SonicWALLAnti-Virus Router 80 Getting Started Guide Page 1
SRA 1200/4200 Getting Started Guide
Getting Started Guide
SonicWALL
1
23456
SRA 1200/4200
Getting Started Guide
This Getting Started Guide contains installation
procedures and configuration guidelines for deploying a
SonicWALL SRA 1200/4200 appliance into an existing or
new network. This document addresses the most
common use-case scenarios and network topologies in
which the SonicWALL SRA 1200/4200 appliance can be
deployed.
Document Contents
This document contains the following sections:
Setting Up Your Network - page 3Connecting Your Appliance - page 11Registering Your Appliance - page 21
Network Configuration - page 27
Upgrading Y our Appliance - page 41
Safety and Regulatory Information - page 53
SonicWALL SRA 1200/4200 Getting Started Guide Page 1
Page 2 Document Contents
In this Section:
1
This section provides pre-configuration information. Review this
section before setting up your SonicWALL SRA 1200/4200
appliance.
•SRA 1200 System Requirements - page 4
•SRA 4200 System Requirements - page 5
•Selecting a Deployment Scenario - page 7
•Applying Power to the SonicWALL SRA - page 9
Setting Up Your Network
SonicWALL SRA 1200/4200 Getting Started Guide Page 3
SRA 1200 System Requirements
(x6)
(x2)
(Power cord inlucded
in North America only)
1200
SRA
Secure Remote Access
X0X1
CONSOLE
PWR TEST ALARM
Before you begin the setup process, verify that your package
contains the following parts:
•One SonicWALL SRA 1200 appliance
•One SonicWALL SRA 1200/4200 Getting Started Guide
•One straight-through Ethernet cable
•One serial CLI cable
•One rack-mount kit
•One power cord*
•A Web browser supporting Java Script and HTTP uploads.
Supported browsers include the following:
Supported BrowsersBrowser Version
Number
Internet Explorer8.0 or higher
Package Contents for the SonicWALL SRA 1200
Firefox4.0 or higher
Safari4.0 or higher
for MacOS
Chrome11.0 or higher
*Power cord intended for use in North America only . For other areas,
please refer to your product reseller.
Page 4 SRA 1200 System Requirements
Missing Items?
If any items are missing from your package, contact
SonicWALL Support:
SonicWALL SRA 1200/4200 Getting Started Guide Page 5
What You Need to Begin
•Administrative access to the network gateway device
•A Windows, Linux, or MacOS computer to use as a
management station for initial configuration of the
SonicWALL SRA 1200/4200
•A Web browser supporting Java Script and HTTP uploads
(See previous pages for supported Web browsers)
•An Internet connection
Recording Configuration Information
Record the following setup information to use during the setup
process and for future reference:
Registration Information
Serial Number:
Authentication Code:
Administrator Information
Admin Name:
Admin Password:
Network Configuration Information
Collect the following information about your current network
configuration:
Primary DNS:
Secondary DNS (optional):
DNS Domain:
Record the serial number found on the
bottom panel of your SonicWALL
appliance.
Record the authentication code found on
the bottom panel of your SonicWALL
appliance.
Select an administrator account name.
(default is admin)
Select an administrator password.
(default is password)
Page 6 What You Need to Begin
WINS server(s) (optional):
Selecting a Deployment Scenario
WANDMZLAN
1200
SRA
Secure Remote Access
X0X1
CONSOLE
PWRTESTALARM
SRA Appliance
OPT, X2, etc
X1
X0
X0
Remote Users
Switch
Router
Network Nodes
SonicWALL UTM Appliance
E7500
Network Security Appliance
The deployment scenarios described in this section are based
on actual customer deployments and are SonicWALLrecommended deployment best practices for SRA appliances .
A SonicWALL SRA appliance is commonly deployed in “onearm” mode over the DMZ or Opt interface on an accompanying
gateway appliance, such as a SonicWALL NSA E7500. This
method of deployment offers additional layers of security
control, plus the ability to use SonicWALL’s UTM services,
including Gateway Anti-Virus, Anti-Spyware, Content Filtering,
Intrusion Prevention Service, and Comprehensive Anti-Spam
Service, to scan all incoming and outgoing NetExtender traffic.
The primary interface (X0) on the SonicWALL SRA connects to
an available segment on the gateway device. The encrypted
user session is passed through the gateway to the SonicWALL
SRA appliance. The SonicWALL SRA appliance decrypts the
session and determines the requested resource.
The session traffic then traverses the gateway appliance to
reach the internal network resources. The gateway appliance
applies security services, such as Intrusion Prevention,
Gateway Anti-Virus, and Anti-Spyware inspection as data
traverses the gateway. The internal network resource then
returns the requested content to the SonicWALL SRA appliance
through the gateway, where it is encrypted and sent to the
client.
