SonicWALL NSA 240 Getting Started Manual

(FUUJOH4UBSUFE(VJEF

4POJD8"--/FUXPSL4FDVSJUZ"QQMJBODFT

/&5803,4&$63*5:

/4"

SonicWALL NSA 240 Getting Started Guide Page i

SonicWALL NSA 240
Getting Started Guide

This Getting Started Guide provides instructions for basic
installation and configuration of the SonicWALL Network
Security Appliance (NSA) 240 running SonicOS Enhanced.
After you complete this guide, computers on your Local Area
Network (LAN) will have secure Internet access.

Document Contents

This document contains the following sections:

Pre-Configuration Tasks - page 1
Preparing Your WWAN PC Card - page 7

Registering Y our Appliance - page 11
Deployment Scenarios - page 17
Verifying Your Connection - page 35
Enabling Essential Security Services - page 39
Additional Deployment Configuration - page 47
Support and Training Options - page 69
Product Safety and Regulatory Information - page 77

123

456678

9

Page ii SonicWALL NSA 240 Front Panel

SonicWALL NSA 240 Front Panel

NSA 240

Provides power and test status

(refer to page 5)

PC Card Slot

(side of unit)
Provides an interface
for the WWAN PC
Card connection

USB Ports

For future application

Provides dedicated LAN/WAN port status as follows:

link/spd:

activity:

activity:

LAN/WAN Port Status

PC Card Status

Provides WWAN PC Card status as follows:

signal:

link/act:

Off=10M
Green=100M
Solid=link
Blinking=activity

Off=10M
Green=100M
Amber=1,000M
Solid=link
Blinking=activity

Off=10M
Green=100M
Amber=1,000M
Solid=link
Blinking=activity

Green=connected
Amber=negotiating
Solid=link
Blinking=activity

SonicWALL NSA 240 Getting Started Guide Page iii

SonicWALL NSA 240 Rear Panel

Console

WAN

X3X0 X1 X2 X4 X5 X6 X7

Power

LAN

X8

Console Port

Provides access to the
SonicOS Command Line
Interface (CLI) via the
DB9 -> RJ45 cable

LAN Port (X0)

Provides dedicated LAN
access to local area
network resources

WAN Port (X1)

Provides dedicated WAN (Internet)

Ethernet Port (X2)

Provides an additional
Gigabit-capable Ethernet
port for general use

Power Supply

Provides power

connection using

supplied power cable

Reset Button

Press and hold to

manually reset the

appliance to “safe mode”

Ethernet Ports (X3-X7)

Provides configurable

10/100 Ethernet ports for

connection to network

devices on WAN, LAN, DMZ,

and other zone types

HA Ethernet Port (X8)

Provides 10/100 Ethernet

port for high availability (HA)

connectivity

Page iv SonicWALL NSA 240 LED Reference Guide

SonicWALL NSA 240 LED Reference Guide

M0 X0 X1 X2 X3 X4 X5 X6 X7 X8

SonicWALL NSA 240 Getting Started Guide Page 1

Pre-Configuration Tasks

In this Section:

This section provides pre-configuration information. Review this section before setting up your SonicWALL NSA 240 appliance.

• Check NSA 240 Package Contents - page 2

• Obtain Configuration Information - page 3

• Obtain WWAN Service Provider Information - page 5

• Verify System Requirements - page 6

1

Page 2 Check NSA 240 Package Contents

Check NSA 240 Package Contents

Before setting up your SonicWALL NSA appliance, verify that your
package contains the following parts:

NSA 240 Appliance
DB9 -> RJ45 (CLI) Cable
Standard Power Adaptor*
Ethernet Cable
Red Crossover Cable

1

2

3

4

5

Release Notes
Getting Started Guide

6

8

97

Any Items Missing?

If any items are missing from your package,
please contact SonicW ALL support.

A listing of the most current support documents are available online
at: <http://www.sonicwall.com/us/support.html>

*The included power cord is intended for use in North America only.
For European Union (EU) customers, a power cord is not included.

