SonicWALL SSL-VPN 4000, Getting Started Manual

Page 1: ...Secure Remote Access Solutions APPLIANCES SonicWALL SSL VPN Series SonicWALL SSL VPN 4000 Getting Started Guide...

Page 2: ...lizing only a standard Web browser users can easily and securely access e mail files intranets applications and other resources on the corporate LAN from any location SonicWALL SSL VPN 4000 Configurat...

Page 3: ...t Management UTM appliance or your perimeter firewall A computer to use as a management station for initial configuration of the SonicWALL SSL VPN 4000 A Web browser supporting Java version 1 3 1 or h...

Page 4: ...lect the following information about your current network configuration Primary DNS Secondary DNS optional DNS Domain WINS server s optional Other Information These are the default settings for access...

Page 5: ...ti Spyware SonicOS Enhanced 3 1 or higher TZ 170 Series PRO 1260 PRO 2040 PRO 3060 PRO 4060 PRO 4100 PRO 5060 Scenario A SSL VPN on a New DMZ OPT or unused interface A new DMZ configured for either NA...

Page 6: ...orms a series of diagnostic tests When the Test light is no longer lit the SonicWALL SSL VPN 4000 is ready for configuration If the Test or Alarm LEDs remain lit or if the Test LED blinks red after th...

Page 7: ...ter refer to Configuring a Static IP Address on page 52 Alert A Web browser supporting Java and HTTP uploads such as Internet Explorer 5 01 or higher Netscape Navigator 4 7 or higher Mozilla 1 7 or hi...

Page 8: ...LL SSL VPN 4000 verify the following configurations Did you plug your management workstation into the interface X0 on the SonicWALL SSL VPN appliance Management can only be performed through X0 Is the...

Page 9: ...sed management interface This section includes the following subsections Setting Your Administrator Password on page 9 Adding a Local User on page 9 Setting Time Zone on page 10 Configuring SSL VPN Ne...

Page 10: ...ave to reset the SonicWALL SSL VPN 4000 to factory settings losing your configuration 3 Enter a password for the admin account in the Password field Re enter the password in the Confirm Password field...

Page 11: ...now configure your SSL VPN 4000 network settings Refer to the notes you took in Network Configuration Information on page 3 to complete this section Configuring DNS WINS 1 Select the Network DNS page...

Page 12: ...omputer you use to manage the SonicWALL SSL VPN 4000 to have a static IP address in the range you just set for the X0 interface for example 10 1 1 20 or 192 168 200 20 For help with setting up a stati...

Page 13: ...nation Network field For example if you are connecting to an existing DMZ with the network 192 168 50 0 24 and you want to provide access to your LAN network 192 168 168 0 24 you would enter 192 168 1...

Page 14: ...cases where there are other hosts on the same segment as the SonicWALL SSL VPN appliance it must not overlap or collide with any assigned addresses You can determine the correct subnet based on your...

Page 15: ...public addresses from your ISP In either case you may assign a new unallocated IP range to NetExtender such as 192 168 10 100 to 192 168 10 200 and configure a route to this range on your gateway appl...

Page 16: ...page 16 Scenario C Configuring Your Network Interface on page 17 Scenario C Connecting the SonicWALL SSL VPN 4000 on page 17 Scenario A Connecting the SonicWALL SSL VPN 4000 To connect the SonicWALL S...

Page 17: ...cenario B Connecting the SonicWALL SSL VPN 4000 To connect the SonicWALL SSL VPN 4000 using Scenario B perform the following steps 1 Connect one end of an Ethernet cable to an unused port on your DMZ...

Page 18: ...ask in the Subnet Mask field 5 Click the OK button to apply changes Scenario C Connecting the SonicWALL SSL VPN 4000 To connect the SonicWALL SSL VPN 4000 using Scenario C perform the following steps...

Page 19: ...in SonicOS Standard on page 19 Scenario A Allowing WAN DMZ Connection in SonicOS Standard on page 19 Scenario A Allowing DMZ LAN Connection in SonicOS Standard on page 21 Scenario A Adding a New SSL...

