
This chapter describes the management interface features and options that are available on
the WAN Acceleration > WFS Acceleration p age and is split up in two sections, Unsigned SMB
and Signed SMB. Some of the tabs and options on this page might be hidden depending on
which type of SMB signing and configuration mode is selected, see below for details.
In a network that supports unsigned SMB traffic, the WFS Acceleration service configuration is
greatly simplified. The reason for this is Unsigned SMB traffic does not have a security layer,
so the WXA series appliance can intercept the traffic without joining the domain, eliminating the
need to configure custom zones, configuring reverse lookup, and add file shares. In a network
that supports SMB signing, it is required that the WXA series appliance join the domain, due to
the presence of a security layer in Signed SMB traffic. Although this type of configuration is
more complex than unsigned SMB, it offers a more granular configuration of the WFS
Acceleration service. Supporting SMB signing provides the option to configure WFS
Acceleration in a Basic or Advanced configuration modes.
When using Unsigned SMB, only the Configuration and Statistics tabs are present.
Chapter 7
Viewing the WFS Acceleration Page | 63
Page 64
When using SMB Signing, additional tabs display depending on which configuration mode is
selected (Basic or Advanced), which is explained below:
The Basic configuration mode displays the Configuration, Statistics, Signed SMB Setup, and
Tools tabs.
The Advanced configuration mode displays the Configuration, Statistics, Domain Details,
Shares, and Tools tabs.
For detailed views and descriptions of the WFS Acceleration management interface, refer to
the sections below.
• WFS Acceleration Page Using Unsigned SMB on page 65
• WFS Acceleration Page Using Signed SMB on page 67
64 | Dell SonicWALL WXA 1.3 User’s Guide
Page 65
WFS Acceleration Page Using Unsigned SMB
Clicking the Unsigned SMB checkbox displays the Configuration and Statistics tabs, this
section details the options for those tabs.
Configuration Tab
The Configuration tab using Unsigned SMB gives you the options to enable the WFS
Acceleration service and configure Server Message Block (SMB) signing settings.
Name Description
Apply Changes Button Applies the latest configuration settings.
Bypassed Displays a pop-up window with a list of connections that have either been
excluded from the acceleration process or failed.
Enable WFS Acceleration
Checkbox
Unsigned SMB Checkbox Enables transparent WFS Acceleration on networks that do not use SMB
Support SMB Signing Checkbox
Enables the WFS Acceleration service on the WXA series appliance. This
checkbox is enabled when the Unsigned SMB checkbox is enabled.
signing. This checkbox is enabled by default.
Enables support for SMB signing. This requires the WXA series appliance
to be joined to the domain. This checkbox is disabled by default. For more
information, refer to the WFS Acceleration Page Using Signed SMB on
page 67.
Note:If this checkbox is disabled, the WXA series appliance panel is
hidden.
Viewing the WFS Acceleration Page | 65
Page 66
Statistics Tab
The Statistics tab displays performance statistics for the WFS Acceleration service.
Note The WFS Cache statistics displayed in this page only represent Signed SMB traffic. If you
are using Unsigned SMB, the WFS Cache statistics do not apply.
Name Description
Covering Period Drop-down Click the Covering Period drop-down list and select the period of time the data displays
on the Statistics tab.
Chart Drop-down Selects the graph style used to display the WFS Acceleration data.
Refresh Actions Refreshes the current page. The refresh interval can be entered in the text field. The max-
imum time interval that can be set is 999 seconds.
Click the Refresh symbol to manually update the page.
Click the Pause symbol to stop updates on the page.
Overview Table
Egress Charts
Ingress Charts
Displays read-only data for the following:
• Total Data Reduction percentage
• WAN capacity increase factor
• Cache Size
• Cache Free Space
Displays the egress (out going) sent and conveyed traffic in Bytes.
Displays the ingress (incoming) sent and conveyed traffic in Bytes.
66 | Dell SonicWALL WXA 1.3 User’s Guide
Page 67
WFS Acceleration Page Using Signed SMB
Clicking the Support SMB Signing checkbox displays the Basic (recommended) and
Advanced configuration mode radio buttons. These signed SMB configuration modes give you
the option to perform a simplified or more detailed WFS Acceleration configuration. The Basic
configuration mode displays a Signed SMB Setup tab, while the Advanced configuration mode
displays the Domain Details and Shares tabs in place of the Signed SMB Setup tab. All the
other tabs (Configuration, Statistics, and Tools) appear the same in both Basic and Advanced
configuration modes.
For detailed views and descriptions of the Basic and Advanced configuration mode
management interface, refer to the following sections:
• Basic Configuration Mode on page 67
• Advanced Configuration Mode on page 81
Basic Configuration Mode
Basic mode is the preferred way to configure WFS Acceleration due to its simplistic naming
convention and ease of use. However, you can select the Advanced radio button at any time,
directing you to the Domain Details Tab, page 82 if you wish to configure individual shares.
Note In Basic mode, a naming convention is used to circumvent some of the settings required in
Advanced mode. Therefore, servers configured in Advanced mode may not appear in the
Basic mode server lists, but will still be part of the configuration.