1

SonicOS Release Notes

Contents

4

5

2

3

6

7

Getting Started Guide

SonicWALL Network Security Appliances

NETWORK SECURITY

NSA 2400

link/spd

M0 X0

lanX1wan

X2 X3 X4 X5 X6

X7 X8

signal

link/act

activity

NSA 240

SonicWALL NSA 240 Getting Started Guide Page 3

Obtain Configuration Information

Record and keep for future reference the following setup information:

Registration Information

Networking Information

Administrator Information

Serial Number:

Record the serial number found on the bottom panel of your
SonicWALL appliance.

Authentication Code:

Record the authentication code found on the bottom pane l of your
SonicWALL appliance.

LAN IP Address:

. . .

Select a static IP address for your SonicWALL app liance that is within
the range of your local subnet. If you are unsure, you can use the
default IP address (192.168.168.168).

Subnet Mask:

. . .

Record the subnet mask for the local subnet where you are installing
your SonicWALL appliance.

Ethernet WAN IP Address:
. . .

Select a static IP address for your Ethernet WAN. This setting only

applies if you are already using an ISP that assi gns a static IP address.

Admin Name:

Select an administrator account name.
(default is admin)

Admin Password:

Select an administrator password.
(default is password)

Page 4 Obtain Configuration Information

Obtain Internet Service Provider (ISP) Information

Record the following information about your current ISP:

ISP 1

Record the following information about your secondary ISP:

ISP 2 (Optional for Multiple WAN Failover)

If you connect
via

You likely
use

Please record

Cable modem,
DSL with a
router

DHCP No Internet connection information is

usually required, although some service

providers require a host name.
Host Name:

Home DSL PPPoE User Name:

Password:

Note: Your ISP may require your user name
in the format: name@ISP.com

T1/E1,
Static
broadband,
Cable or DSL
with a static IP

Static IP IP Address:

. . .
Subnet Mask: . . .
Default Gateway
(IP Address):

. . .
Primary DNS: . . .
Secondary DNS
(optional):

. . .

Dial-in to a
server

PPTP Server Address:

User Name:
Password:

If you connect
via

You likely
use

Please record

Cable modem,
DSL with a
router

DHCP Host Name:

Home DSL PPPoE User Name:

Password:

Note: Your ISP may require your user
name in the format: name@ISP.com

T1/E1,
Static
broadband,
Cable or DSL
with a static IP

Static IP IP Address:

. . .
Subnet Mask: . . .
Default Gateway
(IP Address):

. . .
Primary DNS: . . .
Secondary DNS
(optional):

. . .

Dial-in to a
server

PPTP Server Address:

User Name:
Password:

SonicWALL NSA 240 Getting Started Guide Page 5

Obtain WWAN Service Provider Information

Record the following information about your current WWAN service:

WWAN Service Provider

WWAN Account Information

Note: WWAN Account Information is automatically populated based on the chosen service provider and plan type. In most cases, if

you selected the correct service provider and plan type the WWAN account information does not have to be altered.

Country: Record the country where you purchased your WWAN card.
Service Provider: Record the service provider from whom you purchased your WWAN

card. This is the brand name of the card.

Plan Type: Record the plan type that you purchased from yo ur provider . If you are

unsure about this information, you may use Standard as the plan
type.

User Name/Password:

Some WWAN service providers require user speci fic information, such
as a login and password. If your service provider does, you will need to
provide such information during the setup process.

Page 6 Verify System Requirements

Verify System Requirements

Before you begin the setup process, verify that you have:

• An Internet connection

• A Web browser supporting Java Script and HTTP uploads

Accepted
Browser

Browser Version
Number

Internet
Explorer

6.0 or higher

Firefox 2.0 or higher

Netscape 9.0 or higher

Opera 9.10 or higher for

Windows

Safari 2.0 or higher for MacOS

SonicWALL NSA 240 Getting Started Guide Page 7

Preparing Your WWAN PC Card

In this Section:

This section provides instructions to set up your WWAN PC card for use in the SonicWALL NSA 240 appliance.

• WWAN PC Card Setup - page 8

• Installing PC Card Software - page 8

• Verifying Your Connection - page 9

Alert: DO NOT insert your PC card into the SonicWALL NSA 240 appliance until you have completed the setup process for

your card as described in this section.

2

Page 8 WWAN PC Card Setup

If your WWAN PC card is already registered and activated with
your service provider and you are able to access the Internet
through your PC using this card, you may skip this section and
continue to

Registering Your Appliance - page 11.

WWAN PC Card Setup

Complete the following steps to set up and provision your
WWAN PC card. Before continuing, verify that your WWAN PC
card and service provider are supported by the SonicWALL

NSA 240 appliance by visiting the SonicWALL website:

<http://www.sonicwall.com/us/tz190cards.html>

Alert: DO NOT insert your PC card into the computer until

you have completed the setup process for your card as
described in this section and successfully accessed
the Internet through your PC using the PC card.

If you are using a GSM-based WWAN service provider, you
may be required to remove the PIN protection from your SIM
chip before using it with the SonicWALL. Please contact your
WWAN service provider for more information on setup and PIN
removal procedures.

Installing PC Card Software

This section covers prerequisites necessary to set up most
WWAN PC cards to work with the NSA 240. Using an available
desktop or laptop PC with Type II PC card slot, complete the
following steps:

1. Install the software that came bundled with your WWAN
PC card before activating the card.

2. When prompted, insert the WWAN PC card into an
available Type II PC card slot on the Laptop or Desktop
PC you are using for card configuration.

3. Install updates to your WWAN PC card, if available.

4. Activate your PC card, if required.

SonicWALL NSA 240 Getting Started Guide Page 9

Verifying Your Connection

After the card has been set up on your PC, you can view your
connection type and verify that the WWAN PC card is
transferring data. In order for the connection testing to be valid,
it is important that you first disable all other network
connections, such as a WiFi or LAN connection, before
continuing. Leave only your PC card connection enabled.

1. Use the software that came with your WWAN PC card to
initialize a connection with your service provider.

2. In the Windows interface, select Start > Run.

3. Enter “cmd” in the Open field and click the OK button.

4. At the prompt, type the command “ipconfig” and press
Enter on the keyboard.

Note: The name of your Ethernet adaptor may differ from

the screenshot below. Common names for newly
acquired cards are “Local Area Connection 2” or “Local
Area Connection 3.”

5. Y our network device status will display. V erify that you have
obtained an IP Address for your Ethernet adaptor, and that
all other Local Area Network Connections display “Media
disconnected” as their status.

6. Open a Web browser and navigate to a Website, such as
<http://www.sonicwall.com>, to verify that your
connection can transfer data.

Congratulations! You have set up and provisioned your
WWAN PC card.

Page 10 WWAN PC Card Setup

SonicWALL NSA 240 Getting Started Guide Page 11

Registering Your Appliance

In this Section:

This section provides instructions for registering your SonicWALL NSA 240 appliance.

• Before You Register - page 12

• Creating a MySonicWALL Account - page 13

• Registering and Licensing Your Appliance on MySonicWALL - page 13

Note: Registration is an important part of the setup process and is necessary in order to receive the benefits of SonicWALL security

services, firmware updates, and technical support.

3

Page 12 Before You Register

Before You Register

You need a MySonicWALL account to register the SonicWALL
NSA appliance. You can create a new MySonicWALL account
on www.mysonicwall.com or directly from the SonicWALL
management interface. This section describes how to create an
account by using the Web site.

If you already have a MySonicWALL account, go to Registering

and Licensing Your Appliance on MySonicWALL

- page 13 to

register your appliance on MySonicWALL. You can also
postpone registration until after having set up the appliance.
Skip ahead to Deployment Scenarios - page 17 and register
your appliance directly from the management interface once
you reach Activating Licenses in SonicOS - page 40.

For a High Availability (HA) configuration, you must use
MySonicWALL to associate a backup unit that can share the
Security Services licenses with your primary SonicWALL.

If you do not yet have a MySonicWALL account, you can use
MySonicWALL to register your SonicWALL appliance and
activate or purchase licenses for Security Services, ViewPoint
Reporting and other services, support, or software before you
even connect your device. This method allows you to prepare
for your deployment before making any changes to your
existing network.

Note that your SonicWALL NSA appliance does not need to be
powered on during account creation or during the
MySonicWALL registration and licensing process.

Note: After registering a new SonicWALL appliance on

MySonicWALL, you must also register the appliance
from the SonicOS management interface. This allows
the unit to synchronize with the SonicWALL License
Server and to share licenses with the associated
appliance, if any. See

Activating Licenses in

SonicOS - page 40.

