Benutzeranleitung / Produktwartung NSA 5000 des Produzenten SonicWALL
Zur Seite of 74
Getting Star ted Guide SonicW ALL Network Security Appliances NET WORK SECURIT Y NSA 5000/4500/3500.
SonicWALL NSA 5000/4500/3 500 Getting Started Gu ide Page 1 SonicW ALL NSA Getting Started Guide This Getting St arted Guide provides instructions for basic installation and configuration of the SonicWALL Network Security Appliance (NSA) 5000/450 0/3500 running SonicOS Enhanced.
Page 2 SonicWALL NSA Series SonicW ALL NSA Ser ies Note: Always observe proper safety and regulatory g uidelines when re moving administrator-serviceable parts from the SonicWALL NSA appliance. Proper guidelines can be found in the Safety and Regulatory Information section, on page 66 of this guide.
SonicWALL NSA 5000/4500/3 500 Getting Started Gu ide Page 3 Pr e-Configuration T asks In this Section: This section provides pre-configuration information.
Page 4 Check Package Conte nts Check Package Contents Before setting up your SonicWALL NSA appliance, verify that your package contains the following parts: NSA Appliance DB9 -> RJ45 (CLI) Cable S .
SonicWALL NSA 5000/4500/3 500 Getting Started Gu ide Page 5 Obtain Configuration Information Please record and keep for future r eference the following se tup information: Registration Information Net.
Page 6 The Front Panel The Front Panel Icon Feature Description Console Port Used to access the SonicOS Command Line In terface (CL I) via the DB9 -> RJ45 cable. USB Port s ( 2) Future extension. Reset Button Press and hold the button for a few seconds to manually reset the appliance using SafeMode.
SonicWALL NSA 5000/4500/3 500 Getting Started Gu ide Page 7 The Back Panel Icon Feature Description Fans (2) The SonicWALL NSA Series includes two fans for system temperature control.
Page 8 The Back Panel.
SonicWALL NSA 5000/4500/3 500 Getting Started Gu ide Page 9 Register ing Y our Appliance on mysonicwall.com In this Section: This section provides instruct ions for registering your SonicW ALL NSA Series appliance. • Before Y ou Register - p age 10 • Creating a mysonicwall.
Page 10 Before You Register Before Y ou Register Y ou need a mysonicwall.com account to registe r the SonicW ALL NSA appliance. Y ou can create a new mysonicwall.co m account on www .mysonicwall.com or directly from the SonicW ALL management interface .
SonicWALL NSA 5000/4500 /3500 Getting Start ed Guide Page 11 Creating a mysonicwall.com Account T o create a mysonicwall.com account, perform the following steps: 1. In your browser , navigate to www .mysonicwall.com. 2. In the login screen, If y ou are not a regi stered user , click Not a registered user? 3.
Page 12 Registering and Licensing Your Appliance on mysonicwall.com Licensing Secu rity Services and Softwar e The Service Management - Associated Products page in www .mysonicwall.com list s security services, support options, and software such as V iewPoint that you can purchase or try with a free trial.
SonicWALL NSA 5000/4500 /3500 Getting Start ed Guide Page 13 T o manage your licenses, perform the following tasks: 1. In the mysonicwall.com Se rvice Ma nagement - Associated Products page, check the Applicable S ervices table for services that your SonicWALL appliance is already licensed for .
Page 14 Registering and Licensing Your Appliance on mysonicwall.com Register ing a Second Appliance as a Backup T o ensure that your network sta ys protected if your SonicW ALL appliance has an unexpected fa ilure, you can associ ate a second SonicWALL of the same model as the first in a h igh availability (HA) pair .
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 15 Deployment Scenar ios In this Section: This section pro vides det ailed overviews of advanced deployment scenario s as well as configuration instructi ons for connecting your SonicW ALL NSA Series.
Page 16 Select ing a Deployment S cenario Selecting a Deployment Scenario Before continuing, select a deployment scenario that best fits your network scheme.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 17 Scenar io A: NA T/Route Mode Gateway For new network installations or installations where the SonicW ALL NSA Series is replacing the existing network gateway . In this scenario, the SonicWALL NSA Series is configured in NA T/Route mode to operate as a single network g ateway .
Page 18 Select ing a Deployment S cenario Scenar io B: State Sync Pair in NA T/Route Mode For network installations with two Soni cW ALL NSA Series appliances of the same model con figured as a stateful synchronized pair for redundant high-availability ne tworking.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 19 Scenar io C: L2 Br idge Mode For network installations where th e SonicWALL NSA Series is running in tandem with an existi ng network gateway . In this scenario, the original gatewa y is maintained.