Page 20: ...hanced skip to Scenario A Allowing WAN SSL VPN Connection in SonicOS Enhanced on page 26 9 Tip Leave the default rule to deny any access from WAN to DMZ in place and use the Public Server Rule Wizard...

Page 21: ...e perform the following selections Click Next 6 In the Congratulations page click Apply to create the rules and allow access from the WAN to the SonicWALL SSL VPN appliance on the DMZ Service HTTPS Se...

Page 22: ...e LAN You need to create two rules one to allow traffic from the SonicWALL SSL VPN appliances X0 interface to your LAN and one to allow traffic from NetExtender to your LAN Note This procedure uses th...

Page 23: ...ress page perform the following selections and click Next Interface DMZ IP Address Begin The X0 IP address of the SonicWALL SSL VPN appliance 192 168 200 1 by default IP Address End The X0 IP address...

Page 24: ...m the following selections and click Next 8 In the Step 6 Access Rule Time page leave Time Active set to Always Active unless you want to limit when you want SSL VPN clients to have access to the LAN...

Page 25: ...k Next 7 In the Step 5 Access Rule Destination Interface and Address page perform the following selections and click Next 8 In the Step 6 Access Rule Time page leave Time Active set to Always Active u...

Page 26: ...rom the Security Type drop down menu 6 Un check the Allow Interface Trust checkbox 7 Check the Gateway AV Intrusion Prevention Service and Anti Spyware checkboxes 8 Click the OK button 9 Enter the IP...

Page 27: ...is running SonicOS Standard refer to Scenario A Allowing WAN DMZ Connection in SonicOS Standard on page 19 Create a public server access rule for HTTP and HTTPS traffic 1 Select the Firewall Access R...

Page 28: ...both HTTP and HTTPS and click Click OK when both HTTP and HTTPS are in the right column 6 In the Step 2 Server Private Network Configuration page enter Click Next Server Name A name for your SonicWAL...

Page 29: ...nicWALL UTM appliance If you accept this default all HTTP and HTTPS traffic to this IP address will be routed to your SonicWALL SSL VPN 4000 Click Next 8 The Step 4 Public Server Configuration Summary...

Page 30: ...VPN 4000 Click OK to create the object 4 Click again to create an address object for the NetExtender range 5 In the Add Object dialog box create an address object for the X0 interface IP address of yo...

Page 31: ...ddress of your SonicWALL SSL VPN 4000 and the NetExtender IP range Enter a name for the group In the left column select the two groups you created in steps 1 through 5 and click Click OK when both obj...

Page 32: ...dress group you just created access to the LAN Click OK to create the rule Continue to Step Action Allow From Zone SSL VPN To Zone LAN Service Any Source The address group you just created such as Son...

Page 33: ...your user name and password in the appropriate fields and press the Login button Note Remember that you are logging into your SonicWALL UTM appliance not the SSL VPN Your user name and password combi...

Page 34: ...ic Server page perform the following selections Click Next 6 In the Congratulations page click Apply to create the rules and allow access from the WAN to the SonicWALL SSL VPN appliance on the DMZ Ser...

Page 35: ...s one to allow traffic from the SonicWALL SSL VPN appliance s X0 interface to your LAN and one to allow traffic from NetExtender to your LAN Note This procedure uses the Access Rule Wizard to create t...

Page 36: ...d Address page perform the following selections and click Next Interface DMZ IP Address Begin The X0 IP address of the SonicWALL SSL VPN appliance within your DMZ range for example 10 1 1 200 IP Addre...

Page 37: ...ions and click Next 8 In the Step 6 Access Rule Time page leave Time Active set to Always Active unless you want to limit when you want SSL VPN clients to have access to the LAN 9 In the Congratulatio...

Page 38: ...ck Next 7 In the Step 5 Access Rule Destination Interface and Address page perform the following selections and click Next 8 In the Step 6 Access Rule Time page leave Time Active set to Always Active...

Page 39: ...ffic Note If you are already forwarding HTTP or HTTPS to an internal server and you only have a single public IP address you will need to select different unique ports of operation for either the exis...

Page 40: ...and HTTPS and click Click OK when both HTTP and HTTPS are in the right column 6 In the Step 2 Server Private Network Configuration page enter Click Next Server Name A name for your SonicWALL SSL VPN...

