SonicWALL Network Security Appliances
NETWORK SECURITY
NSA 2400MX
Getting Started Guide
SonicWALL NSA 2400MX
123
4
Getting Started Guide
This Getting Started Guide provides instructions for basic installation
and configuration of the SonicWALL Network Security Appliance
(NSA) 2400MX running SonicOS Enhanced.
Setup
Step Procedure Est. Time
Pre-Configuration Tasks - page 1
Registering Your Appliance - page 5
Deployment Scenarios - page 13
Enabling Essential Security Services - page 23
Additional Configuration and Information
Support and Training Options - page 29
Product Safety and Regulatory Information - page 37
SonicWALL NSA 2400MX Getting Started Guide Page i
SonicWALL NSA 2400MX Front Panel
2400MX
CLI Port
For connection to SonicOS command
line interface
USB Ports
For use with SonicWALL approved modules
WAN Port (X1)
Provides WAN connectivity
Provides dedicated LAN/WAN port status as follows:
M0
M1
ALARM
TEST
POWER
Status Lights
10/100/1000 Ethernet (X18-X25)
10/100 Ethernet (X2-X17)
Provide 10/100 Ethernet connectivity
Provide 10/100/1000 Ethernet connectivity
LAN Port (X0)
Provides LAN connectivity
module 0 is inserted
module 1 is inserted
minor/major alarm*
firmware loading/booting/safemode*
unit is powered on
*Refer to The SonicOS LED Reference Guide
for more information on ALARM and TEST lights
Page ii SonicWALL NSA 2400MX Front Panel
SonicWALL NSA 2400MX Rear Panel
PML
I
o
M1 / M0 Expansion Bays
Expansion bays for additional SonicWALL
modular accessories
On (I) and Off (o) power switch for the
SonicWALL appliance
AC power connection for use with
the supplied power cable
AC Power Supply
Power Switch
SonicWALL NSA 2400MX Getting Started Guide Page iii
Page iv SonicWALL NSA 2400MX Front Panel
Pre-Configuration Tasks
1
In this Section:
This section provides pre-configuration information. Review this section before setting up your SonicWALL NSA 2400MX appliance.
• Checking NSA 2400MX Package Contents - page 2
• Obtaining Config uration Information - page 3
• Verifying System Requirements - page 4
SonicWALL NSA 2400MX Getting Started Guide Page 1
Checking NSA 2400MX Package Contents
Any Items Missing?
If any items are missing from your package,
please contact SonicW ALL support.
A listing of the most current support documents are available online
at: <http://www.sonicwall.com/us/support.html>
*The pictured power cord is intended for use in North America only.
(x6)
(x2)
*
2400MX
Network Security Appliance
Before setting up your SonicWALL NSA appliance, verify that your
package contains the following parts:
• NSA 2400MX Appliance
• Ethernet Cable
• DB9 -> RJ45 (CLI) Cable
• Rack Mounting Kit
• Standard Power Cord*
• Getting Started Guide
Page 2 Checking NSA 2400MX Package Contents
Obtaining Configuration Information
Record and keep for future reference:
Registration Information
Serial Number:
Authentication Code:
Networking Information
LAN IP Address:
. . .
Subnet Mask:
. . .
Ethernet WAN IP Address:
. . .
Administrator Information
Admin Name:
Admin Password:
Record the serial number found on
the bottom panel of your
SonicWALL appliance.
Record the authentication code
found on the bottom panel of your
SonicWALL appliance.
Select a static IP address for your
SonicWALL appliance that is within
the range of your local subnet. If
you are unsure, you can use the
default IP address
(192.168.168.168).
Record the subnet mask for the
local subnet where you are
installing your SonicWALL
appliance.
Select a static IP address for your
Ethernet WAN. This setting only
applies if you are already using an
ISP that assigns a static IP address.
Select an administrator account
name. (default is admin)
Select an administrator password.
(default is password)
Internet Service Provider (ISP) Information
Record the following information about your current Internet service:
If you connect
Please record
using
DHCP No information is usually required , although some
providers may require a host name.
Static IP
Host name:
IP Address:
. . .
Subnet Mask: . . .
Default Gateway: . . .
Primary DNS: . . .
DNS 2 (optional): . . .
DNS 3 (optional): . . .
Note: If you are not using one of the network configurations above,
refer to <http://www.sonicwall.com/us/support.html>.
SonicWALL NSA 2400MX Getting Started Guide Page 3
Verifying System Requirements
Before you begin the setup process, verify that you have:
• An Internet connection
• A Web browser supporting Java Script and HTTP uploads.
Supported browsers include the following:
Accepted
Browser
Internet
Explorer
Firefox 3.0 or higher
Opera 9.10 or higher for
Chrome 4.0 or higher
Safari 3.0 or higher for MacOS
Page 4 Verifying System Requirements
Browser Version
Number
6.0 or higher
Windows
Registering Your Appliance
2
In this Section:
This section provides instructions for registering your SonicWALL NSA 2400MX appliance.
• Creating a MySonicWALL Account - page 6
• Registering and Licensing Your Appliance - page6
• Upgrading Firmware on Your SonicWALL - page 9
Note: Registration is an important part of the setup process and is necessary to receive the benefits of SonicWALL security services,
firmware updates, and technical support.
SonicWALL NSA 2400MX Getting Started Guide Page 5
Creating a MySonicWALL Account
Registering and Licensing Your Appliance
If you already have a MySonicWALL account, skip to the
Registering and Licensing Your Appliance section. Otherwise,
perform the following steps to create an account:
1. In your browser, navigate to www.mysonicwall.com.
2. In the login screen, click the Not a registered user link.
3. Complete the Registration form and click Register.
4. Verify the information is correct and click Submit.
5. In the screen confirming that your account was created,
click Continue.