Page 20 Initi al Setup Initial Setup This section provides initial configuration in structions for connecting your SonicWALL NSA Series. Follow these step s if you are setting up Scenario A , B , or C .
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 21 Connecting the LAN Port 1. Connect one end of the provided Eth ernet cable to the computer you are using to manage the SonicW ALL NSA Series. 2. Connect the other end of the cable to the X0 port on your SonicW ALL NSA Series.
Page 22 Initi al Setup Accessing the Mana gement Interface The computer you u se to manage the SonicW ALL NSA Series must be set up to accept a dyna mic IP address, or it must have an unused IP add ress on the 192.168.16 8.x/24 subnet, such a s 192.168.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 23 Connecting to Y o ur Network The SonicW ALL NSA Series ships with the internal DHCP server active on the L AN port. However , if a DHCP server is already active on your LAN, the Son icW ALL will disable its own DHCP server to prevent conflicts.
Page 24 Activating Licenses in Son icOS After completing the registration process in SonicOS, you mu st perform the following tasks to activa te y our license s and enable your licensed services from .
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 25 Upgrading Firmware on Y our SonicW ALL The following procedures are for upgradi ng an existing SonicOS Enhanced image to a newer version: .
Page 26 Upgrading Firmware on Your SonicWALL Upgrading the Firmwar e with Current Settin gs Perform the following steps to upload new firmware to your SonicW ALL appliance and use your current configuration settings upon startup. Tip: The appliance must b e properly registered b efore it can be upgraded.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 27 T o use SafeMode to upgrade firmware on th e SonicW ALL security appliance, perform the foll owing steps: 1. Connect your computer to the X0 port on the SonicWALL appliance and configure your IP address with an addre ss on the 192.
Page 28 Configuring a State Sync Pair in NAT/Route Mode Configuri ng a State Sync Pair in NA T/Route Mode This sectio n provides instructions fo r configuring a pair of SonicW ALL NSA appliances for high availability (HA). This section is relevant to administrators follo wing deployment scenario B .
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 29 Configuring High A vailability The first task in setting up HA af ter initial setup is configuring the High A vailability > Settings page on the Primary SonicW ALL security appliance.
Page 30 Configuring a State Sync Pair in NAT/Route Mode 5. Optionally adjust the Heartbeat Interval to control how often the two units communicate. The default is 5000 milliseconds; the min imum recommended value is 1000 milliseconds. Less than this may cause unnece ssary failovers, especially wh en the SonicW AL L is under a heavy load.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 31 Synchronizing Settings Once you have con figured the HA setti ng on the Primar y SonicW ALL security appliance, click the Syn chronize Settings button. Y ou should see a HA Peer Fire wall has been updated message at the bottom of the m anagement interface page.
Page 32 Configuring a State Sync Pair in NAT/Route Mode Adjusting High Availability Settings On the High A vailability > Settings page, there are four user- configurable timers that can be adjusted to suit your network’s needs: • Heartbeat Interval (s econds) – Thi s timer is the length of time between status checks.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 33 HA License Config uration Overview Y ou can configure HA license synchronizatio n by associating two SonicWALL security appliances as HA Primary and HA Secondary on mysonicwall.co m. Note that the Backup appliance of your HA pair is referred to as the HA Secondary unit on mysonicwall.
Page 34 Configuring a State Sync Pair in NAT/Route Mode Associating Pr e-Registered Appliance s T o associate two already-registered SonicW ALL security appliances so that they can use HA l icense synchronization, perform the following steps: 1. Login to mysonicwall.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 35 Configur ing L2 Bridge Mode This section provides in structions to configure the SonicWALL NSA appliance in tandem with an existing Internet gateway device. This section is relevant to users fol lowing deployment scenario C .
Page 36 Configuring L2 Bridge Mode Configuring the Sec ondary Bridge Inte rface Complete the followin g steps to configure the SonicWALL appliance: 1. Navigate to the Network > Interfaces page from the navigation panel. 2. Click the Configure icon in the right column of the X0 (LAN) interface.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 37 Additional Deployment Configuration In this Section: This section provides ba sic configuration information to begin buildin g network security policies for your deployment. This sec tion also contains several SonicOS diagnostic tool s and a deployment configu ration reference checklist.
Page 38 Creating Network Access Rules Creating Network Access Rules A zone is a logical grouping of one or more in terfaces designed to make management, such as the defi nition and app lication of access rules, a simpler and more intuitive process than following a strict physical interfa ce scheme.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 39 3. In the Add Rule page in the General tab, select Allow | Deny | Discard from the Action list to permit or block IP traffic. • Select the from and to zones from the From Zone and T o Zone menus.
Page 40 Creating a NAT Policy 4. Click on the Advanced tab. • If you would like for the access rule to timeout after a different period of TCP inactivity , set the amount of time, in minute s, in the TCP Conn ection Inactivity Timeout (minutes) field.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 41 Before configuring NA T Policies, you must create all Address Objects associated with the policy . For instance, if you are creating a One-to-One NA T policy , first create Address Ob jects for your public and private IP addresses.
Page 42 Creating a NAT Policy Configuring Addr ess Objects The Network > Address Objects page allows you to create and manage your Address Objects. Y ou can view Address Objects in the following ways u sing the Vi e w St y l e menu: • All Address Objects - displays all configured Address Objects.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 43 Configuring NA T Policies NA T policie s allow you the flexibility to control Network Address T ranslatio n based on matching combinations of Source IP address, Destination IP address and Destination Services.
Page 44 Enabling Securit y Services in SonicOS Enabling Security Services in SonicOS Y ou must enable each security service individually in the SonicOS user interface.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 45 3. The Enable O utbound Inspe ction feature is availabl e for SMTP traffic, such as for a mail server that might be hosted on the DMZ. Enabling outbound inspection for SMT P scans mail that is delivered to the internally hosted SMTP server for viruses.
Page 46 Enabling Securit y Services in SonicOS 7. Select Enable HTTP Clientless N otification Alerts and customize the message. This feature informs the user tha t GA V detected a threat fr om th e HTTP server .
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 47 Enabling Anti-Spyware T o enable Anti-S p yware in SonicOS: 1. Navigate to the Security Se rvices > Anti-Spyware p age.
Page 48 Applying Securi ty Services to Network Zones Applying Security S ervices to Network Zones A network zone is a l ogical group of one or more interfaces to which you can apply security ru les to regulate traf fic passing from one zone to another zone.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 49 Deploying SonicPoints for Wir eless Access This section describes how to configure SonicPo ints with the SonicW ALL NSA Series.
Page 50 Deploying SonicPoints for Wirel ess Access T o add a new profile click Add below the list of SonicPoint provisioning profiles. T o edit an ex isting profi le, select the profil e and click the Configure icon in the same li ne as the profile you are editing.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 51 4. In the 802.1 1a Radio and 802.1 1a Adv tabs, configure the settings for the operati on of the 802.1 1a radio ban ds. The SonicPoint has two separate radios bu ilt in. Therefore, it can send and receive on both the 802.
Page 52 Deploying SonicPoints for Wirel ess Access Note: If you have configured WPA2 as your a uthentication type, you do not need to enable WiFiSe c. • If you have enabled WiFiSec Enfo rcement , you can specify the following: • Select WiFiSec Exception Service to select services that are al lowed to bypass the WiFi Sec enforcement.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 53 Connecting the SonicPoin t When a SonicPoint unit is first conne cted and powered up, it will have a factory default configur a tion (IP Address 192.168.1.20, username: ad min , password: p ass word ).
Page 54 Troubleshooting Diagnost ic Tools T roubleshooting Diagnostic T ools SonicOS provides a number of diagnosti c tools to help you maintain your network a nd troubleshoot problems. Several tools can be accessed on the System > Diagnostics page, and others are available on other screen s.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 55 The SonicOS user interface provides three windows to displa y different views of the captured packet s: • Captured Packets • Packet Detail •H e x D u m p Click the Configure button to customize the setti ngs for the capture.
Page 56 Troubleshooting Diagnost ic Tools Using the Active Connection s Monitor The Active Connec tions Monitor displays real -time, exportable (plain text or CSV), filterable views of all connection s to and through the SonicWALL security appliance. This tool is available on the Systems > Diagnostics page.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 57 Using Log > View The SonicW ALL security appliance maintains an Event log for tracking potential security threat s. Y ou can view the log in the Log > Vie w page, or it can be automatically sent to an email address for convenience an d archiving.
Page 58 Deployment Configuration Referen ce Checklist Deployment Configuration Reference Checklist Use this checklist to find more information about various deployment tasks within the SonicOS Enhanced Administrator ’s Guide . For this T ask... Se e this Chapter .
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 59 Support and T raining Options In this Section: This section provides ove rviews of customer suppor t an d training options for the SonicWALL NSA Series.
