background image

32

SonicWall

 

Secure

 

Mobile

 

Access

 

200/400

 

Getting

 

Started

 

Guide

Selecting

 

a

 

Deployment

 

Scenario

The

 

deployment

 

scenarios

 

described

 

in

 

this

 

section

 

are

 

based

 

on

 

actual

 

customer

 

deployments

 

and

 

are

 

SonicWall

recommended

 

deployment

 

best

 

practices

 

for

 

SMA

 

appliances.

An

 

SMA

 

appliance

 

is

 

commonly

 

deployed

 

in

 

one

arm

 

mode

 

over

 

the

 

DMZ

 

interface

 

on

 

an

 

accompanying

 

gateway

 

appliance,

 

such

 

as

 

a

 

SonicWall

 

NSA

 

3600.

 

This

 

method

 

of

 

deployment

 

offers

 

additional

 

layers

 

of

 

security

 

control,

 

plus

 

the

 

ability

 

to

 

use

 

SonicWall’s

 

security

 

services,

 

including

 

Gateway

 

Anti

Virus,

 

Anti

Spyware,

 

Content

 

Filtering,

 

Intrusion

 

Prevention

 

Service,

 

and

 

Comprehensive

 

Anti

Spam

 

Service,

 

to

 

scan

 

all

 

incoming

 

and

 

outgoing

 

traffic.

The

 

primary

 

interface

 

(X0)

 

on

 

the

 

SonicWall

 

SMA

 

connects

 

to

 

an

 

available

 

segment

 

on

 

the

 

gateway

 

device.

 

The

 

encrypted

 

user

 

session

 

is

 

passed

 

through

 

the

 

gateway

 

to

 

the

 

SMA

 

appliance.

 

The

 

SonicWall

 

SMA

 

appliance

 

decrypts

 

the

 

session

 

and

 

determines

 

the

 

requested

 

resource.

 

The

 

session

 

traffic

 

then

 

traverses

 

the

 

gateway

 

appliance

 

to

 

reach

 

the

 

internal

 

network

 

resources.

 

The

 

gateway

 

appliance

 

applies

 

security

 

services

 

as

 

data

 

traverses

 

the

 

gateway.

 

The

 

internal

 

network

 

resource

 

then

 

returns

 

the

 

requested

 

content

 

to

 

the

 

SonicWall

 

SMA

 

appliance

 

through

 

the

 

gateway,

 

where

 

it

 

is

 

encrypted

 

and

 

sent

 

to

 

the

 

client.

SMA

 

200/400

 

Deployment

 

Scenarios

The

 

following

 

illustrations

 

provide

 

an

 

overview

 

of

 

each

 

deployment

 

scenario:

Overview

 

of

 

Scenario

 

A:

 

SMA

 

on

 

a

 

New

 

DMZ

 

on

 

page

 

33

Overview

 

of

 

Scenario

 

B:

 

SMA

 

on

 

an

 

Existing

 

DMZ

 

on

 

page

 

33

Overview

 

of

 

Scenario

 

C:

 

SMA

 

on

 

the

 

LAN

 

on

 

page

 

34

Gateway 

Appliance

Deployment 

Scenario

Requirements on 

Gateway Appliance

SonicOS 5.8.1 or 
higher:
• TZ Series
• NSA E-Class 
• NSA  Series 
• SM 9000 Series 

(SonicOS 6.1+)

SMA on New DMZ

• An unused interface
• New DMZ configured for NAT 

or Transparent Mode 

SMA on Existing 
DMZ

• One dedicated interface in use 

as an existing DMZ

SMA on LAN

• None

Summary of Contents for 1RK33-0BB

Page 1: ...SonicWall Secure Mobile Access 200 400 Getting Started Guide SMA 200 Regulatory Model Number 1RK33 0BB SMA 400 Regulatory Model Number 1RK33 0BC...

Page 2: ...LATING TO ITS PRODUCTS INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NON INFRINGEMENT IN NO EVENT SHALL SONICWALL AND OR ITS AFFILIATES BE LI...

Page 3: ...NG A WARNING icon indicates a potential for property damage personal injury or death CAUTION A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed IMPO...

