Dell SonicWALL NSA 6600, Getting Started Manual

Page 1: ...Getting Started Guide Dell SonicWALL Network Security Appliances NETWORK SECURITY NSA 6600 NSA_6600_GSG book Page 1 Wednesday April 3 2013 4 52 PM ...

Page 2: ...NSA_6600_GSG book Page 2 Wednesday April 3 2013 4 52 PM ...

Page 3: ...Explorer and Active Directory are trademarks or registered trademarks of Microsoft Corporation Other product and company names mentioned herein may be trademarks and or registered trademarks of their respective companies and are the sole property of their respective manufacturers 2013 04 P N 232 002213 50 Rev A NOTE A NOTE indicates important information that helps you make better use of your syst...

Page 4: ...Chapter 1 Sections Include Introduction to the NSA 6600 page 5 NSA 6600 Package Contents page 6 The Front Panel page 7 The Back Panel page 8 Using this Getting Started Guide page 9 Using MySonicWALL page 10 Creating a MySonicWALL Account page 10 Chapter 2 Sections Include Configuring the Appliance page 11 Determining the WAN Type page 12 System Requirements page 12 Recording Configuration Informat...

Page 5: ...g and Upgrading page 17 Registering Overview page 18 Registering in SonicOS page 18 Alternative Registration Options page 19 Licensing Security Services page 20 Activating Managing Licenses Using MySonicWALL page 21 Upgrading Firmware page 22 Chapter 4 Sections Include Deployment Scenarios page 25 Advanced Deployment Scenarios page 26 Configuring NAT Mode Gateway page 30 Configuring a Stateful HA ...

Page 6: ...4 In this Guide NSA_6600_GSG book Page 4 Wednesday April 3 2013 4 52 PM ...

Page 7: ...des front and rear illustrations of the NSA 6600 and explains how to create a MySonicWALL account NSA 6600 Package Contents page 6 The Front Panel page 7 The Back Panel page 8 Using this Getting Started Guide page 9 Using MySonicWALL page 10 Creating a MySonicWALL Account page 10 1 NSA_6600_GSG book Page 5 Wednesday April 3 2013 4 52 PM ...

Page 8: ...roved for use in your location The power cords are for AC mains installation only Field conversion DC power cable is different see Safety and Regulatory Information for more information Missing Items If any items are missing from your package contact Dell SonicWALL Support Web http www sonicwall com us Support html Email customer_service sonicwall com Getting Started Guide Dell SonicWALL Network S...

Page 9: ...dicates power supplies are operating correctly Yellow Indicates a disconnected power supply Test Quick Blinking Yellow Initializing Slow Blinking Yellow SafeMode Solid Yellow Test mode Alarm Indicates alarm activity in Red LED M0 Indicates Expansion Module 0 activity in Red LED 1 Gigabit Ethernet Management Interface SDHC Port Secure Digital High Capacity SDHC port for future use X8 X15 1 GE SFP X...

Page 10: ...ons before use See the Product Safety and Regulatory Information section on page 49 I o Expansion Bay Fans 2 Power Supply For Dell SonicWALL approved expansion modules Dual auto throttling fans for system temperature control Provides power to the Dell SonicWALL appliance by plugging in the AC adaptor and switching the appliance on NSA_6600_GSG book Page 8 Wednesday April 3 2013 4 52 PM ...

Page 11: ...de 9 Using this Getting Started Guide The following flow chart illustrates the necessary steps in the process of getting started with your new Dell SonicWALL NSA 6600 appliance NSA_6600_GSG book Page 9 Wednesday April 3 2013 4 52 PM ...

Page 12: ...an share security service licenses with your primary appliance Note MySonicWALL registration information is not sold or shared with any other company Creating a MySonicWALL Account A MySonicWALL account is required in order to register the NSA 6600 appliance Create a new MySonicWALL account from any computer by navigating to http www mysonicwall com To create a MySonicWALL account 1 In your Web br...

Page 13: ...o record configuration information and initial setup information and procedures Determining the WAN Type page 12 System Requirements page 12 Recording Configuration Information page 13 Initial Setup page 14 Troubleshooting Testing Your Connections page 16 2 NSA_6600_GSG book Page 11 Wednesday April 3 2013 4 52 PM ...

Page 14: ... password select NAT with PPPoE mode PPTP Point to Point Tunneling Protocol PPTP is used to connect to a remote server PPTP typically supports older Microsoft Windows implementations requiring tunneling connectivity Note For more information regarding other WAN types such as Layer 2 Tunneling Protocol L2TP Wire Mode or Tap Mode please refer to the SonicOS Administrator s Guide System Requirements ...

Page 15: ...t Mask _____ _____ _____ _____ Record the subnet mask for the local subnet where you are installing your Dell SonicWALL appliance Ethernet WAN IP Address _____ _____ _____ _____ Select a static IP address for your Ethernet WAN This setting only applies if you are already using an ISP that assigns a static IP address Admin Name Select an administrator account name default is admin Admin Password Se...