Page 60 Customer Support Customer Support SonicW ALL offers W eb-ba sed and telephone support to customers who have a va lid W arranty or wh o purchased a Support Contract.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 61 SonicW ALL Live Product Demos Get an interactive insight into SonicWALL security p roducts and services with the following series of live pr.
Page 62 User Forums User Forums The SonicWALL User Forums is a resource that provides users the ability to communicate and discuss a variety of security and appliance subject ma tters.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 63 T raining SonicW ALL offers an extensive sales and technical training curriculum for Network Administ rators, Security Experts and SonicW ALL Medallion Partners who need to enhance th eir knowledge and maximize their investment in SonicWALL Products and Security Applications.
Page 64 Related Documentation Related Documentation See the following relate d documents for more information: • SonicOS Enhanced Administrator ’s Guide • SonicOS Enhanced Release Notes • Soni.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 65 Pr oduct Safety and Regulatory Information In this Section: This section pro vides regula tory alo ng with trademark and copyright information.
Page 66 Safety and Regulator y Information Safety and Regulatory Information Rack Mounting the SonicW ALL The above SonicW ALL appliances ar e designed to be mounted in a standard 19-inch rack mount cabinet.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 67 Safety and Regulat ory Informatio n in German Wei tere Hinw eise zur Mo nt age Die oben genannten SonicWALL-Modelle sind für eine Montage in einem standardmäßigen 19-Zoll-Ra ck konzipiert.
Page 68 Safety and Regulator y Information FCC Part 15 Class A Notice NOTE: This equipment was tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 69 Copyright Notice © 2008 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software descr ibed within, cannot be copied, in whole or part, without the written consen t of the manufacturer , except in the normal use of the software to make a backup copy .
Page 70 Notes Notes.
SonicWALL NSA 5000/4500 /3500 Getting Started Guide Page 71 Notes.
Page 72 Notes Notes.
© 2 0 0 8S o n i c W A L L ,I n c .i s a r e g i s t e r e dt r a d e m a r ko fS o n i c W A L L ,I n c .O t h e rp r o d u c tn a m e sm e n t i o n e dh e r e i nm a yb et r a d e m a r k sa n d / o rr e g i s t e r e dt r a d e marks of their respective companies.
Ein wichtiger Punkt beim Kauf des Geräts SonicWALL NSA 5000 (oder sogar vor seinem Kauf) ist das durchlesen seiner Bedienungsanleitung. Dies sollten wir wegen ein paar einfacher Gründe machen:
Wenn Sie SonicWALL NSA 5000 noch nicht gekauft haben, ist jetzt ein guter Moment, um sich mit den grundliegenden Daten des Produkts bekannt zu machen. Schauen Sie zuerst die ersten Seiten der Anleitung durch, die Sie oben finden. Dort finden Sie die wichtigsten technischen Daten für SonicWALL NSA 5000 - auf diese Weise prüfen Sie, ob das Gerät Ihren Wünschen entspricht. Wenn Sie tiefer in die Benutzeranleitung von SonicWALL NSA 5000 reinschauen, lernen Sie alle zugänglichen Produktfunktionen kennen, sowie erhalten Informationen über die Nutzung. Die Informationen, die Sie über SonicWALL NSA 5000 erhalten, werden Ihnen bestimmt bei der Kaufentscheidung helfen.
Wenn Sie aber schon SonicWALL NSA 5000 besitzen, und noch keine Gelegenheit dazu hatten, die Bedienungsanleitung zu lesen, sollten Sie es aufgrund der oben beschriebenen Gründe machen. Sie erfahren dann, ob Sie die zugänglichen Funktionen richtig genutzt haben, aber auch, ob Sie keine Fehler begangen haben, die den Nutzungszeitraum von SonicWALL NSA 5000 verkürzen könnten.
Jedoch ist die eine der wichtigsten Rollen, die eine Bedienungsanleitung für den Nutzer spielt, die Hilfe bei der Lösung von Problemen mit SonicWALL NSA 5000. Sie finden dort fast immer Troubleshooting, also die am häufigsten auftauchenden Störungen und Mängel bei SonicWALL NSA 5000 gemeinsam mit Hinweisen bezüglich der Arten ihrer Lösung. Sogar wenn es Ihnen nicht gelingen sollte das Problem alleine zu bewältigen, die Anleitung zeigt Ihnen die weitere Vorgehensweise – den Kontakt zur Kundenberatung oder dem naheliegenden Service.