Page 41: ...nicWALL UTM appliance If you accept this default all HTTP and HTTPS traffic to this IP address will be routed to your SonicWALL SSL VPN 4000 Click Next 8 The Step 4 Public Server Configuration Summary...

Page 42: ...Click again to create an address object for the NetExtender range 5 In the Add Object dialog box create an address object for the X0 interface IP address of your SonicWALL SSL VPN 4000 Click OK to cr...

Page 43: ...ddress of your SonicWALL SSL VPN 4000 and the NetExtender IP range Enter a name for the group In the left column select the two groups you created in steps 1 through 5 and click Click OK when both obj...

Page 44: ...address group you just created access to the LAN Click OK to create the rule Continue to Step Action Allow From Zone DMZ To Zone LAN Service Any Source The address group you just created such as Sonic...

Page 45: ...Scenario C Setting Public Server Access in SonicOS Enhanced on page 46 Scenario C Connecting to the SonicWALL UTM Appliance Using a computer connected to your LAN launch your Web browser and log in to...

Page 46: ...ect HTTPS from the Service drop down list 7 Enter 192 168 168 200 or the IP address to which you have configured your X0 interface on your SonicWALL SSL VPN appliance in the Private IP field 8 Select...

Page 47: ...he Wizard 6 Enter SSL VPN in the Server Name field 7 Enter 192 168 168 200 or the address to which you have configured your X0 interface on your SonicWALL SSL VPN appliance in the Private IP field 8 E...

Page 48: ...o that you create a DNS record to allow for FQDN access to your SonicWALL SSL VPN appliance If you do not manage your own public DNS servers contact your Internet Service Provider for assistance For c...

Page 49: ...shared with any other company Registering with MySonicWALL 1 If you are not logged into the SonicWALL SSL VPN 4000 management interface log in with the username admin and the administrative password...

Page 50: ...appropriate fields 8 Enter a friendly name for your SonicWALL SSL VPN in the Friendly Name field 9 Click the Register button 10 When the mySonicWALL com server has finished processing your registrati...

Page 51: ...ng a unique URL embedded in the confirmation e mail After logging in to the selected provider s page you should visit the administrative link typically add or manage and create your host entries This...

Page 52: ...cally leave the default settings on this page 10 The On line Settings section provides control over what address is registered with the dynamic DNS provider The options are Let the server detect IP Ad...

Page 53: ...mple 255 255 255 0 in the Subnet Mask field 5 Type the SonicWALL SSL VPN 4000 LAN IP Address into the Default Gateway field 6 Type the DNS IP address in the Preferred DNS Server field If you have more...

Page 54: ...IP range in the IP Address field 6 Type the appropriate subnet mask for example 255 255 255 0 in the Subnet Mask field 7 Type the SonicWALL SSL VPN 4000 LAN IP Address in the Default Gateway field 8 C...

Page 55: ...40 C is recommended Route cables away from power lines fluorescent lighting fixtures and sources of noise such as radios transmitters and broadband amplifiers Ensure that no water or excessive moistur...

Page 56: ...d as four numbers from 0 to 255 separated by periods for example 172 16 31 254 LAN A Local Area Network is typically a group of computers located at a single location and is commonly based on the Ethe...

Page 57: ...for subnet with only eight IP addresses TCP IP Transmission Control Protocol Internet Protocol is the basic communication protocol of the Internet It supports sending information in packets and ident...

Page 58: ...may not be replaced by the user The SonicWALL must be returned to a SonicWALL authorized service center for replacement with the same or equivalent type recommended by the manufacturer If for any reas...

Page 59: ...o change without notice Trademarks SonicWALL is a registered trademark of SonicWALL Inc Microsoft Windows 98 Windows NT Windows 2000 Windows XP Windows Server 2003 Internet Explorer and Active Directo...

Page 60: ...SonicWALL SSL VPN 4000 Getting Started Guide Page 59 Notes...

Page 61: ...Page 60 Notes...

Page 62: ...erein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice T 1 408 745 9600 SonicWALL Inc 1143 Borregas Avenue...