Name Description
Configuration Tab Enables WFS Acceleration and allows user to choose the IP address to associate
with the service. See Configuration Tab on page 68 for details.
Statistics Tab Displays performance statistics for the WFS Acceleration service. See Statistics
Tab on page 70 for details.
Viewing the WFS Acceleration Page | 67
Page 68
Configuration Tab
Name Description
Signed SMB Setup Tab Configures th e WXA series appliance to match the details of the domain it is join-
ing. This tab offers a simplified domain and file server configuration, making it a
quick and easy way to configure WFS Acceleration. See Signed SMB Setup Tab
on page 71 for details.
Tools Tab Provides diagnostic tools for the WFS Acceleration service. See Tools Tab on
page 77 for details.
The Configuration tab allows you to enable the WFS Acceleration service, configure (SMB)
signing settings, select an IP address object for the WXA series appliance, and view info for the
WXA series appliance hostname (which can be configured, if the WXA series appliance is
unjoined), authentication code, and joined domain. The WXA series appliance panel and
Unsigned SMB checkbox may not display if the SonicOS firmware version is mismatched.
Figure 2 WFS Acceleration > Configuration
Name Description
Apply Changes Button Applies the latest configuration settings.
Enable WFS Acceleration
Checkbox
Unsigned SMB Checkbox Enables transparent WFS Acceleration on networks that do not use SMB
Support SMB Signing Checkbox
WFS Acceleration Address
Drop-down Menu
68 | Dell SonicWALL WXA 1.3 User’s Guide
Enables the WFS Acceleration service on the WXA series appliance. Enabled when Support SMB Signing checkbox is enabled.
signing. Enabled by default. for more information refer to the WFS Accel-
eration Page Using Unsigned SMB on page 65.
Enables support for SMB signing. This requires the WXA series appliance
to be joined to the domain. This checkbox is enabled by default.
Note:If this checkbox is disabled, the WXA series appliance panel is
hidden.
Sets the address object that represents the IP address that the WXA series
appliance will use when connecting to servers and clients.
Page 69
Name Description
Hostname Displays the hostname of the WXA series appliance.
Note:The address for the WXA series appliance normally remains private
because it is behind the managing NSA/TZ series appliance’s IP
address which is already used for routing across the network.
Authentication Code Displays the authentication code for the WXA series appliance.
Note:The authentication code is only needed when configuring a WXA
series appliance to auto-join itself to the domain.
Joined Domain Displays the domain that the WXA series appliance joined.
Note You can verify the WFS Acceleration status on the WAN Acceleration > Status page.
Viewing the WFS Acceleration Page | 69
Page 70
Statistics Tab
The Statistics tab displays performance statistics for the WFS Acceleration service.
Note The WFS Cache statistics displayed in this page only represent Signed SMB traffic. If you
are using Unsigned SMB, the WFS Cache statistics do not apply.
Name Description
Covering Period Drop-down Click the Covering Period drop-down list and select the period of time the data displays
on the Statistics tab.
Chart Drop-down Selects the graph style used to display the WFS Acceleration data.
Flush Cache Button Clears the WFS Acceleration cache on the WXA series appliance.
Refresh Actions Refreshes the current page. The refresh interval can be entered in the text field. The max-
imum time interval that can be set is 999 seconds.
Click the Refresh symbol to manually update the page.
Click the Pause symbol to stop updates on the page.
Overview Table Displays read-only data for the following:
• Egress/Ingress Total Data Reduction percentage
• Egress/Ingress WAN capacity increase factor
• Egress Cache Size
• Egress Cache Free Space
Egress Charts Displays the egress (out going) sent and conveyed traffic in Bytes.
Ingress Charts Displays the ingress (incoming) sent and conveyed traffic in Bytes.
70 | Dell SonicWALL WXA 1.3 User’s Guide
Page 71
Signed SMB Setup Tab
The Signed SMB Setup tab offers a simplified and user friendly way to have the WXA series
appliance join the domain, add servers to the configuration, and to create the necessary
records on the domain.
Note There is a WFS Setup Wizard available for deployments running SonicOS 5.9 firmware. This
is the preferred way to configure Signed SMB. You can access the wizard by clicking the
Wizards link in the top-right corner of the managing NSA/TZ series appliance’s user
interface. Click the WXA setup Wizard, then select the WFS Setup Wizard. For more
information, refer to the “Wizards” section of the SonicOS 5.9 Administrator’s Guide.
The WXA series appliance should automatically discover the domain details if:
1. The DNS server can reverse resolve its own address into a hostname within the domain.
2. The domain is specified using DHCP and the DNS server resolves that to the address of a
If the WXA series appliance has not joined the domain, the Signed SMB Setup tab displays a
Join Domain button and a note that the WXA series appliance has not yet joined the domain.
Domain Controller.
Specifying the domain using DHCP is not directly considered auto-detecting and it is not a
requirement for the DNS server to be a Domain Controller, although it is most common.
However it is required for the DNS server to be a domain DNS server, problems can occur
if any non-domain DNS server is used. Also, some types of independent DNS caches and
servers might cause issues.