Scenario Overviews
Scenario A: SRA on a New DMZ
SonicWALL SRA 1200/4200 Getting Started Guide Page 7
Scenario B: SRA on an Existing DMZ
DMZ
LANWAN
OPT, X2, etc
X1
X0
X0
Remote Users
Network Nodes
SonicWALL UTM Appliance
E7500
Network Security Appliance
SwitchSwitch
Router
1200
SRA
Secure Remote Access
X0X1
CONSOLE
PWRTESTALARM
SRA Appliance
LAN
WAN
LAN Port
X0
Remote Users
Existing Gateway Device
or Switch / Hub
Internet
Router
1200
SRA
Secure Remote Access
X0X1
CONSOLE
PWRTESTALARM
SRA Appliance
SonicWALL SRA 1200/4200 Deployment Scenarios
Scenario C: SRA on the LAN
Page 8 Selecting a Deployment Scenario
Gateway
Device
SonicOS Enhanced
3.1 or higher:
•TZ Series
•PRO Series
•NSA E-Class
(SonicOS
5.0+)
•NSA Series
(SonicOS
5.0+)
SonicOS Standard
3.1 or higher:
• TZ Series
• PRO Series
Deployment
Scenario
SRA on a New DMZ •OPT or unused interface
SRA on Existing
DMZ
Conditions or
Requirements
•New DMZ configured for
NAT or Transparent Mode
•No unused interfaces
•One dedicated interface in
use as an existing DMZ
SRA on the LAN•No unused interfaces
•No dedicated interface for
a DMZ
SRA on a New DMZ •Open OPT or X2 interface
•New DMZ configured for
either NAT or Transparent
Mode
•Provide SonicWALL deep
packet inspection security
services (optional)
SonicOS Standard
3.1 or higher:
•TZ Series
•PRO Series
SonicWALLs with
legacy firmware
Third-Party Gateway
Device
SRA on Existing
DMZ
SRA on the LAN•Not planning to use
•OPT or X2 interface in use
with an existing DMZ
•Provide SonicWALL deep
packet inspection security
services (optional)
SonicWALL deep packet
inspection security
services
•Interoperability with a
third-party gateway device
Applying Power to the SonicWALL SRA
PWRTEST ALARM
1.Plug one end of the power cord into the
SonicWALL SRA 1200/4200 and the other into an
appropriate power outlet.
2.Turn on the power switch located on the rear of the
appliance next to the power cord.
The 'Pwr' LED on the front panel lights up blue when the
appliance is turned on. The 'Test' LED lights up yellow and may
blink for up to a minute while the appliance performs a series of
diagnostic tests. When the 'Test' LED is no longer lit, the
SonicWALL SRA 1200/4200 is ready for configuration.
Accessing the Management Interface
To access the Web-based management interface of the
SonicWALL SRA 1200/4200:
1.Connect one end of an Ethernet cable into the ‘X0’ port of
your SonicWALL SRA 1200/4200. Connect the other end
of the cable into the computer you are using to manage the
SonicWALL SRA 1200/4200.
2.Set the computer you use to manage the
SonicWALL SRA 1200/4200 to have a static IP address in
the 192.168.200.x/24 subnet, such as 192.168.200.20.
However, do not use 192.168.200.1, as this address will
conflict with the appliance.
3.Open a Web browser, and enter http://192.168.200.1 (the
default X0 management IP address) in the Location or
Address field.
If the 'Test' or 'Alarm' LEDs remain lit, or if the 'Test' LED blinks
red after the SonicWALL SRA 1200/4200 has booted, restart
the appliance. For more troubleshooting information, refer to the
SonicWALL SSL VPN Administrator’s Guide.
Note: A security warning may appear. Click Continue to this
website or OK to accept the certificate and continue.
SonicWALL SRA 1200/4200 Getting Started Guide Page 9
4.The ‘SonicWALL SRA Management Interface Login’
displays and prompts you to enter your user name and
password. Enter “admin” in the User Name field,
“password” in the Password field, select “LocalDomain”
from the Domain drop-down list, and click the Login button.
Troubleshooting
If you cannot connect to the SonicWALL SRA 1200/4200, verify
the following configurations:
•Did you plug your management workstation into the
interface X0 on the SonicWALL SRA appliance?
Management can only be performed through X0.
•Is the link light illuminated on both the management
station and the SonicWALL SRA appliance?
•Did you correctly enter the SonicWALL SRA 4200
management IP address in your Web browser?
•Is your computer set to a static IP address of
192.168.200.20?
•Is your Domain set to LocalDomain on the login
screen?