Page 4: ...In this Guide This Getting Started Guide provides instructions for basic installation and configuration of the SonicWall Secure Mobile Access 200 400 appliances Chapters and sections Chapter 1 Section...

Page 5: ...ge 11 SMA 400 Package Contents on page 13 Power Input Rating on page 14 Chapter 3 Sections include Setting Up the Appliance on page 15 What You Need to Begin on page 16 Powering On the SMA Appliance o...

Page 6: ...g Your Appliance on page 31 Selecting a Deployment Scenario on page 32 Configuring the X0 IP Address on page 34 Configuring a Default Route on page 35 Adding a NetExtender Client Route on page 35 Sett...

Page 7: ...cWall Secure Mobile Access 200 400 Getting Started Guide Chapter 6 Sections include Safety and Regulatory Information on page 55 Safety and Regulatory Information on page 56 Warranty Information on pa...

Page 8: ...iew This section provides information about the SonicWall Secure Mobile Access 200 400 appliances SMA 200 Front and Rear Panels on page 8 SMA 200 Package Contents on page 10 SMA 400 Front and Rear Pan...

Page 9: ...ccess the Command Line Interface CLI using a compatible console cable Power Button Press button to turn appliance on or off Reset Button Press and hold for several seconds to set the appliance into Sa...

Page 10: ...cure Mobile Access 200 400 Getting Started Guide 9 Rear Panel Exhaust Fans Provides optimal cooling for the Sonicwall SMA appliance Power Supply Plug Use the supplied power cord to provide power to th...

Page 11: ...y Environmental and Regulatory Information January 2017 The following information comprises the safety environmental and regulatory message applicable to SonicWall products These messages ensure prope...

Page 12: ...Console Port Access the Command Line Interface CLI using a compatible console cable Power Button Press button to turn appliance on or off Reset Button Press and hold for several seconds to set the ap...

Page 13: ...Secure Mobile Access 200 400 Getting Started Guide Rear Panel Exhaust Fans Provides optimal cooling for the SonicWall SMA appliance Power Supply Plug Use the supplied power cord to provide power to t...

Page 14: ...Products Safety Environmental and Regulatory Informa on January 2017 The following informa on comprises the safety environmental and regulatory message applicable to SonicWall products These messages...

Page 15: ...Secure Mobile Access 200 400 Getting Started Guide Power Input Rating The following table describes the power input rating for the SonicWall Secure Mobile Access 200 400 appliances V 100 240V A 1 5A M...

Page 16: ...setting up your SonicWall Secure Mobile Access 200 400 appliance What You Need to Begin on page 16 Powering On the SMA Appliance on page 17 Accessing the Management Interface on page 17 Troubleshooti...

Page 17: ...reference Network Configuration Information Collect the following about your network configuration Primary DNS _________________________________ Secondary DNS optional ______________________ DNS Sear...

Page 18: ...e Access 200 400 Connect the other end of the cable into the computer you are using to manage the SonicWall Secure Mobile Access 200 400 Accessing the Management Interface To access the Web based mana...

Page 19: ...ectly enter the SMA appliance management IP address in your Web browser default 192 168 200 1 Is your computer set to a static IP address in the 192 168 200 x 24 subnet such as 192 168 200 20 Is your...

Page 20: ...y changes Adding a Local User For testing and verification you can create a local user account and in the local appliance authentication repository To add a local user 1 Navigate to the Users Local Us...

Page 21: ...ect time is essential to operations of the SonicWall SMA 200 400 Be sure to set the time zone correctly Leaving Automatic synchronization with an NTP server enabled default setting is recommended for...

Page 22: ...liance in the SMA Appliance Hostname field 3 Enter your Primary DNS Server information 4 Optional Enter a Secondary DNS Server in the Secondary DNS Server field 5 Optional Enter domain suffixes in the...

Page 23: ...22 SonicWall Secure Mobile Access 200 400 Getting Started Guide 6 Optional Enter your WINS servers in the Primary WINS Server and Secondary WINS Server fields 7 Click Accept...

Page 24: ...re Mobile Access 200 400 appliances Creating a MySonicWall Account on page 24 Registering Your SMA Appliance on page 24 Services and Licensing on page 25 Upgrading Information on page 28 NOTE Registra...