This section contains the following subsections:
• Product Registration - page 6
• Licensing Security Services and Software - page 7
• Verifying Bu nd l ed Services - page 7
• Activating Pre-Purchased Services - page 8
• Purchasing a New Service - page 8
Product Registration
You must register your SonicWALL security appliance on
MySonicWALL to enable full functionality.
1. Login to your MySonicWALL account. If you do not have an
account, you can create one at www.mysonicwall.com.
2. On the main page, type the appliance serial number in
the Register A Product field. Then click Ne xt.
3. On the My Products page, under Add New Product,
type the friendly name for the appliance, select the
Product Group if any, type the authentication code into
the appropriate text boxes, and then click Regis ter.
4. On the Product Survey page, fill in the requested
information and then click Continue.
Page 6 Creating a MySonicWALL Account
Licensing Security Services and Software
The Service Management - Associated Products page in
MySonicWALL lists security services, support options, and
software, such as ViewPoint, that you can purchase or try with a
free trial. For details, click the Info button. Your current licenses
are indicated in the Status column with either a license key or
an expiration date. Y ou can purchase additional services now or
at a later time.
The following list highlights several products and services that
are available for the SonicWALL NSA 2400MX:
• Service Bundles:
• Client/Server Anti-Virus Suite
• Comprehensive Gateway Security Suite
• Gateway Services:
• Gateway Anti-Virus, Anti-Spyware,
Intrusion Prevention, Application Firewall
• Global Management System
• Content Filtering: Premium Edition
• Comprehensive Anti-Spam
• VPN Upgrade
• Desktop and Server Software:
• Enforced Client Anti-Virus and Anti-Spyware
• Global VPN Client
• Global VPN Client Enterprise
•ViewPoint
• SSL VPN
• Support Services:
• Dynamic Support 8x5
• Dynamic Support 24x7
• Software and Firmware Updates
• Hardware Warranty
Verifying Bundled Services
If your initial purchase included security services or other
software bundled with the appliance, these licenses are
enabled on MySonicWALL when the SonicWALL appliance is
delivered to you and reflected in the Service Management page
on MySonicWALL.
SonicWALL NSA 2400MX Getting Started Guide Page 7
Activating Pre-Purchased Services
Purchasing a New Service
To manage your licenses, perform the following tasks:
1. Navigate to the My Products page and click the registered
product you want to manage.
2. If you purchase a service subscription or upgrade from a
sales representative separately, you will receive an
Activation Key for the product. This key is emailed to you
after online purchases, or is on the front of the certificate
that was included with your purchase. Locate the product
on the Service Management page and click Enter Key in
that row.
3. In the Activate Service page, type or paste your key into
the Activation Key field and then click Submit. Depending
on the product, you will see an expiration date or a license
key string in the Status column when you return to the
Service Management page.
To license a 30-day trial for a service:
1. Click Try in the Service Management page. A 30-day free
trial is immediately activated.
2. Review the status page, which should display relevant
information including the acti vation status, expiration date,
number of licenses, and links to installation instructions or
other documentation.
To purchase a full license for a service:
1. Click Buy Now.
2. In the Buy Service page, type the number of licenses you
want in the Quantity column for either the 1-year, 2-year,
or 3-year license row and then click Add to Cart.
3. In the Checkout page, follow the instructions to complete
your purchase.
The MySonicWALL server will generate a license key for the
product. The key is added to the license keyset. You can use
the license keyset to manually apply all active licenses to your
SonicWALL appliance.
The service management screen will display the product you
licensed with an expiration date when activation is complete.
Page 8 Registering and Licensing Your Appliance
Upgrading Firmware on Your SonicWALL
Although your SonicWALL ships with the most current firmware
available at the time of manufacture, firmware upgrades that
provide new features and functionality updates are always
available through MySonicWALL.
This section provides instructions to upgrade your firmware to
the latest version of SonicOS:
• Obtaining the Latest Firmware - page 9
• Saving a Backup Copy of Your Preferences - page 9
• Upgrading the Firmware with Current Settings - page 10
• Using SafeMode to Upgrade Firmware - page 10
Obtaining the Latest Firmware
1. To obtain a new SonicOS Enhanced firmware image file for
your SonicWALL security appliance, connect to your
MySonicWALL account at:
<http://www.mysonicwall.com>
2. Copy the new SonicOS Enhanced image file to a
convenient location on your management station.
Saving a Backup Copy of Your Preferences
Before beginning the update process, make a system backup of
your SonicWALL security appliance configuration settings. The
backup feature saves a copy of the current configuration
settings on your SonicWALL security appliance, protecting your
existing settings in the event that it becomes necessary to
return to a previous configuration state. The System Backup
shows you the current configuration and firmware in a single,
clickable restore image.
In addition to using the backup feature to save your current
configuration state to the SonicWALL security appliance, you
can export the configuration preferences file to a directory on
your local management station. This file serves as an external
backup of the configuration preferences, and can be imported
back into the SonicWALL security appliance.
Perform the following procedures to save a backup of your
configuration settings and export them to a file on your local
management station:
1. On the System > Settings page, click Create Backup.
Your configuration preferences are saved. The System
Backup entry is displayed in the Firmware Management
table.
2. T o export your settings to a local file, click Export Settings.
A popup window displays the name of the saved file.
SonicWALL NSA 2400MX Getting Started Guide Page 9
Upgrading the Firmware with Current Settings
Using SafeMode to Upgrade Firmware
Perform the following steps to upload new firmware to your
SonicWALL appliance and use your current configuration
settings upon startup.
1. Download the SonicOS Enhanced firmware image file from
MySonicWALL and save it to a location on your local
computer.
2. On the System > Settings page, click Upload New
Firmware.
3. Browse to the location where you saved the SonicOS
Enhanced firmware image file, select the file and click the
Upload button.
4. On the System > Settings page, click the Boot icon in the
row for Uploaded Firmware.
Note: On the System > Settings page, click the Boot icon in
the row for Uploaded Firmware with Factory Default
Settings.