Figure 3 WFS Acceleration > Signed SMB Setup (Domain Not Joined)
Name Description
Join Domain button Joins the WXA series appliance to the domain. Your Administrator's
credentials must be entered to join the domain.
Domain: (read-only) Displays the domain your WXA series appliance is joined to.
Hostname: Displays the default or created hostname for your WXA series appli-
ance.
Configure button Configures the WXA series appliance hostname. You can create your
own hostname or leave the text field blank to use the default.
Delete button Deletes the configuration for the WXA series appliance hostname and
the domain it is configured to. If the WXA series appliance has not
joined the domain, a Delete button displays for the Hostname and can
be reverted back to the default hostname.
Viewing the WFS Acceleration Page | 71
Page 72
The Configure Hostname pop-up window displays after clicking the Configure button in the
Hostname field:
Name Description
Hostname (text field) Enter a hostname for your WXA series appliance. A default hostname is
chosen for you, leave the text field blank to use it.
Note:If you are configuring a WXA 5000 Virtual Appliance or WXA 500 Live
CD, a default hostname is not provided, you must enter one.
Apply button Applies the created or default hostname to the WXA series appliance.
Cancel button Cancels any entered information and closes the Configure Hostname pop-
up window.
Figure 4 Join Domain Pop-up Window
Name Description
Join Domain button Joins the WXA series appliance to the domain.
Cancel button Cancels any information entered and closes the Join Domain pop-up win-
72 | Dell SonicWALL WXA 1.3 User’s Guide
Note:The join domain process adds the relevant domain records for the
WXA series appliance, which requires administrator’s credentials.
dow.
Page 73
Figure 5 Join Domain Results
Name Description
Summary of Results (Read-only) Displays a summary of results after the WXA series appliance
joins the domain.
Details (Read-only) Details the steps performed in the domain joining procedure. A
green circle indicates a pass, and a red circle indicates a failure.
If the WXA series appliance is joined to the domain, the Add Server and Update Domain
Records buttons display , along with the domain details and configured servers panels. Click the
Local radio button to configure servers on the local site and the Remote radio button to
configure servers on a site that is remote from the location of the local site.
Note The central site's administrator should configure their local servers first before the branch
site administrator configures their remote servers. For example, if you are at the central site,
you would configure the local File Servers so that they can be accessed from the branch
sites.
Viewing the WFS Acceleration Page | 73
Page 74
The configured servers information changes when toggling between the Local and Remote
radio buttons, as seen in the two figures below:
Figure 6 Signed SMB Setup for the remote site
Figure 7 Signed SMB Setup for the local site
Name Description
Add Server button Configures the WXA security appliance to share files on a remote
Update Domain Records button Updates any missing SPN aliases to the Domain Controller, config-
File Servers to Show: Local radio button
File Servers to Show: Remote radio
button
Domain: (text field) Displays the name of the domain that the WXA series appliance is
74 | Dell SonicWALL WXA 1.3 User’s Guide
server. See on page 75 and on page 76 for details.
ured remote servers to the Specific Trusted Host List on the computer account, and any missing DNS records. It also removes
unwanted or outdated records. This button should be used when
deleting servers, as well as adding them. As seen in on page 77,
when this button is clicked, you will be prompted to enter your
Administrator’s credentials.
Changes the management interface to configure local file servers.
Changes the management interface to configure remote file servers.
joined to.
Page 75
Name Description
Hostname: (text field) Displays the default or created hostname for the WXA series appli-
ance.
File Server Displays the file server(s) configured to the WXA series appliance.
Via Next Hop WXA Displays the auto-generated name of the WXA series appliance on
the local site that is configured the local file server.
Local WXA Name Displays the name of the local WXA series appliance.
Domain Records Displays a green circle if the domain records are configured cor-
rectly and a red circle if they are not. Click the Update Domain
Records button to add any missing records and remove stale
records.
Remove button Removes the server from the configured list.
Note: It is recommended to use the “Update Domain Records”
button after removing a server, this deletes any unwanted
domain records.
Figure 8 Add Local File Server Pop-up Window
Name Description
File Server: (text field) Selects the local file server from the drop-down list.
Apply button Adds the file server to the WXA series appliance for sharing.
After clicking the Apply button, domain records are also added
to the server, requiring the Administrator’s credentials.
Cancel button Cancels the information entered and closes the Add Server
pop-up window.
Viewing the WFS Acceleration Page | 75
Page 76
Figure 9 Add Remote File Server Pop-up Window
Name Description
File Server: (text field) Selects the remote file server from the drop-down list.
Local WXA Name: (text field) Enter a name for your local WXA series appliance. Adding a
dot at the end of the name auto-completes the name with that
of the domain.
Apply button Adds the file server to the WXA series appliance for sharing.
After clicking the Apply button, an SPN Alias is created using
the local WXA name and the domain records are added to the
server, requiring the Administrator’s credentials.
Cancel button Cancels the information entered and closes the Add Server
pop-up window.
76 | Dell SonicWALL WXA 1.3 User’s Guide
Page 77
Tools Tab
Figure 10 Update Domain Recor ds Pop-up Window
Name Description
Username (text field) Enter your Administrator’s username.
Password (text field) Enter your Administrator’s password.
Update Records button Updates any missing domain records required for the WFS Accelera-
tion feature to function correctly.
Cancel button Cancels any information entered and closes the Update Domain
Records pop-up window.
The Tools tab provides diagnostic tools for the WFS Acceleration service.
The Diagnostic Tools drop-down provides the following selections:
• DNS Name Lookup — Performs a search on a specific Name or IP address, see on
page 78 for details.
• Available Shares — Displays information about available shares on a specific host, see
on page 79 for details.
• Test WFS Configuration — Performs a test on the WFS Acceleration configuration and
validates connectivity, see on page 80 for details.
• List Kerberos Servers — Displays a list of Kerberos servers that are available to use, see
on page 80 for details.
Viewing the WFS Acceleration Page | 77
Page 78
Figure 11 DNS Name Lookup Panel
The DNS Name Lookup Panel displays the following information:
Name Description
Primary DNS: (read-only) Displays the primary DNS which was configured on NSA/TZ security
appliance using the Network > DNS page or Network > DHCP Server
> Edit > DNS/WINS tab.
Secondary DNS: (read-only) Displays the secondary DNS which was configured on NSA/TZ security
appliance using the Network > DNS page or Network > DHCP Server
> Edit > DNS/WINS tab.
Lookup Name or IP: Text Field Allows you to search for available DNS names or IP addresses. Click
Go to initiate the search. A response will be received from the DNS
server. It is used to verify whether the WXA series appliance can reach
the DNS server.
Note:Lookup of IP addresses only works if the DNS server has reverse
lookup zones configured.
Note The DNS servers in the DNS Name Lookup should all be domain DNS servers. Non-domain
DNS servers can cause issues.
78 | Dell SonicWALL WXA 1.3 User’s Guide
Page 79
Figure 12 Available Shares Panel
The Available Shares Panel provides the following configuration options:
Note If the WXA series appliance has already joined the domain, you can use the WXA series
appliance credentials, the username/password do not need to be entered.
Name Description
Host: Text Field The name of the server that the shares reside.
Use Machine Account Credentials
Checkbox
Username: Text Field The username for the user’s account.
Password: Text Field The password for the user’s account.
Go Button Initiates the search. This displays a list of shares available on the server that
Checks the shares available on the share entered in the Host text field using
the WXA series appliance’s machine account credentials.
the system administrator specified. It is used to verify the connection between
the WXA series appliance and the server and that a list of shares can successfully be obtain from that server.
Viewing the WFS Acceleration Page | 79
Page 80
Figure 13 Test WFS Configuration Option
The Test WFS Configuration Panel provides the following configuration options:
Name Description
Use Machine Account Credentials
Checkbox
Username: Text Field The username for the user’s account. This is only visible/required if the
Password: Text Field The password for the user’s account. This is only visible/required if the
Run WFS Configuration Tests Button
Results Displays the results of the WFS Acceleration test.
Reverse DNS Displays the Reverse DNS address.
Checks the shares available on the share entered in the Host: text field
using the WXA series appliance’s machine account credentials.
WXA series appliance does not have its own machine account with
appropriate permissions.
WXA series appliance does not have its own machine account with
appropriate permissions.
Initiates a test to ensure that the WFS Acceleration service is configured
correctly
For more information on troubleshooting test results, refer to Verifying the WFS Acceleration
Configuration on page 117.
Figure 14 List Kerberos Servers Option
The List Kerberos Server Panel provides the following configuration options:
Name Description
Domain: Text Field Displays the domain for the Kerberos server.
Go Button Initiates the search and displays a list of the Kerberos servers.
80 | Dell SonicWALL WXA 1.3 User’s Guide
Page 81
Advanced Configuration Mode
Clicking the Advanced configuration mode radio button displays the Domain Details and
Shares tabs. All other tabs (Configuration, Statistics, and T ools) appear the same in both Basic
and Advanced configuration modes. For details on the Configuration, St atistics, and Tools tabs,
see the Basic Configuration Mode on page 67.
Caution Advanced configuration mode should only be used if you need to specifically define server
or share names. The preferred way to configure WFS Acceleration is to use the Basic
configuration mode.
While in the Domain Details or Shares tab, you can select the Basic radio button at any time,
directing you to the Signed SMB Setup Tab on page 71, if you wish to use the simplified
configuration procedure for the domain.
Note Servers configured in Advanced mode may not be visible in the WFS Acceleration >
Signed SMB Setup tab in Basic mode, due to the specific naming convention used in Basic
mode. However, the servers are still part of the configuration and file operations will still be
accelerated.
Name Description
Domain Details Tab Configures the WXA series appliance to match details of the domain it is joining.
This tab offers advanced configuration procedures for joining the domain. See the
Domain Details Tab, page 82 for details.
Shares Tab Configures the WXA series appliance to accelerate specific servers and shares.
Available only when using the Advanced configuration mode. See the Shares
Tab on page 91 for details.