Page 25: ...ow link 3 Complete the Registration form and click Register 4 Verify that the information is correct and click Submit 5 In the confirmation screen click Continue to finish creating your MySonicWall ac...

Page 26: ...select the Product button 4 Enter a Friendly Name for the appliance 5 If applicable select the Product Group from the drop down list 6 Enter the Authentication Code 7 Click Register 8 Click Continue...

Page 27: ...red to enter your activation key here unless current licenses are already indicated in the Status column with either a license key or an expiration date The following products and services are availab...

Page 28: ...you will receive an activation key This key is emailed to you after online purchases or is on the front of the certificate that was included with your purchase To activate existing licenses 1 Navigat...

Page 29: ...ining the Latest SMA Firmware on page 28 Uploading New SMA Firmware on page 29 Accessing the Appliance using SafeMode on page 29 Obtaining the Latest SMA Firmware To obtain a new SMA firmware image fi...

Page 30: ...System Status page Accessing the Appliance using SafeMode If you are unable to connect to the SonicWall SMA management interface you can restart the appliance in SafeMode The SafeMode feature allows...

Page 31: ...30 SonicWall Secure Mobile Access 200 400 Getting Started Guide...

Page 32: ...X0 IP Address on page 34 Configuring a Default Route on page 35 Adding a NetExtender Client Route on page 35 Setting Your NetExtender Address Range on page 36 Adding a New SMA Custom Zone on page 38...

Page 33: ...he gateway to the SMA appliance The SonicWall SMA appliance decrypts the session and determines the requested resource The session traffic then traverses the gateway appliance to reach the internal ne...

Page 34: ...witch Router Network Nodes SonicWall Gateway Appliance CONSOLE SDHC MGMT X17 X16 X14 X12 X10 X8 X6 X4 1GE 10GE X2 X0 X1 X3 X5 X7 X9 X11 X13 X15 ALARM M0 TEST PWR DMZ LAN WAN X2 etc X1 X0 X0 Remote Use...

Page 35: ...Interfaces table click the Configure icon for the X0 interface 4 In the Interface Settings dialog box set the IP Address to an unused address within your DMZ or LAN subnet 5 For the Subnet Mask enter...

Page 36: ...gate to the Network Routes page 2 Enter the upstream gateway device s IPv4 address in the Default IPv4 Gateway field or the IPv6 address in the Default IPv6 Gateway field 3 Select X0 as the interface...

Page 37: ...network on the 192 168 168 0 24 subnet you would enter 192 168 168 0 5 Enter the subnet mask of the destination network in the Subnet Mask Prefix field Continuing the example enter 255 255 255 0 6 Cl...

Page 38: ...ither case you may assign a new unallocated IP range to NetExtender such as 192 168 10 100 to 192 168 10 200 and configure a route to this range on your gateway appliance Scenario A 192 168 200 100 to...

Page 39: ...y appliance is a necessary step in deploying your SMA appliance using Scenarios A and C For more information see the following sections Scenario A Connecting the SMA on a New DMZ on page 40 Scenario C...

Page 40: ...y which is the WAN address of the gateway appliance 12 If you want to allow management of the gateway appliance over this interface select the desired management options 13 If you want to allow users...

Page 41: ...ort on your SonicWall gateway appliance 2 Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall Secure Mobile Access 200 400 The X0 Port LED lights up indicating an...

Page 42: ...the default IP address or enter an IP address in your allowed public IP range Click Next 7 The Public Server Configuration Summary page displays all the configuration actions that will be performed Cl...

Page 43: ...0 interface IP address of your SMA appliance 4 Click Add to create the object Once done click Close 5 Click Add again to create an address object for the NetExtender range 6 In the Add Address Object...

Page 44: ...In the Add Address Object Group dialog box create a group for the X0 interface IP address of your SMA appliance and the NetExtender IP range Enter a name for the group In the left column select the ad...

Page 45: ...ting Your Remote Connection on page 52 From SMA To LAN Source Port Any Service Any Source The address group you just created such as SMA and NetExtender Destination Any Users Allowed All Users Exclude...