5. In the confirmation dialog box, click OK. The SonicWALL
restarts and then displays the login page.
6. Enter your user name and password. Your new SonicOS
Enhanced image version information is listed on the
System > Settings page.
If you are unable to connect to the SonicWALL security
appliance’s management interface, you can restart the
SonicWALL security appliance in SafeMode. The SafeMode
feature allows you to recover quickly from uncertain
configuration states with a simplified management interface that
includes the same settings available on the System > Settings
page.
To use SafeMode to upgrade firmware on the SonicWALL
security appliance, perform the following steps:
1. Connect your computer to the X0 port on the SonicWALL
appliance and configure your IP address with an address
on the 192.168.168.0/24 subnet, such as 192.168.168.20.
2. To configure the appliance in SafeMode, perform one of
the following:
• Use a narrow, straight object, such as a straightened
paper clip or a toothpick, to press and hold the reset
button on the back of the security appliance for
30-seconds. The reset button is in a small hole next to
the power supply.
• The Test light starts blinking when the SonicWALL
security appliance has rebooted into SafeMode.
Page 10 Upgrading Firmware on Your SonicWALL
3. Point the Web browser on your computer to
192.168.168.168. The SafeMode management interface
displays.
4. If you have made any configuration changes to the security
appliance, select the Create Backup On Next Boot
checkbox to make a backup copy of your current settings.
Your settings will be saved when the appliance restarts.
5. Click Upload New Firmware, and then browse to the
location where you saved the SonicOS Enhanced firmware
image, select the file and click the Upload button.
6. Select the boot icon in the row for one of the following:
• Uploaded Firmware - New!
Use this option to restart the appliance with your
current configuration settings.
• Uploaded Firmware with Factory Defaults - New!
Use this option to restart the appliance with default
configuration settings.
7. In the confirmation dialog box, click OK to proceed.
8. After successfully booting the firmware, the login screen is
displayed. If you booted with factory default settings, enter
the default user name and password (admin / password) to
access the SonicWALL management interface.
Note: Remember to change your IP address settings back to
DHCP. Otherwise, you may not be able to connect to
the Internet.
SonicWALL NSA 2400MX Getting Started Guide Page 11
Page 12
Deployment Scenarios
3
In this Section:
This section provides detaile d overviews of advanced deployment scenarios as well as configuration instructions for connecting your
SonicWALL NSA 2400MX.
• Initializing the SonicWALL - page 14
• Choose a Deployment Scenario - page 15
• Setup for NAT / Route Mode Gateway - page 16
• Setup for Layer 2 Bridge Mode - page 18
• Verifying WAN (Internet) Connectivity - page 21
Tip: Before completing this section, fill out the information in Obtaining Configuration Information - page 3. You will need to enter this
information during the Setup Wizard.
SonicWALL NSA 2400MX Getting Started Guide Page 13
Initializing the SonicWALL
2400MX
Network Security Appliance
SonicWALL NSA 2400MX
Internet
Management
Station
X0 (LAN)
X1 (WAN)
To begin deployment of your SonicWALL:
1. Connect the SonicWALL appliance to an AC power source.
The Power LED on the front panel lights up blue when you
plug in the SonicWALL NSA. The Test LED will light up and
may blink while the appliance performs a series of
diagnostic tests.
When the Power LED is lit and the T est LED is no longer lit,
the SonicWALL NSA 2400MX is ready for configuration.
This typically occurs within a few minutes of applying
power to the appliance.
Note: If the Test LED remains lit after the SonicWALL NSA
appliance has been booted, restart the appliance by
cycling power.
2. Using standard CAT-5 or better Ethernet cable, connect
your Internet connection (switch/router/modem) to the X1
(WAN) port on your SonicWALL NSA Series appliance.
3. Connect one end of the provided Ethernet cable to the
computer you are using to manage the SonicWALL NSA
appliance.
4. Connect the other end of the cable to the X0 (LAN) port on
your SonicWALL NSA appliance.
The Link LED above the X0 (LAN) port will light up in green
or amber depending on the link throughput speed,
indicating an active connection:
- Amber indicates 1 Gbps
- Green indicates 100 Mbps
- Unlit while the right (activity) LED is illuminated
indicates 10 Mbps
Page 14 Initializing the SonicWALL
Choose a Deployment Scenario
NAT/Route Mode Gateway
LAN 2
LAN 1 DMZ
2400MX
Secure Remote Access
EX5000
SRA
Local Clients
SSL-VPN Appliance
Web Server
NSA 2400MX
Local Data and Resources
LAN 2
LAN 1 DMZ
EX5000
SRA
Web Server
Layer 2 Bridge Mode
Internet
2400MX
Network Security Appliance
NSA 2400MX
Third Party Gateway
This Getting Started Guide contains two deployment scenarios.
Select your scenario from one of the following:
NAT/Route Mode Gateway
Layer 2 Bridge Mode
For installations with a single SonicWALL NSA 2400MX,
configured as an Internet or network gate wa y.
To complete setup for this scenario, turn to:
Setup for NAT / Route Mode Gateway section, on page16
For installations where the SonicWALL NSA 2400MX is
running in tandem with an existing network gateway.
To complete setup for this scenario, turn to:
Setup for Layer 2 Bridge Mode section, on page 18
SonicWALL NSA 2400MX Getting Started Guide Page 15
Setup for NAT / Route Mode Gateway
For installations with a single SonicWALL NSA 2400MX,
configured as an Internet or network gate wa y.
In this scenario, the SonicWALL NSA 2400MX is configured in
NAT/Route mode to operate as a single network gateway. Two
Internet sources may be routed through the SonicWALL
appliance for load balancing and failover purposes.
This section provides initial configuration instructions for
connecting your SonicWALL NSA 2400MX. Follow these steps
if you are setting up your SonicWALL in NAT/Route Mode.