Viewing the WFS Acceleration Page | 81
Page 82
Domain Details Tab
The Domain Details tab offers an advanced configuration of the domain, providing more op tions
and details than the Basic mode’s Signed SMB Setup tab. The WXA series appliance may
automatically discover the domain details if the DNS server configured on the NSA/TZ series
appliance is a domain controller and the DNS server is correctly configured in the domain.
If the domain name is not auto-discovered, the Domain Details tab requires you to enter the
basic details for a domain.
Figure 15 WFS Acceleration (Name Not Auto-discovered)
82 | Dell SonicWALL WXA 1.3 User’s Guide
Page 83
If the domain name is auto-discovered, the Domain Details tab displays the configured domain
details and options for configuring the domain.
Figure 16 WFS Acceleration (Name Auto-discovered)
Name Description
Action Buttons
Advanced Options Configures the WFS Acceleration service in more detail with Client Signing, Server
Signing, and Max Transmit, which affect the CIFS packet size, see on page 87 for
details.
Join Domain/Rejoin Domain The WXA series appliance joins the domain (becomes part of the domain) that is
identified in the FQDN. The Join Domain Pop-up Window is displayed, see on
page 88 for details.
If the WXA series appliance has previously joined the domain, the Rejoin Domain
button is displayed. If this is the first time, a Join Domain button is displayed.
Unjoin Domain Removes all information about the current domain that the WXA series appliance
has joined. This button will no remove a configured domain, hostname, or servers/
shares from the configuration.
Test Configuration Tests the WFS Acceleration service and displays a WFS Configuration Test Results
pop-up window, see on page 89. If the WFS Acceleration service is not working cor-
rectly, reconfigure the domain details, and then retest.
Viewing the WFS Acceleration Page | 83
Page 84
Name Description
Restart WFS Restarts the WFS Acceleration service. All existing sessions and file transfers will be
terminated.
Update Domain Records Updates any missing domain records for SPN aliases, configured remote servers to
the “Specific Trusted Host List”, and missing DNS records. Displays an Update
Domain Pop-up window, see on page 90, detailing the results of the procedure.
Auto-discovered Domain Panel (the panel name changes depending on whether the domain is autodiscovered or configured)
Fully Qualified Domain Name: The fully qualified domain name (FQDN) of your Windows domain that the WXA
series appliance joins. To change the FQDN, you must unjoin the domain. Click the
Edit button to modify the FQDN, see on page 85 for details.
NETBIOS Domain: If you configured the FQDN at initial setup and join (or tired to join) the domain, the
WXA series appliance should auto-discover the corresponding NETBIOS domain.
Click the Edit button to configure the FQDN and the NETBIOS Domain, see on
page 85 for details.
Changing the FQDN or the NETBIOS Domain after joining the Windows domain
requires the device to rejoin the domain.
Hostname: Displays the hostname for the WXA series appliance. Click the Edit button to modify
the hostname, see on page 85 for details.
Changing the hostname requires the old computer account to be manually deleted
from the domain controller.
Kerberos Server: The FQDN of the Kerberos server or an IP address (not recommended) on the Win-
dows Domain. Joining the domain with the Kerberos server specified as an IP
address causes a failure unless reverse DNS lookups have been configured on the
DNS server. The alternative is to provide the name of the Kerberos server.
The port number defaults to 88. This server is typically the domain controller.
To edit the server name, you must first unjoin the domain, and then click the Edit
button. The Kerberos Server pop-up window appears, see on page 86 for details.
LDAP Server: Sets the Lightweight Directory Access Protocol (LDAP) server on the network. The
port number defaults to 389. This server is typically the domain controller.
Joined Domain: Checkbox (Read-only) Indicates the device has joined the domain.
Machine Account Exists:
Checkbox
Trusted for Delegation:
Trusted for Delegation to: (Read-only) Displays a list of all the trusted remote servers and WXA series appli-
Reverse DNS Lookup: Displays DNS info if the WFS Acceleration address is correctly resolved to the WXA
(Read-only) Indicates an account matching the hostname of the device is found on
the domain.
The computer account password is set to the authorization code.
(Read-only) Indicates that the computer account of the WXA series appliance on the
Domain Controller is trusted for delegation. This is a necessity an d requires the
administrator to configure the domain controller to confirm that the WXA series appli-
ance can be trusted for delegation.
Note: This field is updated by clicking the Update Domain Records button. It can
also be updated directly on the domain controller.
ances.
Note: This field is updated by clicking the Update Domain Records button. It can
also be updated directly on the domain controller.
series appliance’s hostname.
Other System Settings Panel
Time Synchronization Source: Displays the server that the WXA series appliance will synchronized its clock with.
This server is usually the Domain Control because the WXA series appliance’s clock
must closely match that of the Domain Controller’s clock.
Click the Edit button to modify the server, see on page 87.
Primary DNS Server: (Read-only) Displays the current primary DNS server IP address, which must be a
domain DNS server for WFS Acceleration to function properly.
Secondary DNS Server: (Read-only) Displays the current secondary DNS server IP address. This must also
be a domain DNS server for WFS Signed acceleration to function properly.
84 | Dell SonicWALL WXA 1.3 User’s Guide
Page 85
Figure 17 Configure Domain Pop-up Window
Name Description
Fully Qualified Domain Name: The FQDN for the Windows domain that the WXA series
appliance will join.
Use Discovered value for NETBIOS Domain
Checkbox
NETBIOS Domain: Text Field
Apply Button Applies all changes.
Cancel Button Cancels the operation.
When checked (enabled), uses the NETBIOS name tha t is
derived from the discovered domain.
Enter the NETBIOS name for the domain.
Note: Not necessary if the checkbox is selected.
Figure 18 Configure Hostname Pop-up Window
Name Description
Hostname: Text Field Input the desired hostname or leave the input field blank to use the default
hostname.
Note:If you are configuring a WXA 5000 Virtual Appliance or WXA 500 Live
CD, a default hostname is not provided, you must enter one.
Apply Button Applies all changes.
Cancel Button Cancels the operation.
Viewing the WFS Acceleration Page | 85
Page 86
Note If the device has already joined the domain, changing the host name requires the device to
unjoin the domain, and then rejoin the domain after the change is made.
Figure 19 Configure Kerber os Server Pop-up Window
Name Description
Configure Kerberos Server radio
buttons
Kerberos Server list LIst the discovered Kerberos Servers with informa-
Apply Button Applies all changes.
Cancel Button Cancels the operation.
Note The LDAP Server and the Kerberos Server are usually the same computer.
Select the desired configuration from these options:
• Allow automatic choice of a discovered Kerberos
Server
Display the auto-selected server.
• Manually enter Kerberos Server
Enter the name and port number for the Kerberos
Server used for authentication to the domain.
• Select a discovered Kerberos Server
Choose one from the list.
tion on the following performance metrics:
• Priority - The priority of the Kerberos Server,
lower values are preferred.
• Weight - The relative weight for Kerberos Servers
with the same priority. Higher values are preferred.
• RTT- The round trip time for probes to the Kerberos Server.
86 | Dell SonicWALL WXA 1.3 User’s Guide
Page 87
Figure 20 Time Synchronization Pop-up Windo w
Name Description
Use the Domain Controller for Time
Synchronization: Checkbox
NTP Server: Text Field Overrides the domain controller synchronization by specify a NTP
Validate Button Validates that the NTP Server specified can be connected and that
Apply Button Applies all changes.
Cancel Button Cancels the operation.
When enabled (checked) the domain controller is used as the time
synchronization source.
server in the required field.
the server provide the current time.
Figure 21 Advanced Options Pop-up Window
Name Description
Client Signing: Drop-down Identifies the server message block (SMB) signing between the WXA
series appliance and the Windows client.
Server Signing: Drop-down Identifies the SMB signing between the WXA series appliance and
the server.
Max Transmit: Text Field Sets the largest block of data that can be written at any one time.
Apply Button Applies all changes.
Cancel Button Cancels the operation.
Viewing the WFS Acceleration Page | 87
Page 88
Figure 22 Join Domain Pop-up Window
Enter the username and password of the domain administrator account.
Name Description
Summary of Results (Read-only) Displays a summary of results after the WXA series appliance
Details (Read-only) Details the steps performed in the domain joining procedure. A
88 | Dell SonicWALL WXA 1.3 User’s Guide
joins the domain.
green circle indicates a pass, and a red circle indicates a failure.
Page 89
Figure 23 WFS Configuration Test Results Pop-up Window
The WFS Configuration Test Results page displays the configuration status of the WFS
Acceleration service. A green circle indicates a successful configuration, and a red circle
indicates an error. Hover over the circle icons to display the details for that configuration.
Name Description
Server Display the remote server or local WXA name s.
Resolves To Displays the IP address that the WXA series appliance is resolved to.
Used in Share Config. Displays the server that is used for sharing. This can be an actual server, or
a WXA series appliance.
Short SPN Verifies a short SPN is present on the machine account.
Long SPN Verifies a long SPN is present on the machine account.
Trusted for Delegation Lists the general server or specific hosts that are trusted for delegation by
the WXA series appliance.
Accept Delegation Displays the hosts that are trusted to present delegated credentials to the
WXA series appliance.
Accepted Connection Verifies the server accepted an authenticated connection.
Propagated Connection Verifies the server propagated an authenticated connection.
Reverse DNS Displays the Reverse DNS address path.
For information on troubleshooting, refer to the Verifying the WFS Acceleration Configuration
on page 117.
Viewing the WFS Acceleration Page | 89
Page 90
Figure 24 Update Domain Recor ds Pop-up Window
Name Description
Summary of Results (Read-only) Displays a summary of results after the WXA series appliance
runs the Update Domain Records feature.
Details (Read-only) Details the steps performed in the Update Domain Records pro-
cedure. A green circle indicates a pass, and a red circle indicates
a failure.
90 | Dell SonicWALL WXA 1.3 User’s Guide
Page 91
Shares Tab
The Shares tab configures the WXA series appliance to accelerate specific shares and servers.
This tab is only available in Advanced configuration mode.
Note Basic mode is the preferred way to configure WFS Acceleration, only use Advanced mode
if you need to specifically define the server or share name.
Figure 25 WFS Acceleration > Shares
Action Items
Name Description
Add Server Button When clicked the Add Server pop-up is displayed, see on page 93. This window
allows you to configure a new remote server
Update Domain Records Updates any missing domain records for SPN alia ses and “trusted for delegation”.
When clicked, the Update Domain Records pop-up window displays, see on
page 95 , requiring you to enter the Administrator’s Credentials.
Column Headings
Name Description
Remote Server Name Column Displays the name of the remote server.
Note: This may not physically be remote, it might be on the local site.
Local WXA Name Column Displays the name or alias of the local WXA series appliance.
Default Cache Enabled Column Displays whether caching is enabled (checked) or disabled (unchecked).
Default Cache Read Ahead
Column
Configure Column Displays Edit and Delete buttons. Click the edit button to modify the configuration of
Add New Share... Link Adds a new share to a remote server. When clicked, the Add Share Pop-up window
Displays the size of the read-ahead buffer.
the server. Click the delete button to remove the file server from the configuration,
see on page 92. When the Edit button is clicked, the Edit Server Details window is
displayed, see on page 93.
is displayed, see on page 94.
Viewing the WFS Acceleration Page | 91
Page 92
Name Description
Name Column Displays the name of the shares set on the server.
Cache Enabled Column Indicates whether caching is enabled (checked) or disabled (unchecked).
Cache Read Ahead Column Displays the size of the read-ahead buffer.
Configure Column Displays an Edit and Delete button. Click the Edit button to modify the configuration
of the share. Click the Delete button to remove the share from using the server.
When the Edit button is clicked, The Edit Share Details pop-up window is displayed,
see on page 94.
Figure 26 Delete a Server
Name Description
Update Domain Records
checkbox
Delete Deletes the fi le server from the configuration.
Cancel Cancels the “delete server” request and closes the pop-up window.
Removes any domain records that are no longer needed as a result of removing the file server from the configuration.
92 | Dell SonicWALL WXA 1.3 User’s Guide
Page 93
Figure 27 Add Server and Edi t Server Details Pop-up Windows
Name Description
Remote Server Name: Radio Buttons The Remote Server name can be selected from a list of remote servers found on the
network, or manually entered in the text field. Toggle the radio buttons to choose
between automatic or manual entry.
Note:The remote server can either be a Windows server or another WXA series
appliance acting as a proxy server.
Clicking the Look Up button verifies that the name entered is registered in the DNS
server.
Local WXA Name: Text Field Enter the name of the local WXA, this will forward to the remote server. Use this name
in paths to shares to get accelerated access to remote shares. A different local name
alias should be used for each remote server.
Note:If the Update Domain Records checkbox is enabled, the WXA series appliance will
attempt to create a DNS record for each of the service principal name (SPN)
aliases. The local device name must resolved to the public IP address. The DNS
Server IP address is identified on the Domain Details Tab, page 82 of this WXA.
These records can also be added later by clicking the Update Domain Records
button.
Default Cache Enabled: Checkbox When enabled (checked) shares are stored in the default cache. This option is enabled
by default.
When a file is requested, that is also available in the cache, the WXA series appliance
serves the data from that cache as long as the cache file is valid. If the original file has
changed, the parts of the cache that are still valid may be used. This process reduces
the need for data to be sent over the network. This option can be overridden for individual shares.
Default Cache Read Ahead: Text Field
(Add Server Pop-up only)
The default size (measured in bytes) for read-ahead speed in the cache. The default
cache read ahead value is 61440 bytes.
To calculate this value, multiply the link latency (in milliseconds) by the measured siteto-site bandwidth in (kilobytes per second) and divide that by the number of simultaneous file access users. This option can be overridden for individual shares.
Example equation: BDP/<expected number of user sessions> where BDP = link rate in
kilobytes * link latency.
Add All Shares: Checkbox When enabled (checked), all shares are added on the server for WFS Acceleration.
Otherwise, individual shares must be added manually.
Update Domain Records: Checkbox Updates any missing domain records for SPN aliases, configured remote servers to the
“Specific Trusted Host List”, and missing DNS records. Requires the user to enter
Admin credentials in a second pop-up window.
Viewing the WFS Acceleration Page | 93
Page 94
Name Description
Apply Button Applies all changes.
Cancel Button Cancels the operation.
Figure 28 Add Share and Edit Share Details Pop - up Windows
Name Description
All Shares Option All shares are added to the server.
Share Name: Drop-down menu Provides a list of available shares on the remote server (not always
available).
Enter Name: Text Field Manually enter the name of a share.
Cache Enabled: Checkbox When enabled (checked), data is stored in the cache.
Cache Read Ahead: Text Field The number of bytes that the cache reads ahead. This service is only
functional when the Cache Enabled checkbox is selected. The default
cache read ahead is 61440 bytes.
Apply Button Applies all changes.
Cancel Button Cancels the operation.
94 | Dell SonicWALL WXA 1.3 User’s Guide
Page 95
Figure 29 Update Domain Records
This pop-up window displays when the Update Domain Records button is clicked. Enter the
Administrator’s Credentials to resolve any missing domain records for SPN aliases, “trusted for
delegation”, and DNS records.
Name Description
Username Text Field Enter the Administrator’s Username.
Password Text Field Enter the Administrator’s Password.
Update Records Button Updates any missing domain records for SPN aliases and “trusted for
delegation”.
Cancel Button Cancels the Update Domain Records process.
Viewing the WFS Acceleration Page | 95
Page 96
96 | Dell SonicWALL WXA 1.3 User’s Guide
Page 97
Configuring WFS Acceleration
WAN Acceleration > WFS Acceleration
This chapter provides details on configuring the WFS Acceleration service. There are several
different ways to configure WFS Acceleration depending on the user requirements and type of
network environment used. If the Client PC is already joined to a domain, it is recommended to
use Signed SMB. If you are not sure of the Client PC’ s domain joining status, it is recommended
to use Unsigned SMB to begin with.
Unsigned SMB
In a network that supports unsigned SMB traffic, the WFS Acceleration service configuration is
greatly simplified. The reason for this is unsigned SMB traffic does not have a security layer , so
the WXA series appliance can intercept the traffic without joining the domain, eliminating the
need to configure custom zones, configuring reverse lookup, and add file shares. Unsigned
SMB is enabled by default.
Signed SMB
In a network that supports SMB signing, it is required that the WXA series appliance join the
domain, due to the presence of a security layer in signed SMB traffic. Although this type of
configuration is more complex than unsigned SMB, it offers a more granular configuration of
the WFS Acceleration service. The WAN Acceleration > WFS Acceleration page displays a
warning when signed SMB traffic is detected on the network. If this warning is present, please
enable the Support SMB Signing checkbox, join the WXA appliance to the domain, and access
the signed shares through the WXA appliance’s shares.
Supporting SMB signing provides the option to configure WFS Acceleration in a Basic or
Advanced configuration mode.
The Basic configuration mode (recommended) is a simplified WFS Acceleration configuration
that concentrates on selecting the Windows File Servers that are hosting shares, and
distinguishing remote and local file server configurations in the management interface. A
Signed SMB Setup tab is displayed, providing options to easily add file servers and domain
records.
Chapter 8
The Advanced configuration mode offers manual configuration of the domain details, file
servers, and file shares on the Domain Details and Shares tabs.
Caution Advanced configuration mode should only be used if you need to specifically define server
or share names. The preferred way to configure WFS Acceleration is to use the Basic
configuration mode.
To configure the WFS Acceleration service, refer to the section below that matches to your
desired configuration:
• Configuring WFS Acceleration Using Unsigned SMB on page 98
• Configuring WFS Acceleration Using Signed SMB on page 99
• Verifying the WFS Acceleration Configuration on page 117
Configuring WFS Acceleration | 97
Page 98
Configuring WFS Acceleration Using Unsigned SMB
To configure the WFS Acceleration service using Unsigned SMB, perform the following:
Step 1 Permit acceleration for the relevant VPN or routed policies in the Network > Routing or VPN
> Settings pages in the SonicOS management interface.
Step 2 Configure a network interface on the NSA/TZ series appliance for the port you want to connect
the WXA series appliance to. The WXA series appliance must be connected to a NSA or TZ
series appliance on a port other than X0 and X1. See Configuring Network Interfaces on
page 33 for details.
Step 3 Navigate to the WAN Acceleration > WFS Acceleration page.
Step 4 Click the Configuration tab, and then select the Enable WFS Acceleration checkbox.
Step 5 Select the Unsigned SMB checkbox.
Step 6 Click the Apply Changes button.
98 | Dell SonicWALL WXA 1.3 User’s Guide
Page 99
Configuring WFS Acceleration Using Signed SMB
The preferred way to configure WFS Acceleration for Signed SMB is to use the WXA Setup
Wizard. However, this is currently only available if running SonicOS 5.9 firmware. If your NSA/
TZ series appliance is using 5.8.1.x or 6.1.x firmware use the procedures in this section to
configure WFS Acceleration for Signed SMB. For more information on the WXA Setup Wizard
refer to the SonicOS 5.9 Administrator’s Guide.
To manually configure the WFS Acceleration service using signed SMB, perform the following:
Step 1 Configure a network interface on the NSA/TZ series appliance for the port you want to connect
the WXA series appliance to. The WXA series appliance must be connected to a NSA or TZ
series appliance on a port other than X0 and X1. See Configuring Network Interfaces on
page 33 for details.
Step 2 Navigate to the WAN Acceleration > WFS Acceleration page.
Step 3 Click the Configuration tab, and then select the Enable WFS Acceleration checkbox.
Step 4 Select the Support SMB Signing checkbox.
Step 5 Click the Apply Changes button.
Configuring WFS Acceleration | 99
Page 100
The Signed SMB Setup and Tools tab, and Basic and Advanced configuration mode radio
buttons display:
Step 6 Select the Basic (Recommended) or Advanced configuration mode radio button.
• If you selected the Basic configuration mode, refer to the Basic Configuration Mode on
page 101 for Basic mode configuration procedures.
• If you selected the Advanced configuration mode, refer to the Advanced Configuration
Mode on page 109 for Advanced mode configuration procedures.
100 | Dell SonicWALL WXA 1.3 User’s Guide
Loading...