If you are still unable to connect to the SonicWALL SRA
appliance, contact SonicWALL Support:
You are now succe s sfully connected to the SRA Management
Interface.
This section provides procedures for connecting your
SonicWALL SRA 1200/4200 appliance.
•Configuring Your SRA 1200/4200 - page 12
•Connecting Your SRA 1200/4200 - page 18
Connecting Your Appliance
SonicWALL SRA 1200/4200 Getting Started Guide Page 11
Configuring Your SRA 1200/4200
Once your SonicWALL SRA 1200/4200 is connected to a
computer through the management port (X0), it can be
configured through the Web-based management interface.
Setting Your Administrator Password
1.From the management interface, select the Users > Local
Users page.
2.Click the Configure button corresponding to the
“admin” account.
Note: Changing your password from the factory default is
strongly recommended. If you change your password,
be sure to keep it in a safe place. If you lose your
password, you will have to reset the SonicWALL SRA
to factory settings losing your configuration.
3.Enter a password for the “admin” account in the Password
field. Re-enter the password in the Confirm Password
field.
4.ClickOK to apply changes.
Page 12 Configuring Your SRA 1200/4200
Adding a Local User
1.Navigate to Users > Local Users pa ge.
2.Click the Add User button.
3.Enter a User Name.
4.Select LocalDomain from the Group/Domain drop-down
menu.
5.Enter a Password for the user. Confirm the new password.
6.Select User from the User Type drop-down menu.
7.ClickAdd to finish adding a local user.
Setting the Time Zone
1.Navigate to the System > Time page.
2.Select the appropriate Time Zone from the drop-down
menu.
3.ClickAccept to save changes to the time settings.
Note: Setting the correct time is essential to operations of the
SonicWALL SRA 1 200/4200. Be sure to set the time
zone correctly. Automatic synchronization with an NTP
server (default setting) is encouraged for accuracy.
SonicWALL SRA 1200/4200 Getting Started Guide Page 13
Configuring SRA Network Settings
You will now config ure your SRA 1200/4200 network settings.
Refer to the notes you took in the “Recording Configuration
Information” on page 6 to complete this section.
Configuring DNS / WINS
1.Navigate to the Network > DNS page in the management
interface.
2.Enter a unique name for your SonicWALL SRA in the
SSL-VPN Gateway Hostname field.
3.Enter your Primary DNS Server information.
4.(Optional) Enter a secondary DNS server in the
Secondary DNS Server field.
5.(Optional) Enter your DNS Domain.
6.(Optional) Enter your WINS servers in the Primary WINS
Server and Secondary WINS Server fields.
7.Click Accept.
Configuring the X0 IP Address for Scenario B and Scenario C
If you are deploying the SRA in either Scenario B, SRA on an
Existing DMZ or Scenario C, SRA on the LAN, you need to
reset the IP address of the X0 interface on the SRA to an
address within the range of the existing DMZ or the existing
LAN.
To configure the X0 IP address for either of these scenarios:
1.Navigate to the Network > Interfaces page.
2.Click the Configure icon for the X0 interface from the
Interfaces table.
Page 14 Configuring Your SRA 1200/4200
3.In the Interface Settings dialog box, set the IP address and subnet mask to:
If you are using scenario:Set the X0 interface to:
B - SRA on an Existing DMZIP Address: An unused
address within your DMZ
subnet, for example:
10.1.1.240
Subnet Mask: Must match
your DMZ subnet mask
Configuring a Default Route
Refer to the following table to correctly configure your default
route. If you do not know your scenario, refer to “Selecting a
Deployment Scenario” on page 7.
If you are using scenario:Your upstream gateway device
will be:
A - SRA on a New DMZThe DMZ interface you will
create
C - SRA on the LANIP Address: An unused
address within your LAN
subnet, for example:
192.168.168.200
Subnet Mask: Must match
your LAN subnet mask
4.ClickOK. Note that you will lose connection to the SRA.
5.Reset the management computer to have a static IP
address in the range you just set for the X0 interface, for
example, 10.1.1.20 or 192.168.200.20.
6.Log into the SRA management interface again, using the
IP address you just configured for the X0 interface. For
example, point your browser to
http://192.168.168.200.
B - SRA on an Existing DMZThe existing DMZ interface
C - SRA on the LANThe LAN gateway
To configure a default route:
1.Navigate to the Network > Routes page.
2.Enter the IP address of your upstream gateway device
in the Default Gateway field.
3.Select X0 in the Interfaces drop-down list.
4.ClickAccept.