SonicWALL NSA 240 Getting Started Guide Page 13

Creating a MySonicWALL Account

To create a MySonicWALL account, perform the following steps:

1. In your browser, navigate to www.mysonicwall.com.

2. In the login screen, click the link If you are not a

registered user,

Click here.

3. Complete the Registration form and click Register.

4. Verify the information is correct and click Submit.

5. In the screen confirming that your account was created,
click Continue.

Registering and Licensing Your Appliance
on MySonicWALL

This section contains the following subsections:

• Product Registration

- page 13

• Licensing Security Services and Software - page 14

• Registering a Second Appliance as a Backup - page 16

Product Registration

You must register your SonicWALL security appliance on
MySonicWALL to enable full functionality.

1. Login to your MySonicWALL account. If you do not have an
account, you can create one at www.mysonicwall.com.

2. On the main page, type the appliance serial number in
the Register A Product field. Then click Next.

3. On the My Products page, under Add New Product,
type the friendly name for the appliance, select the
Product Group if any, type the authentication code into
the appropriate text boxes, and then click Register.

4. On the Product Survey page, fill in the requested
information and then click Continue.

Page 14 Registering and Licensing Your Appliance on MySonicWALL

Licensing Security Services and Software

The Service Management - Associated Products page in
MySonicWALL lists security services, support options, and
software, such as ViewPoint, that you can purchase or try with a
free trial. For details, click the Info button. Y our current licenses
are indicated in the Status column with either a license key or
an expiration date. Y ou can purchase additional services now or
at a later time.

The following products and services are available for the
SonicWALL NSA 240:

• Service Bundles:

• Client/Server Anti-Virus Suite

• Comprehensive Gateway Security Suite

• Gateway Services:

• Gateway Anti-Virus, Anti-Spyware,
Intrusion Prevention, Application Firewall

• Global Manag ement System

• Content Filtering: Premium Edition

• Stateful High Availability Upgrade

• Desktop and Server Software:

• Enforced Client Anti-Virus and Anti-Spyware

• Global VPN Client

• Global VPN Client Enterprise

•ViewPoint

• Support Services:

• Dynamic Support 8x5

• Dynamic Support 24x7

• Software and Firmware Updates

SonicWALL NSA 240 Getting Started Guide Page 15

To manage your licenses, perform the following tasks:

1. Navigate to the My Products page. Select the registered
product you want to manage. Your initial purchase may
have included security services or other software bundled
with the appliance. These licenses are enabled on
MySonicWALL when the SonicWALL appliance is delivered
to you.

2. If you purchased a service subscription or upgrade from a
sales representative separately, you will have an
Activation Key for the product. This key is emailed to you
after online purchases, or is on the front of the certificate
that was included with your purchase. Locate the product
on the Service Management page and click Enter Key in
that row.

3. In the Activate Service page, type or paste your key into the
Activation Key field and then click Submit. Depending on
the product, you will see an expiration date or a license key
string in the Status column when you return to the Service
Management page.

4. To license a product of service, do one of the following:

• To try a Free Trial of a service, click Try in the Service

Management page. A 30-day free trial is immediately
activated. The Status page displays relevant
information including the activation status, expiration
date, number of licenses, and links to installation
instructions or other documentation. The Service
Management page is also updated to show the status
of the free trial.

• To purchase a product or service, click Buy Now.

5. In the Buy Service page, type the number of licenses you
want in the Quantity column for either the 1-year, 2-year,
or 3-year license row and then click Add to Cart.

6. In the Checkout page, follow the instructions to complete
your purchase.

The MySonicWALL server will generate a license key for the
product. The key is added to the license keyset. You can use
the license keyset to manually apply all active licenses to your
SonicWALL appliance.

The service management screen will display the product you
licensed with an expiration date when activation is complete.

Page 16

Registering a Second Appliance as a Backup

To ensure that your network stays protected if your SonicWALL
appliance has an unexpected failure, you can purchase a
license to associate a second SonicWALL of the same model
as the first in a High Availability (HA) pair. After registering and
associating the second appliance, this appliance will
automatically share the Security Services licenses of the
primary appliance.