This section contains the following subsections:
• Accessing the Management Interface - page 16
• Troubleshooting Initial Setup - page 17
• Connecting to Your Network - page 17
Accessing the Management Interface
The computer you use to manage the SonicWALL NSA Series
must be set up to have an unused IP address on the
192.168.168.x/24 subnet, such as 192.168.168.20.
To access the SonicOS Web-based management interface:
1. Start your W eb browser. Remember to disable pop-up
blocking software or add the management IP address
http://192.168.168.168 to your pop-up blocker’s allow list.
2. Enter http://192.168.168.168 (the default LAN
management IP address) in the Location or Address field.
3. The SonicWALL Setup Wizard launches and guides you
through the configuration and setup of your SonicWALL
NSA appliance.
The Setup Wizard launches only upon initial loading of the
SonicWALL NSA management interface.
Note: You may also access the wizard by clicking on the
Wizards icon in the toolbar.
4. Follow the on-screen prompts to complete the Setup
Wizard.
Depending on the changes made during your setup
configuration, the SonicWALL may restart.
Page 16 Setup for NAT / Route Mode Gateway
Troubleshooting Initial Setup
Internet or
NSA 2400MX
X22-X25X18-X21
X1 (WAN)
1st Floor LAN
Wireless (WLAN)
2nd Floor LAN
E7500
E7500
E7500
E7500
E7500
E7500
E7500
Local Wireless Clients
Exec
VLAN
Eng
VLAN
QA Lab
VLAN
DMZ
VLAN
Mrktg
VLAN
2400MX
Network Security Appliance
If you cannot connect to the SonicWALL NSA appliance or the
Setup Wizard does not display, verify the following
configurations:
• Did you correctly enter the management IP address in your
Web browser?
• Are the Local Area Connection settings on your computer
set to use DHCP or set to a static IP address on the
192.168.168.x/24 subnet?
• Do you have the Ethernet cable connected to your
computer and to the X0 (LAN) port on your SonicWALL?
• Is the connector clip on your network cable properly seated
in the port of the security appliance?
Note: Some pop-up blockers may prevent the launch of the
Setup Wizard. You can temporarily disable your pop-up
blocker, or add the management IP address of your
SonicWALL (192.168.168.168 by default) to your popup blocker's allow list.
Connecting to Your Network
Ports X0 and X1 are preconfigured as LAN and WAN,
respectively. The remaining ports can be configured to meet the
needs of your network:
• X2-X17 - 10/100 Fully Configurable Ethernet
• X18-X25 - 10/100/1000 Fully Configurable Gigabit Ethernet
A simplified example below shows zones configured with
multiple VLANs including:
X1: WAN Zone
X2-X5: WLAN Zone
X18-X21: 1st Floor LAN Clients (QA Lab, DMZ)
X22-X25: 2nd Floor LAN Clients (Exec, Eng, Mrktg)
Several ports are configured with VLANs so that multiple zone
types may be used across each interface.
Next... Continue to Verifying WAN (Internet) Connectivity -
page 21.
SonicWALL NSA 2400MX Getting Started Guide Page 17
Setup for Layer 2 Bridge Mode
For installations where the SonicWALL NSA 2400MX is
running in tandem with an existing network gateway.
L2 Bridge Mode employs a secure learning bridge architecture,
enabling it to pass and inspect traffic types that cannot be
handled by other methods of transparent security appliance
integration. Using L2 Bridge Mode, a SonicWALL security
appliance can be non-disruptively added to any Ethernet
network to provide in-line deep packet inspection for all TCP
and UDP traffic types, including IEEE 802.1Q VLANs, Spanning
Tree Protocol, multicast, broadcast, and IPv6.
This section provides instructions to configure the SonicWALL
NSA appliance in tandem with an existing Internet gateway
device. This section is relevant to users following an L2 Bridge
Mode deployment only.
Accessing the Management Interface
The computer you use to manage the SonicWALL NSA Series
must be set up to have an unused IP address on the
192.168.168.x/24 subnet, such as 192.168.168.20.
To access the SonicOS Web-based management interface:
1. Start your Web browser. Remember to disable pop-up
blocking software or add the management IP address
http://192.168.168.168 to your pop-up blocker’s allow list.
2. Enter http://192.168.168.168 (the default LAN
management IP address) in the Location or Address field.
3. The SonicWALL Setup Wizard launches and guides you
through the initial configuration and setup of your
SonicWALL NSA appliance.
The Setup Wizard launches only upon initial loading of the
SonicWALL NSA management interface.
This section contains the following subsections:
• Accessing the Management Interface - page 18
• Connection Overview - page 19
• Configuring the Primary Bridge Interface - page 19
• Configuring the Secondary Bridge Interface - page 20
Page 18 Setup for Layer 2 Bridge Mode
Note: You may also access the wizard by clicking on the
Wizards icon in the toolbar.
4. Follow the on-screen prompts to complete the Setup
Wizard.
Depending on the changes made during your setup
configuration, the SonicWALL may restart.
Connection Overview
X22-X25X18-X21
Internet or
LAN 2
2400MX
NSA 2400MX
L2 Bridge
Link
Network Gateway
1st Floor LAN
Wireless (WLAN)
2nd Floor LAN
E7500
E7500
E7500
E7500
E7500
E7500
E7500
Network Security Appliance
Local Wireless Clients
Exec
VLAN
Eng
VLAN
QA Lab
VLAN
DMZ
VLAN
Mrktg
VLAN
SonicPoint N
Connect the X1 port on your SonicWALL NSA 2400MX to the LAN port on your existing Internet gateway device. Then connect the X0 port on your SonicWALL to your LAN.
Configuring the Primary Bridge Interface
The primary bridge interface is your existing Internet gateway
device. The only step involved in setting up your primary bridge
interface is to ensure that the WAN interface is configured for a
static IP address. You will need this static IP address when
configuring the SonicWALL as a secondary bridge device.
Note: The primary bridge interface must have a static IP
assignment.
SonicWALL NSA 2400MX Getting Started Guide Page 19
Configuring the Secondary Bridge Interface
Complete the following steps to configure the X0 interface on
the SonicWALL appliance as a secondary bridged interface:
1. Navigate to Network > DHCP Server
2. In the DHCP Server Lease Scopes section, uncheck the
Enable checkbox for the X0 interface DHCP scope.
Note: It is necessary to disable the DHCP server on the X0
interface, as manual IP addressing is used in L2 bridge
mode. If you are using a port other than X0 for your
bridged port, ensure that DHCP leases are disabled on
this port.
6. In the IP Assignment drop-down list, select Layer 2
Bridge Mode.
7. In the Bridged to drop-down list, select the X1 interface.
Note: Do not enable Never route traffic on the bridge-pair
unless your network topology requires that all packets
remain on the L2 Bridge segments.
3. Click the Accept button.
4. Navigate to Network > Interfaces.
5. Click the Configure icon in the right column of the X0 (LAN)
interface.
Page 20 Setup for Layer 2 Bridge Mode
8. Configure management options (HTTP, HTTPS, Ping,
SNMP, SSH, User logins, or HTTP redirects).
9. Click OK.
Next... Continue to Verifying WAN (Internet) Connectivity -
page 21.
Verifying WAN (Internet) Connectivity
To confirm connectivity to gateway, DNS, and other servers:
1. In the SonicOS interface, navigate to the
System > Diagnostics page.
2. From the Diagnostic Tool list, select Check Network
Settings.
3. Select the servers you wish to test, or select all.
4. Click the Test All Selected button to test connectivity to
these servers.
Note: Services which are not licensed on your installation will
show up as “failed” in the connectivity test.
SonicWALL NSA 2400MX Getting Started Guide Page 21
Page 22 Verifying WAN (Internet) Connectivity
Enabling Essential Security Services
4
In this Section:
Security services are an essential component of a secure network deployment. This section provides instructions for enabling security
services on your SonicWALL NSA 2400MX appliance.
• Activating Licenses in SonicOS - page 24
• Configuring Security Services - page 24
• Enforcing Security Services on Network Zones - page 28
• Security Service Dashboard - page 28
SonicWALL NSA 2400MX Getting Started Guide Page 23
Activating Licenses in SonicOS
After completing the registration process in SonicOS, you must
perform the following tasks to activate your licenses and enable
your licensed services from within the SonicOS user interface:
• Activate licenses
• Enable security services
• Apply services to network zones
To activate licensed services in SonicOS, you can enter the
license keyset manually, or you can synchronize all licenses at
once with MySonicWALL.
The Setup Wizard automatically synchronizes all licenses with
MySonicWALL if the appliance has Internet access during initial
setup. If initial setup is already complete, you can synchronize
licenses from the System > Licenses page.
Manual upgrade using the license keyset is useful when your
appliance is not connected to the Internet. The license keyset
includes all license keys for services or software enabled on
MySonicWALL. It is available on <http://www.sonicwall.com> at
the top of the Service Management page for your SonicWALL
NSA appliance.
To activate licenses in SonicOS:
1. Navigate to the System > Licenses page.
2. Under Manage Security Services Online do one of the
following:
• Enter your MySonicWALL credentials, then click the
Synchronize button to synchronize licenses with
MySonicWALL.
• Paste the license keyset into the Manual Upgrade
Keyset field.
3. Click Submit.
Configuring Security Services
SonicWALL security services are key components of threat
management in SonicOS. The core security services are
Gateway Anti-Virus, Intrusion Prevention Services, and AntiSpyware.
You must enable each security service individually in the
SonicOS user interface.
Enable and configure applicable security services:
• Enabling Gateway Anti-Virus - page 25
• Enabling Intrusion Prevention Services - page 25
• Enabling Anti-Spyware - page 26
• Enabling Comprehensive Anti-Spam Service - page26
• Enabling Content Filtering Service - page 27
Page 24 Activating Licenses in SonicOS
Enabling Gateway Anti-Virus
Enabling Intrusion Prevention Services
To enable Gateway Anti-Virus in SonicOS:
1. Navigate to Security Services > Gateway Anti-Virus.
2. Select the Enable Gateway Anti-Virus checkbox.
3. Choose to Enable Inbound Inspection and Enable
Outbound Inspection on the desired protocols.
4. Click the Accept button.
To enable Intrusion Prevention Services in SonicOS:
1. Navigate to Security Services > Intrusion Prevention.
2. Select the Enable Intrusion Prevention checkbox.
3. In the Signature Groups table, select the Prevent All and
Detect All checkboxes for each attack priority that you
want to prevent. Selecting the Prevent All and Detect All
check boxes for High Priority Attacks and Medium
Priority Attacks protects your network against the most
dangerous and disruptive attacks.
4. Click the Accept button.
SonicWALL NSA 2400MX Getting Started Guide Page 25
Enabling Anti-Spyware
Enabling Comprehensive Anti-Spam Service
To enable Anti-Spyware in SonicOS:
1. Navigate to the Security Services > Anti-Spyware page.
2. Select the Enable Anti-Spyware checkbox.
3. Select the Prevent All and Detect All checkboxes for each
spyware danger level that you want to prevent.
4. Select the inbound Protocols you wish to inspect.
5. Select the Enable Inspection of Outbound Spyware
Communication checkbox to enforce signature inspection
on outbound traffic.
6. Click the Accept button.
To enable Anti-Spam in SonicOS:
1. Navigate to the Anti-Spam > Settings page.
Note: If the service is not registered yet, click the SonicWALL
Comprehensive Anti-Spam Service Trial link or register
the service on MySonicWALL.
2. Select the Enable Anti-Spam Service checkbox.
3. Email System Detection will attempt to configure your
service automatically. Alternatively, you may scroll down to
configure Advanced Options, including service probes
and your mail server address and port.
4. Click the Accept button to complete the setup process.
Page 26 Configuring Security Services
Enabling Content Filtering Service
Content Filtering Service (CFS) Bypass for Administrators
The Do not bypass CFS blocking for the administrator
checkbox controls content filtering for administrators. By
default, when the administrator (“admin” user) is logged into the
SonicOS management interface from a system, CFS blocking is
suspended for that system’s IP address for the duration of the
authenticated session. If you prefer to provide content filtering
and apply CFS policies to the IP address of the administrator’s
system, perform the following steps:
1. Select the Do not bypass CFS blocking for the
Administrator checkbo x.
2. Click Accept.
Enabling and Adding to the CFS Exclusion List
To enable the CFS Exclusion List and add a range of IP
addresses to it, perform the following steps:
1. Select the Enable CFS Exclusion List checkbox.
2. Click Add. The Add CFS Range Entry window is
displayed.
3. Enter the first IP address in the excluded range into the IP
Address From: field and the last address into the IP
Address To: field.
4. Click OK. The IP address range is added to the CFS
Exclusion List.
5. On the Security Services > Content Filter page, click
Accept.
Disabling, Editing, or Deleting Addresses from the CFS
Exclusion List
You can temporarily disable CFS exclusions without removing
all entries from the list. You can also delete some or all IP
address ranges from the CFS Exclusion List.
1. To keep the CFS Exclusion List entries, but temporarily
allow content filtering policies to be applied to these IP
addresses, uncheck the Enable CFS Exclusion List
checkbox. This disables CFS exclusions.
2. To edit a trusted domain entry, click the pencil icon in the
Configure column.
3. To delete an individual trusted domain from the CFS
Exclusion List, click the Delete icon for the entry in the
Configure column.
4. To delete all trusted domains from the CFS Exclusion List,
click Delete All.
5. On the Security Services > Content Filter page, click
Accept.
SonicWALL NSA 2400MX Getting Started Guide Page 27
Enforcing Security Services on Network Zones
A network zone is a logical group of one or more interfaces to
which you can apply security rules to regulate traffic passing
from one zone to another zone.
Security services such as Gateway Anti-Virus are automatically
applied to the LAN and WAN network zones. To protect other
zones such as the DMZ or Wireless LAN (WLAN), you must
apply the security services to the network zones. For example,
you can configure SonicWALL Intrusion Prevention Service for
incoming and outgoing traffic on the WLAN zone to add more
security for internal network traffic.
To apply services to network zones:
1. Navigate to the Network > Zones page.
2. In the Zone Settings table, click the Configure icon for the
zone where you want to apply security services.
3. In the Edit Zone dialog box on the General tab, select the
checkboxes for the security services to enable on this
zone.
4. Click OK.
5. To enable security services on other zones, repeat steps 2
through step 4 for each zone.
Security Service Dashboard
The SonicOS Security Dashboard displays local and global
statistics on blocked threats. The Security Dashboard is
accessable from the System > Security Dashboard page in
the SonicOS management interface.
Page 28 Enforcing Security Services on Network Zones
Support and Training Options
In this Section:
This section provides overviews of customer support and training options for the SonicWALL NSA 2400MX.
• Customer Support - page 30
• Knowledge Base - page 30
• SonicWALL Live Product Demos - page 31
• User Forums - page 32
• Training - page 33
• Related Documentation - page 34
• SonicWALL Secure Wireless Network Integrated Solutions Guide - page 35
SonicWALL NSA 2400MX Getting Started Guide Page 29
Customer Support
Knowledge Base
For answers to all your support questions visit the SonicWALL
support Web site at <http://www.sonicwall.com/us/
Support.html> where you will find featured support topics,
tutorials, and more. If you need further assistance, SonicWALL
offers telephone, email, and Web-based support to customers
with valid Warranty Support or a purchased support contract.
Please review our Warranty Support Policy for product
coverage.
The Knowledge Base allows users to search for SonicWALL
documents based on the following types of search tools:
•Browse
• Search for keywords
• Full-text search
For further information, navigate to the Support > Knowledge
Base page at:
<http://www.mysonicwall.com/>
Page 30 Customer Support
SonicWALL Live Product Demos
Get the most out of your appliance with the complete line of
SonicWALL products. The SonicWALL Live Demo Site provides
free test drives of SonicWALL security products and services
through interactive live product installations:
• Unified Threat Management Platform
• Secure Cellular Wireless
• Continuous Data Protection
• SSL VPN Secure Remote Access
• Content Filtering
• Secure Wireless Solutions
• Email Security
• SonicWALL GMS and ViewPoint
For further information, visit:
<http://livedemo.sonicwall.com/>
SonicWALL NSA 2400MX Getting Started Guide Page 31
User Forums
The SonicWALL User Forums is a resource that provides users
the ability to communicate and discuss a variety of security and
appliance subject matters. In this forum, the following
categories are available for users:
• Content Security Manager topics
• Continuous Data Protection topics
• Email Security topics
• Firewall topics
• Network Anti-Virus topics
• Security Services and Content Filtering topics
• SonicWALL GMS and Viewpoint topics
• SonicPoint and Wireless topics
• SSL VPN topics
• NSA 2400MX / Wireless WAN - 3G Capability topics
• VPN Client topics
• VPN site-to-site and interoperability topics
For further information, visit:
<https://forum.sonicwall.com/>
Page 32 User Forums
Training
SonicWALL offers an extensive sales and technical training
curriculum for Network Administrators, Security Experts and
SonicWALL Medallion Partners who need to enhance their
knowledge and maximize their investment in SonicWALL
Products and Security Applications. SonicWALL Training
provides the following resources for its customers:
• E-Training
• Instructor-Led Training
• Custom Training
• Technical Certification
• Authorized Training Partners
For further information, visit:
<http://www.sonicwall.com/us/support/training.html>
SonicWALL NSA 2400MX Getting Started Guide Page 33
Related Documentation
See the following related documents for more information:
• SonicOS Enhanced Administrator’s Guide
• SonicOS Enhanced Release Notes
• SonicOS Enhanced Feature Modules
• Application Firewall
• Dashboard
• HA License Sync
• Multiple Admin
• NAT Load Balancing
• Packet Capture
• Radio Frequency Monitoring
• Single Sign-On
• SSL Control
• Virtual Access Points
• SonicWALL GMS 5.0 Administrator’s Guide
• SonicWALL GVC 4.0 Administrator’s Guide
• SonicWALL ViewPoint 5.0 Administrator’s Guide
• SonicWALL GAV 4.0 Administrator’s Guide
• SonicWALL IPS 2.0 Administrator’s Guide
• SonicWALL Anti-Spyware Administrator’s Guide
• SonicWALL CFS Administrator’s Guide
For further information, visit:
<http://www.sonicwall.com/us/support/289.html>
Page 34 Related Documentation
SonicWALL Secure Wireless Network Integrated Solutions Guide
Looking to go wireless? Have questions about what it takes to
build a truly “secure” wireless network? Check out the
SonicWALL Secure Wireless Network Integrated Solutions
Guide. This book is the official guide to SonicWALL’s marketleading wireless networking and security devices.
This title is available in hardcopy at fine book retailers
everywhere, or by ordering directly from Elsevier Publishing at:
<http://www.elsevier.com>
SonicWALL NSA 2400MX Getting Started Guide Page 35
Page 36 SonicWALL Secure Wireless Network Integrated Solutions Guide
Product Safety and Regulatory Information
In this Section:
This section provides regulatory along with trademark and copyright information.
• Safety and Regulatory Information - page 38
• Weitere Hinweise zur Montage - page 39
• FCC Part 15 Class A Notice - page 40
• Canadian Radio Frequency Emissions Statement - page 40
• CISPR 22 (EN 55022) Class A - page 40
• Regulatory Information for Korea - page 40
• Copyright Notice - page 41
• Trademarks - page 41
SonicWALL NSA 2400MX Getting Started Guide Page 37
Safety and Regulatory Information
Regulatory Model/Type Product Name
1RK16-076 NSA 2400MX
Rack Mounting the SonicWALL
The above SonicWALL appliances are designed to be mounted in a
standard 19-inch rack mount cabinet. The following conditions are
required for proper installation:
• Use the mounting hardware recommended by the rack manufacturer and ensure that the rack is adequate for the application.
• Four mounting screws, compatible with the rack design, must
be used and hand tightened to ensure secure installation.
Choose a mounting location where all four mounting holes line
up with those of the mounting bars of the 19-inch rack mount
cabinet.
• Mount in a location away from direct sunlight and sources of
heat. A maximum ambient temperature of 104º F (40º C) is
recommended.
• Route cables away from power lines, fluorescent lighting fixtures, and sources of noise such as radios, transmitters and
broadband amplifiers.
• The included power cord is intended for use in North America
only. For European Union (EU) customers, a power cord is not
included.
• Ensure that no water or excessive moisture can enter the unit.
• Allow unrestricted airflow around the unit and through the
vents on the side of the unit. A minimum of 1 inch (25.44mm)
clearance is recommended.
• Mount the SonicWALL appliances evenly in the rack in order
to prevent a hazardous condition caused by uneven mechanical loading.
• Consideration must be given to the connection of the equipment to the supply circuit. The effect of overloading the circuits
has minimal impact on overcurrent protection and supply wiring. Appropriate consideration of equipment nameplate ratings must be used when addressing this concern.
• Reliable grounding of rack-mounted equipment must be maintained. Particular attention must be given to power supply
connections other than direct connections to the branch circuits such as power strips.
Lithium Battery Warning
The Lithium Battery used in the SonicWALL Internet security appliance
may not be replaced by the user. The SonicWALL must be returned to a
SonicWALL authorized service center for replacement with the same or
equivalent type recommended by the manufacturer. If, for any reason,
the battery or SonicWALL Internet security appliance must be disposed
of, do so following the battery manufacturer's instructions.
Cable Connections
All Ethernet and RS232 (Console) cables are designed for intra-building
connection to other equipment. Do not connect these ports directly to
communication wiring or other wiring that exits the building where the
SonicWALL is located.
Page 38 Safety and Regulatory Information
Weitere Hinweise zur Montage
Das SonicWALL Modell ist für eine Montage in einem standardmäßigen
19-Zoll-Rack konzipiert. Für eine ordnungsgemäße Montage sollten die
folgenden Hinweise beachtet werden:
• Vergewissern Sie sich, dass das Rack für dieses Gerät geeignet ist und verwenden Sie das vom Rack-Hersteller empfohlene Montagezubehör.
• Verwenden Sie für eine sichere Montage vier passende Befestigungsschrauben, und ziehen Sie diese mit der Hand an.
Wählen Sie einen Ort im 19-Zoll-Rack, wo alle vier Befestigungen der Montageschien verwendet werden.
• Wählen Sie für die Montage einen Ort, der keinem direkten
Sonnenlicht ausgesetzt ist und sich nicht in der Nähe von
Wärmequellen befindet. Die Umgebungstemperatur darf nicht
mehr als 40 °C betragen.
• Achten Sie darauf, das sich die Netzwerkkabel nicht in der unmittelbaren Nähe von Stromleitungen, Leuchtstoffröhren und
Störquellen wie Funksendern oder Breitbandverstärkern befinden.
• Das beigefügte Netzkabel ist nur für den Gebrauch in Nordamerikas Vorgesehen. Für Kunden in der Europaïschen Union (EU) ist ein Netzkabel nicht im Lieferumfang enthalten.
• Stellen Sie sicher, dass das Gerät vor Wasser und hoher Luftfeuchtigkeit geschützt ist.
• Stellen Sie sicher, dass die Luft um das Gerät herum zirkulieren kann und die Lüftungsschlitze an der Seite des Gehäuses frei sind. Hier ist ein Belüftungsabstand von mindestens 26
mm einzuhalten.
• Bringen Sie die SonicWALL waagerecht im Rack an, um
mögliche Gefahren durch ungleiche mechanische Belastung
zu vermeiden.
• Prüfen Sie den Anschluss des Geräts an die Stromversorgung, damit der Überstromschutz sowie die elektrische
Leitung nicht von einer eventuellen Überlastung der Stromver-
sorgung beeinflusst werden. Prüfen Sie dabei sorgfältig die
Angaben auf dem Aufkleber des Geräts.
• Eine sichere Erdung der Geräte im Rack muss gewährleistet
sein. Insbesondere muss auf nicht direkte Anschlüsse an
Stromquellen geachtet werden wie z. B. bei Verwendung von
Mehrfachsteckdosen.
Hinweis zur Lithiumbatterie
Die in der Internet Security Appliance von SonicWALL verwendete
Lithiumbatterie darf nicht vom Benutzer ausgetauscht werden. Zum
Austauschen der Batterie muss die SonicWALL in ein von SonicWALL
autorisiertes Service-Center gebracht werden. Dort wird die Batterie
durch denselben oder entsprechenden, vom Hersteller empfohlenen
Batterietyp ersetzt. Beachten Sie bei einer Entsorgung der Batterie oder
der SonicWALL Internet Security Appliance die diesbezüglichen
Anweisungen des Herstellers.
Kabelverbindungen
Alle Ethernet- und RS232-C-Kabel eignen sich für die Verbindung von
Geräten in Innenräumen. Schließen Sie an die Anschlüsse der
SonicWALL keine Kabel an, die aus dem Gebäude in dem sich das
Gerät befindet ,herausgeführt werden.
SonicWALL NSA 2400MX Getting Started Guide Page 39
FCC Part 15 Class A Notice
NOTE: This equipment was tested and found to comply with the limit s for a Class A
digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference when the equipment is
operated in a commercial environment. This equipment generates, uses, and can
radiate radio frequency energy . And if not install ed and used in accordance with
the instruction manual, the device may cause harmful interference to radio
communications. Operation of this equipment in a reside ntial area is likely to cause
harmful interference in which case the user is required to correct the interference
at his own expense.
Complies with EN 55022 Class A and CISPR22 Class A
Warning: This is a class A product. In a domestic environment, this product may
cause radio interference in which case the user may be required to t ake adequate
measures.
Caution: Modifying this equipment or using th is equipment for purposes not shown
in this manual without the written consent of SonicWALL, Inc. co uld void the user’s
authority to operate this equipment.
BMSI Statement
VCCI Statement
Canadian Radio Frequency Emissions Statement
This Class A digital apparatus complies with Canadian ICES- 003.
Cet appareil numérique de la classe A est conforme à toutes la norme NMB-003
du Canada.
CISPR 22 (EN 55022) Class A
Warning: This is a class A product. In a do mestic environmen t, this product may
cause radio interference in which case the user may be required to take adequate
measures.
Declaration of Conformity
Application of council Directiv e 2004/10 8/EC (E MC) an d
2006/95/EC (L VD)
Standards to which conformity is declared
EN 55022 (2006) Class A
EN 55024 (1998) +A1 (2001), +A2 (2003)
EN 61000-3-2 (2005)
EN 61000-3-3 (1995) +A1 (2001) , +A2 (2 005)
EN 60950-1 (2006)
National Deviations: AR, AT, AU, BE, BR, CA, CH, CN, CZ,
DE, DK, FI, FR, GB, GR, HU, IL, IN, IT , JP, KE,
KR, MY , NL , NO, PL, SE, SG, SI, SK, US
Regulatory Information for Korea
Ministry of Information and Telecommunication
Certification Number SWL-1RK16-076
All products with country code “” (blank) and “A” are made in the USA.
All products with country code “B” are made in China.
All products with country code “C” or “D” are made in Taiwan R.O.C.
All certificates held by Secuwide, Corp.
Page 40 Safety and Regulatory Information
Copyright Notice
© 2010 SonicWALL, Inc.
All rights reserved.
Under the copyright laws, this manual or the software described within,
cannot be copied, in whole or part, without the written consent of the
manufacturer, except in the normal use of the software to make a
backup copy. The same proprietary and copyright notices must be
affixed to any permitted copies as were affixed to the original. This
exception does not allow copies to be made for others, whether or not
sold, but all of the material purchased (with all backup copies) can be
sold, given, or loaned to another person. Under the law, copying
includes translating into another language or format.
Specifications and descriptions subject to change without notice.
Trademarks
SonicWALL is a registered trademark of SonicWALL, Inc.
Windows 2000, Windows XP, Windows Server 2003, Internet Explorer,
and Active Directory are trademarks or registered trademarks of
Microsoft Corporation.
Adobe, Acrobat, and Acrobat Reader are either registered trademarks or
trademarks of Adobe Systems Incorporated in the U.S. and/or other
countries.
Firefox is a trademark of the Mozilla Foundation.
Other product and company names mentioned herein may be
trademarks and/or registered trademarks of their respective companies
and are the sole property of their respective manufacturers.
SonicWALL NSA 2400MX Getting Started Guide Page 41
Page 42
©2010SonicWALL,Inc.is aregisteredtrademarkofSonicWALL,Inc.Otherproductnamesmentionedhereinmaybetrademarksand/orregisteredtrademarksof their respective companies. Specications and descriptions subject to change without notice.
SonicWALL, Inc.
T +1408.745.9600
www.sonicwall.com
F+1408.745.9300
P/N 232-001475-51
Rev A 3/24/10
2001 Logic Drive
San Jose, CA 95124-3452
PROTECTION ATTHE SPEED OF BUSINESS
™
Loading...