SonicWALL SRA 1200/4200 Getting Started Guide Page 15
Adding a NetExtender Client Route
NetExtender allows remote clients to have seamless access to
resources on your local network. You can also enable Tunnel
All Mode so that, when NetExtender clients connect, all the
traffic will be tunneled through the NetExtender connection.
To configure a NetExtender client route:
1.Navigate to the NetExtender > Client Routes page.
2.To force all SRA client traffic to pass through the
NetExtender tunnel, select Enabled from the Tunnel All
Mode drop-down list.
3.ClickAdd Client Route.
4.Enter the IP address of the trusted network to which you would like to provide access with NetExtender in
the Destination Network field. For example, if you are
connecting to an existing DMZ with the network
192.168.50.0/24 and you want to provide access to your
LAN network 192.168.168.0/24, you would enter
192.168.168.0.
5.Enter your subnet mask in the Subnet Mask field.
6.Click Add to finish adding this client route.
Page 16 Configuring Your SRA 1200/4200
Setting Your NetExtender Address Range
The NetExtender IP range defines the IP address pool from
which addresses will be assigned to remote users during
NetExtender sessions. The range needs to be large enough to
accommodate the maximum number of concurrent NetExtender
users you wish to support.
The range should fall within the same subnet as the interface to
which the SonicWALL SRA appliance is connected, and in
cases where there are other hosts on the same segment as the
SonicWALL SRA appliance, it must not overlap or collide with
any assigned addresses. Y ou can determine the correct subnet
based on your network scenario selection:
Scenario AUse the default NetExtender range:
192.168.200.100 to 192.168.200.200
Scenario BSelect a range that falls within your existing DMZ
subnet. For example, if your DMZ uses the
192.168.50.0/24 subnet, and you want to support up
to 30 concurrent NetExtender sessions, you could
use 192.168.50.220 to 192.168.50.249, providing
they are not already in use.
Scenario CSelect a range that falls within your existing LAN
subnet. For example, if your LAN uses the
192.168.168.0/24 subnet, and you want to support up
to 10 concurrent NetExtender sessions, you could
use 192.168.168.240 to 192.168.168.249, providing
they are not already in use.
To set your NetExtender address range in the management
interface:
1.Navigate to the NetExtender > Client Settings page.
2.Enter an address range for your clients in the Client
Address Range Begin and Client Address Range End
fields.
Scenario A192.168.200.100 to 192.168.200.200
(default range)
Scenario BAn unused range within your DMZ subnet
Scenario CAn unused range within your LAN subnet
If you do not have enough available addresses to support your
desired number of concurrent NetExtender users, you may use
a new subnet for NetExtender. This condition may occur if your
existing DMZ or LAN is configured in NAT mode with a small
subnet space, such as 255.255.255.224, or more commonly if
your DMZ or LAN is configured in Transparent mode and you
have a limited number of public addresses from your ISP. In
either case, you may assign a new, unallocated IP range to
NetExtender (such as 192.168.10.100 to 192.168.10.200) and
configure a route to this range on you r gateway appliance.
For example, if your current Transparent range is 67.1 15.1 18.75
through 67.115.118.80, and you wish to support 50 concurrent
NetExtender clients, configure your SRA X0 interface with an
available IP address in the Transparent range, such as
67.115.118.80, and configure your NetExtender range as
192.168.10.100 to 192.168.10.200. Then, on your gateway
device, configure a static route to 192.168.10.0/255.255.255.0
using 67.115.118.80.
SonicWALL SRA 1200/4200 Getting Started Guide Page 17
Connecting Your SRA 1200/4200
WANDMZLAN
1200
SRA
Secure Remote Access
X0X1
CONSOLE
PWRTESTALARM
SRA Appliance
OPT, X2, etc
X1
X0
X0
Remote Users
Switch
Router
Network Nodes
SonicWALL UTM Appliance
E7500
Network Security Appliance
Before continuing, reference the diagrams on the following
pages to connect the SonicWALL SRA 1200/4200 to your
network.
Refer to the options in “Selecting a Deployment Scenario” on
page 7 to determine the proper scena rio for your network
configuration:
•Scenario A: Connecting Your Network Interfaces - page 18
•Scenario B: Connecting Your Network Interfaces - page 19
•Scenario C: Connecting Your Network Interfaces - page 19
Scenario A: Connecting Your Network Interfaces
Scenario A: SRA on a New DMZ
To connect the SonicWALL SRA 1200/4200 using Scenario A,
perform the following steps:
1.Connect one end of an Ethernet cable to the OPT, X2,
or other unused port on your existing SonicWALL security
appliance.
2.Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWALL SRA 1200/4200. The
X0 Port LED lights up green indicating an active
connection.
Page 18 Connecting Your SRA 1200/4200
Continue to Chapter
Loading...
+ 43 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.