To register a second appliance and associate it with the
primary, perform the following steps:

1. Login to your MySonicWALL account.

2. On the main page, in the Register A Product field, type the
appliance serial number and then click Next.

3. On the My Products page, under Add New Product, type
the friendly name for the appliance, select the Product
Group if any, type the authentication code into the
appropriate text boxes, and then click Register.

4. On the Product Survey page, fill in the requested
information and then click Continue. The Create
Association Page is displayed.

5. On the Create Association Page, click the radio button to
select the primary unit for this association, and then click
Continue. The screen only displays units that are not
already associated with other appliances.

6. On the Service Management - Associated Products page,
scroll down to the Associated Products section to verify
that your product registered successfully. You should see
the HA Primary unit listed in the Parent Product section, as
well as a Status value of 0 in the Associated Products /
Child Product Type section.

7. Although the Stateful High Availability Upgrade and all the
Security Services licenses can be shared with the HA
Primary unit, you must purchase a separate ViewPoint
license for the backup unit. This will ensure that you do not
miss any reporting data in the event of a failover. Under
Desktop & Server Software, click Buy Now for ViewPoint.
Follow the instructions to complete the purchase.

To return to the Service Management - Associated Products
page, click the serial number link for this appliance.

For information on configuring an HA pair, see

Scenario B: HA

Pair in NAT/Route Mode section, on page 24

.

SonicWALL NSA 240 Getting Started Guide Page 17

Deployment Scenarios

In this Section:

This section provides detail e d overviews of advanced deployment scenarios as well as configuration instructions for connecting your
SonicWALL NSA 240.

• Insert the WWAN PC Card - page 18

• Selecting a Deployment Scenario - page 19

• Scenario A: NAT/Route Mode Gateway - page 20

• Scenario B: HA Pair in NAT/Route Mode - page 24

• Scenario C: L2 Bridge Mode - page 32

Tip: Before completing this section, fill out the information in Obtain Configuration Information - page 3. You will need to enter this

information during the Setup Wizard.

4

Page 18 Insert the WWAN PC Card

Insert the WWAN PC Card

Before inserting the WWAN PC card into your SonicWALL
NSA 240 appliance, be sure your WWAN PC card is activated
and unlocked. If you are not sure whether your card is unlocked
or not, contact the PC card vendor to verify.

Alert: Do not insert or remove the WWAN PC card while the

SonicWALL NSA 240 is powered on.

1. Ensure the SonicWALL NSA 240 is not connected to a
power source.

2. Insert your WWAN PC card “face up” into the PC CARD
slot on the left side of the SonicWALL NSA 240 appliance.
The card should sit firmly in place.

Applying Power

1. Connect the AC plug to the power supply.

2. Plug one end of the power supply to the back of the
SonicWALL NSA 240.

3. Connect the AC plug to an appropriate power outlet.

The Power LED on the front panel lights up blue when you plug in
the SonicWALL NSA. The Test LED will light up and may blink while
the appliance performs a series of diagnostic tests.

When the Power LEDs are lit and the Test LED is no longer lit, the
SonicWALL NSA 240 is ready for configuration. This typically occurs
within a few minutes of applying power to the appliance.

If the T est LED remains lit after the SonicWALL NSA appliance has been
booted, restart the appliance by cycling power.

link/act

10/100

signal
link/act

wan optWWAN

TZ 190

link/spd

M0

lan wan

X0 X1 X2 X3 X4 X5 X6 X7 X8

signal

link/act

activity

NSA 240

To AC power

356 Power

SonicWALL NSA 240 Getting Started Guide Page 19

Selecting a Deployment Scenario

Before continuing, select a deployment scenario that best fits your network scheme. Reference the table below and the diagrams on the
following pages for help in choosing a scenario.

Current Gateway Configuration New Gateway Configuration Use Scenario

No gateway appliance Single SonicWALL NSA as a primary gateway.

A - NAT/Route Mode Gateway

Pair of SonicWALL NSA appliances for high
availability.

B - NAT with HA Pair

Existing Internet gateway appliance SonicWALL NSA as replacement for an existing

gateway appliance.

A - NAT/Route Mode Gateway

SonicWALL NSA in addition to an existing
gateway appliance.

C - Layer 2 Bridge Mode

Existing SonicWALL gateway appliance SonicWALL NSA in addition to an existing

SonicWALL gateway appliance.

B - NAT with HA Pair

A

Internet

SonicWALL NSA

M0 X0X1 X2 X3 X4 X5 X6 X7 X8

NSA 240

WWAN

WAN

Internet

NAT/Route Mode Gateway

C

link/spd

M0 X0 X1 X2 X3 X4 X5 X6 X7 X8

activity

NSA 240

B

link/spd

M0 X0 X1 X2 X3 X4 X5 X6 X7 X8

activity

NSA 240

lan wan

NAT with HA Pair Layer 2 Bridge Mode

Page 20 Scenario A: NAT/Route Mode Gateway

Scenario A: NAT/Route Mode Gateway

In this scenario, the SonicWALL NSA 240 is configured in NAT/
Route mode to operate as a single network gateway. Two
Internet sources may be routed through the SonicWALL
appliance for load balancing and failover purposes. Because
only a single SonicWALL appliance is deployed, the added
benefits of high availability with a stateful synchronized pair are
not available.

A

Internet

SonicWALL NSA

M0 X0 X1 X2 X3 X4 X5 X6 X7 X8

NSA 240

WWAN

WAN

Internet

SonicWALL NSA 240 Getting Started Guide Page 21

Initial Setup

This section provides initial configuration instructions for
connecting your SonicWALL NSA 240. Follow these steps if you
are setting up Scenario A.

This section contains the following subsections:

• Applying Power - page 18

• Connecting the WAN Port - page 21

• Connecting the LAN Port - page 21

• Accessing the Management In terface - page 21

• Troubleshooting Initial Setup - page 22

• Connecting to Your Network - page 23

• Testing Your Connection - page 23

Connecting the WAN Port

1. Connect one end of an Ethernet cable to your Internet
connection.

2. Connect the other end of the cable to the X1 (WAN) port on
your SonicWALL NSA Series appliance.

Connecting the LAN Port

1. Connect one end of the provided Ethernet cable to the
computer you are using to manage the
SonicWALL NSA Series.

2. Connect the other end of the cable to the X0 port on your
SonicWALL NSA Series.

The Link LED above the X0 (LAN) port will light up in green
or amber depending on the link throughput speed,
indicating an active connection:

- Amber indicates 1 Gbps

- Green indicates 100 Mbps

- Unlit while the right (activity) LED is illuminated

indicates 10 Mbps

Accessing the Management Interface

The computer you use to manage the SonicWALL NSA Series
must be set up to have an unused IP address on the

192.168.168.x/24 subnet, such as 192.168.168.20.

To access the SonicOS Enhanced Web-based management
interface:

1. Start your W eb browser. Remember to disable pop-up
blocking software or add the management IP address
http://192.168.168.168 to your pop-up blocker’s allow list.

2. Enter http://192.168.168.168 (the default LAN
management IP address) in the Location or Address field.

SonicWALL NSA 240

Management

Station

X0

X1

Internet

link/spd

M0 X0

lanX1wan

X2 X3 X4 X5 X6

X7 X8

signal

link/act

activity

NSA 240

Page 22 Scenario A: NAT/Route Mode Gateway

3. The SonicWALL Setup Wizard launches and guides you
through the configuration and setup of your SonicWALL
NSA appliance.

The Setup Wizard launches only upon initial loading of the
SonicWALL NSA management interface. You may access

the wizard by clicking on the Wizards icon in the
toolbar.

4. Follow the on-screen prompts to complete the Setup
Wizard.

Depending on the changes made during your setup
configuration, the SonicWALL may restart.

Troubleshooting Initial Setup

If you cannot connect to the SonicWALL NSA appliance or the
Setup Wizard does not display, verify the following
configurations:

• Did you correctly enter the management IP address in your
Web browser?

• Are the Local Area Connectio n settings on your computer
set to use DHCP or set to a static IP address on the

192.168.168.x/24 subnet?

• Do you have the Ethernet cable connected to your
computer and to the X0 (LAN) port on your SonicWALL?

• Is the connector clip on your network cable properly seated
in the port of the security appliance?

Note: Some pop-up blockers may prevent the launch of the

Setup Wizard. You can temporarily disable your pop-up
blocker, or add the management IP address of your
SonicWALL (192.168.168.168 by default) to your pop­up blocker's allow list.