Page 46: ...your DMZ 2 Connect the other end of the Ethernet cable to the X0 port on your SonicWall Secure Mobile Access 200 400 The X0 Port LED lights up indicating an active connection 3 Configure the SMA X0 wi...

Page 47: ...Server information and click Next 6 On the Server Public Information page accept the default IP address or enter a new IP address in your allowed public IP range Click Next 7 The Public Server Configu...

Page 48: ...face IP address of your SMA appliance 4 Click OK to create the object Once added click Close 5 Click Add again to create an address object for the NetExtender range 6 In the Add Object dialog box crea...

Page 49: ...er IP range Enter a name for the group In the left column select the address objects you created and click the right arrow button Click OK to create the group when both objects are in the right column...

Page 50: ...to the Gateway To connect the SMA using Scenario C 1 Connect one end of an Ethernet cable to an unused port on your LAN hub or switch 2 Connect the other end of the Ethernet cable to the X0 port on th...

Page 51: ...te to the Network Address Objects page 2 In the Address Objects tab click Add 3 In the Add Object dialog box create an address object for the X0 interface IP address of your SMA 4 Click Add to create...

Page 52: ...IP range Enter a name for the group In the left column select the two address objects you created and click the right arrow button Click OK to create the group when both objects are in the right colum...

Page 53: ...n page 53 Verifying a User Connection from the Internet You can verify your connection using a remote client on the WAN To verify a User Connection from the Internet 1 From a WAN connection outside of...

Page 54: ...now successfully set up your SMA appliance Firewall Access Rules Matrix View If the SMA zone does not appear in the Firewall Access Rules matrix view verify that it is selected as the zone for the gat...

Page 55: ...54 SonicWall Secure Mobile Access 200 400 Getting Started Guide 2 Click the Configure icon for X2 or the port you assigned as the SMA zone 3 Select SMA as the Zone from the drop down list 4 Click OK...

Page 56: ...and warranty information Safety and Regulatory Information on page 56 Appliance Mounting Information on page 56 Lithium Battery Warning on page 57 Cable Connections on page 57 Sicherheitsanweisungen...

Page 57: ...Mount in a location away from direct sunlight and sources of heat A maximum ambient temperature of 104 F 40 C is recommended 7 If installed in a closed or multi rack assembly the operating ambient te...

Page 58: ...3G 0 75 mm 15 The following statement applies only to rack installed products that are GS Marked This equipment is not intended for use at workplaces with visual display units in accordance with 2 of...

Page 59: ...die Umgebungstemperatur Achten Sie darauf da die Umgebungstemperatur nicht mehr als 40 C betr gt 8 Bringen Sie die SonicWall waagerecht im Rack an um m gliche Gefahren durch ungleiche mechanische Bela...

Page 60: ...deutschen Verordnung f r Arbeitspl tze mit visuellen Anzeigeger ten vorgesehen Hinweis zur Lithiumbatterie Die in der SMA 200 400 Appliance von SonicWall verwendete Lithiumbatterie darf nicht vom Benu...

Page 61: ...60 SonicWall Secure Mobile Access 200 400 Getting Started Guide 5 6 104 F 40 C 7 8 SonicWall 9 19 10 11 12 13 SonicWall SonicWall SonicWall SonicWall RS232 SonicWall...

Page 62: ...ess 200 400 Getting Started Guide 61 RoHS Pb Hg Cd Cr 6 PBB PBDE Chassis Bracket O O O O O Mechanical parts fan heatsink etc O O O O O PCBA O O O O O Cable connector O O O O O power supply O O O O O A...

Page 63: ...then current Support Services policies This warranty does not apply if the product has been subjected to abnormal electrical stress damaged by accident abuse misuse or misapplication or has been modif...

Page 64: ...ER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH D...

Page 65: ...64 SonicWall Secure Mobile Access 200 400 Getting Started Guide...

Page 66: ...s quickly and independently 24 hours a day 365 days a year To access the Support Portal go to https support sonicwall com The Support Portal enables you to View knowledge base articles and technical d...

Page 67: ...66 SonicWall Secure Mobile Access 200 400 Getting Started Guide...

Page 68: ...SMA 200 400 Getting Started Guide Updated March 2017 232 003789 50 RevA...

Reviews: