How it Works
SonicWALL
Loading...
E6500
User Manual
78 pgs9.97 Mb0
Table of contents
Loading...

SonicWALL E6500 User Manual

PROTECTION AT THE SPEED OF BUSINESS
NSA E6500 Getting Started Guide
SonicWALL NSA E6500 Getting Started Guide
This Getting Started Guide provides instructions for basic installation and configuration of the SonicWALL Network Security Appliance (NSA) E6500 running SonicOS Enhanced. After you complete this guide, computers on your Local Area Network (LAN) will have secure Internet access.

Document Contents

This document contains the following sections:
1
Pre-Configuration Tasks - page 3
2
Registering Your Appliance - page 13 Deployment Scenarios - page 19
3
Additional Deployment Configuration - page 41
4
Support and Training Options - page 55
5
Rack Mounting Instructions - page 63
6
Product Safety and Regulatory Information - page 69
7
SonicWALL NSA E6500 Getting Started Guide Page 1

SonicWALL NSA E6500

Front
Network Security Appliance
E6500
Form Factor Dimensions
1U rack-mountable 17 x 16.75 x 1.75 in
43.18 x 42.54 x 4.44 cm
Back
Weight
WEEE Weight
PML
I o
17.30 lbs/7.9 kg
17.30 lbs/7.9 kg
Note: Always observe proper safety and regulatory guidelines when removing administrator-serviceable parts from the SonicWALL
NSA E6500. Proper guidelines can be found in the Product Safety and Regulatory Information section, on page 69 of this guide.
Page 2 SonicWALL NSA E6500

Pre-Configuration Tasks

In this Section:
This section provides pre-configuration information. Review this section before setting up your SonicWALL NSA E6500.
Check Package Contents - page 4
Obtain Configuration Information - page 5
The Front Panel - page 6
The Back Panel - page 7
Front Bezel Control Features - page 8
Front Bezel Configuration Example - page 12
1
SonicWALL NSA E6500 Getting Started Guide Page 3

Check Package Contents

Before setting up your SonicWALL NSA E6500, verify that your package contains the following parts:
1
SonicWALL NSA E6500
2
DB9 -> RJ45 (CLI) Cable
3
Standard Power Cord *
4
Rack Kit
5
Ethernet Cable
6
Red Crossover Cable
7
Release Notes
8
Global Support Services Guide
9
Thank You Card
9910
Getting Started Guide

Any Items Missing?

If any items are missing from your package, please contact SonicWALL support.
A listing of the most current support options is available online at:
<http://www.sonicwall.com/us/support.html>
*The included power cord is intended for use in North America only. For European Union (EU) customers, a power cord is not included.
1
2
5 6
Page 4 Check Package Contents
NetworkSecurity Appliance
E6500
SonicOS Release Notes
Contents
3
4
7 8
9
10

Obtain Configuration Information

Please record and keep for future reference the following setup information:

Registration Information

Serial Number:
Authentication Code:

Networking Information

LAN IP Address:
. . .
Subnet Mask:
. . .
Ethernet WAN IP Address:
. . .
Record the serial number found on the bottom panel of your SonicWALL appliance.
Record the authentication code found on the bottom panel of your SonicWALL appliance.
Select a static IP address for your SonicWALL appliance that is within the range of your local subnet. If you are unsure, you can use the default IP address (192.168.168.168).
Record the subnet mask for the local subnet where you are installing your SonicWALL appliance.
Select a static IP address for your Ethernet WAN. This setting only applies
if you are already using an ISP that assigns a static IP address.

Administrator Information

Admin Name:
Admin Password:
Select an administrator account name. (default is admin)
Select an administrator password. (default is password)

Obtain Internet Service Provider (ISP) Information

Record the following information about your current Internet service:
If You connect using
DHCP No information is usually required: Some providers
Static IP IP Address:
Please record
ma y requi re a Hos t name:
. . .
Subnet Mask: . . .
Default Gateway: . . .
Primary DNS: . . .
DNS 2 (optional): . . .
DNS 3 (optional): . . .
Note: If you are not using one of the network configurations
above, refer to the SonicOS Enhanced Administrator’s Guide <http://www.sonicwall.com/us/support.html>
SonicWALL NSA E6500 Getting Started Guide Page 5

The Front Panel

.ETWORK3ECURITY!PPLIANCE
! #
Icon Feature Description
LCD Screen Displays the front panel bezel interface which can be used to display status information, make
Control Buttons Used to navigate the front panel bezel interface.
Console Port Used to access the SonicOS Command Line Interface (CLI) via the DB9 -> RJ45 cable.
USB Ports (2) Future extension.
Reset Button Press and hold the button for a few seconds to manually reset the appliance.
LED (from left to right) Power LED: Indicates the SonicWALL NSA E6500 is powered on.
HA Port High Availability port.
X0-X7 (Copper) Gigabit Ethernet ports.
Bypass Status LED Future extension. Please check Release Notes for future availability.
Page 6 The Front Panel
"
%
$
certain configuration changes, restart the appliance or boot the appliance in SafeMode.
Test LED: Flickering: Indicates the appliance is initializing. Steady blinking: Indicates the appliance is in SafeMode. Solid: Indicates that the appliance is in test mode.
Alarm LED: Indicates an alarm condition. HD LED: Future extension.
&
%
'
(
)

The Back Panel

PML
I o
A
B
C
Icon Feature Description
Expansion Bay Future extension.
Fans (2) The SonicWALL NSA E6500 includes two fans for system temperature control.
Power Supply The SonicWALL NSA E6500 power supply.
SonicWALL NSA E6500 Getting Started Guide Page 7

Front Bezel Control Features

.ETWORK3ECURITY!PPLIANCE
.ETWORK3ECURITY!PPLIANCE
The SonicWALL Network Security Appliance E-Class is equipped with a front panel bezel interface that allows an administrator to customize certain aspects of the appliance or simply monitor its status without having to log into it through a separate terminal.
Note: Using the front bezel for configuration purposes prior to
completing initial setup will bypass the Setup Wizard’s automatic launch at startup.

LCD Control Buttons

#
#
$
!
Icon Feature Description
LCD Screen
Control Buttons
Page 8 Front Bezel Control Features
"
"! $
Displays the front panel bezel interface which can be used to display status information, perform basic configurations, restart the appliance or boot the appliance in SafeMode.
Up, Down, Left and Right buttons, used to navigate the LCD menu system.
%
%
The LCD interface is controlled by a D-pad, consisting of four buttons: Up, Down, Left, Right. The table below describes the functions of the buttons:
Icon Button Navigation Features
Up/Down
Selects options and navigates up and down lists.
Left
Cancels changes and returns to the previous menu.
Right
Confirms choices and enters menus. Also sets the appliance to screen-saver mode when used from the main menu.

Main Menu

Status

Upon booting the LCD display will initially show the Main Menu. The menu is made up of four options:
Contains basic status values including system resources, connections and port configuration values.
Allows configuration of basic system values including X0 (LAN) and X1 (WAN) port configuration. Requires system pin for access, default: 76642.
Provides the ability to restart the appliance. Requires system pin for access.
Provides the ability to restart and boot the appliance into SafeMode. Requires system pin for access.
Use the Up and Down button to select the menu you wish to enter and click the Right button to enter it.
The Status menu allows you to view specific aspects of the appliance. Once selected, the LCD displays the Status List. This list is navigated using the Up and Down buttons. Status options available include:
Appliance serial number
Firmware / ROM versions
Appliance name
Date and Time
•Uptime
CPU statistical readings
Current number of connections
Interface (X0, X1) network settings
Interface (X0, X1) data transfer statistics
The X1 DNS1-3 entries will only be displayed if they have been set from the Configure menu. If their value is still 0.0.0.0 (default value), they will not appear in the Status List.
SonicWALL NSA E6500 Getting Started Guide Page 9

Configure

The Configure Menu allows you to configure specific aspects of the appliance. Once selected, the LCD will display a PIN request.
Note: The Default PIN is 76642. This number spells SONIC
on a phone keypad. The PIN number can be changed from the System > Administration page.
All numbers are inputted using the 4 buttons. Select the individual digit field using the Left and Right button and select the desired number using the Up and Down Button. Digits increase incrementally from 0 to 9. Press the Right button to confirm your PIN and enter the Configuration Menu.
The appliance allows the user to navigate in and out of the Configuration Menu without having to re-enter the PIN. However, once the appliance enters Screen-Saver Mode, whether from the 6 second time out or from pressing the Left button from the Main Menu, the PIN number must be re-entered again to access the Configuration Menu.
After entering a new value for a setting in the configuration menu, you are asked if you want to commit changes. Using the 4-way D-pad, press the Right button for yes or the Left button for no.
If you choose yes, the screen notifies you that the settings are updated.
Page 10 Front Bezel Control Features

Configuration Options

Restart

This option allows you to configure network port settings for the appliance. Once selected, the LCD displays a list of configurable options. Status options available include:
X0 IP and subnet
X1 Mode
X1 IP and subnet
X1 Gateway
X1 DNS settings (3 available)
Restore defaults
The X1 Mode can be set to Static (default option) or to DHCP. If DHCP is selected, manual configuration options are not shown for X1 IP, subnet, gateway and DNS.
The Restore Defaults option will reset the appliance to default factory settings. If selected it will prompt for confirmation twice before restoring defaults.
If an option is selected but not modified, the appliance will display a message stating that no changes were made and will return the user to the edit value screen. If a change was made, it will prompt the user for confirmation before effecting the change.
This option allows you to safely restart without resorting to power cycling the appliance. Once selected, the LCD will display a confirmation prompt. Select Y for yes and press the Right button to confirm. The appliance will reboot.

SafeMode

This option will set the appliance to SafeMode. Once selected, the LCD will display a confirmation prompt. Select Y for yes and press the Right button to confirm. The appliance will change to SafeMode. Once SafeMode is enabled, the SonicWALL NSA E6500 must be controlled from the Web management interface.

Screen-Saver

If no button is pressed for over 60 seconds, or if the Left button is pressed from the Main Menu, the appliance will enter Screen­Saver mode. In this mode, the Status List will cycle, displaying every entry for a few seconds.
If the Up or Down button is pressed while in Screen-Saver mode, the appliance will display the adjacent status entry.
To exit Screen-Saver mode, press the Right button.
SonicWALL NSA E6500 Getting Started Guide Page 11

Front Bezel Configuration Example

LAN IP Configuration

f. Press Right.
The SonicWALL NSA E6500 is assigned the default LAN IP of
192.168.168.168. Complete the following steps to change it to
192.168.168.10.
1. Press Right to exit screen-saver mode if not at the root menu.
2. Press Down to select the Configuration entry.
3. Press Right to enter Configuration Mode.
4. Input PIN (76642 by default; SONIC on a phone keypad.)
a. Press Up or Down until the cursor displays 7,
press Right.
b. Press Up or Down until the cursor displays 6,
press Right.
c. Press Up or Down until the cursor displays 6,
press Right.
d. Press Up or Down until the cursor displays 4,
press Right.
e. Press Up or Down until the cursor displays 2,
press Right.
5. Press Down until X1 IP is selected (four times).
6. Press Right to configure X1 IP.
7. Edit X1 IP: a. Press Right ten times to select the tenth digit.
b. Press UP or Down until the cursor displays 0. c. Press Right once to select the next digit. d. Press UP or Down until the cursor displays 1. e. Press Right once to select the next digit. f. Press Up or Down until the cursor displays 0.
g. Press Right to finish editing the X1 IP. h. Press Right again to confirm changes.
Page 12 Front Bezel Configuration Example

Registering Your Appliance

In this Section:
This section provides instructions for registering your SonicWALL NSA E6500.
Before You Register - page 14
Creating a mysonicwall.com Account - page 15
Registering and Licensing Your Appliance on mysonicwall.com - page 15
Note: Registration is an important part of the setup process and is necessary in order to receive the benefits of SonicWALL security
services, firmware updates, and technical support.
2
SonicWALL NSA E6500 Getting Started Guide Page 13

Before You Register

You need a mysonicwall.com account to register the SonicWALL NSA E6500. You can create a new mysonicwall.com account on www.mysonicwall.com or directly from the SonicWALL management interface. This section describes how to create an account by using the Web site.
You can use mysonicwall.com to register your SonicWALL appliance and activate or purchase licenses for Security Services, ViewPoint Reporting and other services, support, or software before you even connect your device. This allows you to prepare for your deployment before making any changes to your existing network.
For a High Availability configuration, you must use mysonicwall.com to associate a backup unit that can share the Security Services licenses with your primary SonicWALL.
Note: Your SonicWALL NSA E6500 does not need to be
powered on during account creation or during the mysonicwall.com registration and licensing process.
Note: After registering a new SonicWALL appliance on
mysonicwall.com, you must also register the appliance from the SonicOS management interface. This allows the unit to synchronize with the SonicWALL License Server and to share licenses with the associated appliance, if any. See
Interface - page 26.
Accessing the Management
Page 14 Before You Register

Creating a mysonicwall.com Account

To create a mysonicwall.com account, perform the following steps:
1. In your browser, navigate to www.mysonicwall.com.
2. In the login screen, click If you are not a registered user,
Click here
3. Complete the Registration form and then click Register.
4. Verify that the information is correct and then click Submit.
5. In the screen confirming that your account was created, click Continue.
.

Registering and Licensing Your Appliance on mysonicwall.com

This section contains the following subsections:
Product Registration - page 15
Licensing Security Services and Software - page 16
Registering a Second Appliance as a Backup -
page 18
Registration Next Steps - page 18

Product Registration

You must register your SonicWALL security appliance on mysonicwall.com to enable full functionality.
1. Login to your mysonicwall.com account. If you do not have an account, you can create one at www.mysonicwall.com.
See
Creating a mysonicwall.com Account - page 15.
2. On the main page, in the Register A Product field, type the appliance serial number and then click Next.
3. On the My Products page, under Add New Product, type the friendly name for the appliance, select the Product Group if any, type the authentication code into the appropriate text boxes, and then click Register.
4. On the Product Survey page, fill in the requested information and then click Continue.
SonicWALL NSA E6500 Getting Started Guide Page 15

Licensing Security Services and Software

The Service Management - Associated Products page in mysonicwall.com lists security services, support options, and software such as ViewPoint that you can purchase or try with a free trial. For details, click the Info button. Your current licenses are indicated in the Status column with either a license key or an expiration date. You can purchase additional services now or at a later time.
The following products and services are available for the SonicWALL NSA E6500:
Service Bundles:
Client/Server Anti-Virus Suite
Comprehensive Gateway Security Suite
Gateway Services:
Gateway AV, Anti-Spyware, Intrusion Prevention Service, Application Firewall
Content Filtering: Premium Edition
Stateful High Availability (HA) Upgrade
Desktop and Server Software:
Enforced Client Anti-Virus and Anti-Spyware
Global VPN Client
Global VPN Client Enterprise
VPN Policy Upgrade (for site-to-site VPN)
Global Management System
•ViewPoint
Support Services:
Dynamic Support 24x7
Software and Firmware Updates
Consulting Services:
Implementation Service
GMS Preventive Maintenance Service
Page 16 Registering and Licensing Your Appliance on mysonicwall.com
To manage your licenses, perform the following tasks:
1. In the mysonicwall.com Service Management - Associated Products page, check the Applicable Services table for services that your SonicWALL appliance is already licensed for. Your initial purchase may have included security services or other software bundled with the appliance. These licenses are enabled on mysonicwall.com when the SonicWALL appliance is delivered to you.
2. If you purchased a service subscription or upgrade from a sales representative separately, you will have an Activation Key for the product. This key is emailed to you after online purchases, or is on the front of the certificate that was included with your purchase. Locate the product on the Services Management page and click Enter Key in that row.
3. In the Activate Service page, type or paste your key into the Activation Key field and then click Submit. Depending on the product, you will see an Expire date or a license key string in the Status column when you return to the Service Management page.
4. To license a product of service, do one of the following:
To try a Free Trial of a service, click Try in the Service Management page. A 30-day free trial is immediately activated. The Status page displays relevant information including the activation status, expiration date, number of licenses, and links to installation instructions or other documentation. The Service Management page is also updated to show the status of the free trial.
To purchase a product or service, click Buy Now.
5. In the Buy Service page, type the number of licenses you want in the Quantity column for either the 1 year, 2 year, or 3 year license row and then click Add to Cart.
6. In the Checkout page, follow the instructions to complete your purchase.
The mysonicwall.com server will generate a license key for the product. The key is added to the license keyset. You can use the license keyset to manually apply all active licenses to your SonicWALL appliance.
SonicWALL NSA E6500 Getting Started Guide Page 17

Registering a Second Appliance as a Backup

To ensure that your network stays protected if your SonicWALL appliance has an unexpected failure, you can associate a second SonicWALL with the first in a high availability (HA) pair. You can associate the two appliances as part of the registration process on mysonicwall.com. The second SonicWALL will automatically share the Security Services licenses of the primary appliance.
Note: In order so setup an HA pair, you must use two NSA
applicances of the same model.
To register a second appliance and associate it with the primary, perform the following steps:
1. Login to your mysonicwall.com account.
2. On the main page, in the Register A Product field, type the appliance serial number and then click Next.
3. On the My Products page, under Add New Product, type the friendly name for the appliance, select the Product Group if any, type the authentication code into the appropriate text boxes, and then click Register.
4. On the Product Survey page, fill in the requested information and then click Continue. The Create Association Page is displayed.
5. On the Create Association Page, click the radio button to select the primary unit for this association, and then click Continue. The screen only displays units that are not already associated with other appliances.
6. On the Service Management - Associated Products page, scroll down to the Associated Products section to verify that your product registered successfully. You should see the HA Primary unit listed in the Parent Product section, as well as a Status value of 0 in the Associated Products / Child Product Type section.
7. Although the Stateful High Availability Upgrade and all the Security Services licenses can be shared with the HA Primary unit, you must purchase a separate ViewPoint license for the backup unit. This will ensure that you do not miss any reporting data in the event of a failover. You must also purchase a separate support license for the backup unit. Under DESKTOP & SERVER SOFTWARE, click Buy Now for ViewPoint. Follow the instructions to complete the purchase.
To return to the Service Management - Associated Products page, click the serial number link for this appliance.

Registration Next Steps

Your SonicWALL NSA E6500 or E6500 HA Pair is now registered and licensed on mysonicwall.com. To complete the registration process in SonicOS and for more information, see:
Accessing the Management Interface - page 26
Activating Licenses in SonicOS - page 28
Upgrading Firmware on Your SonicWALL - page 29
Page 18 Registering and Licensing Your Appliance on mysonicwall.com

Deployment Scenarios

In this Section:
This section provides detailed overviews of advanced deployment scenarios as well as configuration instructions for connecting your SonicWALL NSA E6500.
Selecting a Deployment Scenario - page 20
Initial Setup - page 24
Configuring a State Sync Pair in NAT/Route Mode - page 32
Configuring L2 Bridge Mode - page 39
Tip: Before completing this section, fill out the information in Obtain Configuration Information - page 5. You will need to enter this
information during the Setup Wizard.
3
SonicWALL NSA E6500 Getting Started Guide Page 19

Selecting a Deployment Scenario

Before continuing, select a deployment scenario that best fits your network scheme. Reference the table below and the diagrams on the following pages for help in choosing a scenario.
Current Gateway Configuration New Gateway Configuration Use Scenario
No gateway appliance Single SonicWALL NSA as a primary gateway.
Pair of SonicWALL NSA appliances for high availability.
Existing Internet gateway appliance SonicWALL NSA as replacement for an existing
gateway appliance.
SonicWALL NSA in addition to an existing gateway appliance.
Existing SonicWALL gateway appliance SonicWALL NSA in addition to an existing
SonicWALL gateway appliance.
A - NAT/Route Mode Gateway
B - NAT with State Sync Pair
A - NAT/Route Mode Gateway
C - L2 Bridge Mode
B - NAT with State Sync Pair
A
SonicPoint
B
Network Security Appliance
Scenario A: NAT/Route Mode Gateway - page 21 Scenario B: State Sync Pair in NAT/Route Mode - page 22 Scenario C: L2 Bridge Mode - page 23
Page 20 Selecting a Deployment Scenario
C
E6500
SonicPoint

Scenario A: NAT/Route Mode Gateway

For new network installations or installations where the SonicWALL NSA E6500 is replacing the existing network gateway.
In this scenario, the SonicWALL NSA E6500 is configured in NAT/Route mode to operate as a single network gateway. Two Internet sources may be routed through the SonicWALL appliance for load balancing and failover purposes. Because only a single SonicWALL appliance is deployed, the added benefits of high availability with a stateful synchronized pair are not available.
To set up this scenario, follow the steps covered in the Initial
section. If you have completed setup procedures in that
Setup
section, continue to the Additional Deployment Configuration
section, on page 41 to complete configuration.
A
DMZ Zone
SonicWALL NSA E-Class
SonicPoint
WLAN Zone
LAN Zone
ISP 1
Internet
SonicWALL NSA E6500 Getting Started Guide Page 21

Scenario B: State Sync Pair in NAT/Route Mode

For network installations with two SonicWALL NSA E-Series appliances configured as a stateful synchronized pair for redundant high-availability networking.

In this scenario, one SonicWALL NSA E6500 operates as the primary gateway device and the other SonicWALL NSA E6500 is in passive mode. All network connection information is synchronized between the two devices so that the backup appliance can seamlessly switch to active mode without dropping any connections if the primary device loses connectivity.
B
SonicWALL
HA / Failover Pair
Network Security Appliance
SonicWALL NSA E-Class 2
E6500
HA Link
Internet
To set up this scenario, follow the steps covered in the Initial
and the Configuring a State Sync Pair in NAT/Route
Setup
Mode
- page 32 sections. If you have completed setup
procedures in those sections, continue to the Additional
Deployment Configuration
section, on page 41 to complete
configuration.
Page 22 Selecting a Deployment Scenario
Local Network

Scenario C: L2 Bridge Mode

For network installations where the SonicWALL NSA E6500 is running in tandem with an existing network gateway.
In this scenario, the original gateway is maintained. The SonicWALL NSA E6500 is integrated seamlessly into the existing network, providing the benefits of deep packet inspection and comprehensive security services on all network traffic.
L2 Bridge Mode employs a secure learning bridge architecture, enabling it to pass and inspect traffic types that cannot be handled by many other methods of transparent security appliance integration. Using L2 Bridge Mode, a SonicWALL security appliance can be non-disruptively added to any Ethernet network to provide in-line deep-packet inspection for all traversing IPv4 TCP and UDP traffic. L2 Bridge Mode can pass all traffic types, including IEEE 802.1q VLANs, Spanning Tree Protocol, multicast, broadcast and IPv6.
To set up this scenario, follow the steps covered in the Initial
and the Configuring L2 Bridge Mode sections. If you
Setup
have completed setup procedures in those sections, continue to the Additional Deployment Configuration section, on page 41 to complete configuration.
C
Network Gateway
SonicWALL NSA E-Class
SonicPoint
WLAN Zone
L2 Bridge Link
LAN Zone
Internet or
LAN Segment 2
SonicWALL NSA E6500 Getting Started Guide Page 23
Loading...
+ 54 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use