Page 16: ...the Dell SonicWALL NSA 6600 appliance into appropriate power outlets For further information regarding power requirements refer to the Product Safety and Regulatory Information section on page 49 of this document NSA 6600 LED Activity The Power LEDs on the front panel illuminate blue when the appliance is powered on The Link LED above the X0 port illuminates green or amber depending on the link th...

Page 17: ...Start your Web browser and navigate to the default LAN management IP address http 192 168 168 168 2 Launch the Dell SonicWALL Setup Wizard by clicking the first Here link This wizard helps you quickly configure the Dell SonicWALL appliance to secure your Internet connection 3 Follow the on screen prompts to complete the Dell SonicWALL Setup Wizard 4 A Setup Wizard Summary page displays at the end ...

Page 18: ... security appliance Testing Your WAN Connection Use the following steps to test your WAN connection 1 After you exit the Setup Wizard the login page reappears Log back into the Dell SonicWALL management interface and verify your IP and WAN connection 2 Open a command prompt window on your computer and enter the command ping sonicwall com 3 Open another Web browser and navigate to http www sonicwal...

Page 19: ... in SonicOS page 18 Alternative Registration Options page 19 Licensing Security Services page 20 Activating Managing Licenses Using MySonicWALL page 21 Upgrading Firmware page 22 Note Registration is an important part of the setup process and is necessary in order to receive the benefits of Dell SonicWALL security services firmware updates and technical support 3 NSA_6600_GSG book Page 17 Wednesda...

Page 20: ...2 168 168 168 Enter the default username and password admin password Then click Login 1 Navigate to the System Status page A message displays at the top of the screen that your Dell SonicWALL appliance is not registered Click the Register link 2 Enter your MySonicWALL username and password in the appropriate fields Then click Submit If you haven t created a MySonicWALL account see the Creating a M...

Page 21: ...rmation on the Product Survey page then click Submit Synchronizing Licenses Manually To manually synchronize licenses with MySonicWALL from the SonicOS interface 1 Login to your appliance and navigate to the System Licenses page 2 Scroll to the Manage Security Services Online section 3 Click the Synchronize button to synchronize licenses with MySonicWALL Using the License Keyset MySonicWALL provid...

Page 22: ... details click the Name of the product The Service Management displays with the most recent details The Applicable Services section lists the services available for your product The Status of a service indicates whether the service is Licensed Not Licensed or Expired The Action column lets you purchase or activate additional services The following products and services are available for the Dell S...

Page 23: ...d perform the following tasks 1 In the MySonicWALL page and click the appliance Name The Applicable Services table displays a list of services that are already licensed on your Dell SonicWALL appliance Note that your initial purchase may have included security services or other software bundled with the appliance These licenses are enabled on MySonicWALL when the appliance is delivered to you 2 Lo...

Page 24: ...ssary to return to a previous configuration state In addition to creating a system backup you can export the configuration preferences file to your local management station This file serves as an external backup of the configuration preferences and can be imported back into the Dell SonicWALL security appliance if it is necessary to reboot the firmware with factory default settings Perform the fol...

Page 25: ...current configuration settings upon startup Tip The appliance must be properly registered before it can be upgraded Refer to the Registering in SonicOS section on page 18 for more information 1 Download the SonicOS firmware image file from MySonicWALL and save it to a convenient location on your local computer 2 On the System Settings page click Upload New Firmware 3 Browse to the location where y...

Page 26: ...iance has rebooted into SafeMode 3 Enter 192 168 1 254 into your computer s Web browser to access the SafeMode management interface 4 Click Upload New Firmware and then browse to the location where you saved the SonicOS firmware image select the file and click the Upload button 5 Select the boot icon in the row for one of the following Uploaded Firmware New Use this option to restart the appliance...

Page 27: ...erviews as well as deployment scenarios for your Dell SonicWALL NSA 6600 Advanced Deployment Scenarios page 26 Configuring NAT Mode Gateway page 30 Configuring a Stateful HA Pair page 31 Configuring L2 Bridge Mode page 37 4 NSA_6600_GSG book Page 25 Wednesday April 3 2013 4 52 PM ...

Page 28: ...ateway appliance SuperMassive appliance in addition to an existing Dell SonicWALL gateway appliance Scenario B Stateful HA Pair page 28 LAN Zone DMZ Zone WLAN Zone SonicPoint Internet ISP 1 A SonicWALL NSA 6600 CONSOLE SDHC MGMT X19 X17 X16 X14 X12 X10 X8 X6 X4 1GE 1GE 10GE BYPASS STATUS X2 X0 X1 X3 X5 X7 X9 X11 X13 X15 X18 M0 ALARM TEST PWR B SonicWALL NSA 6600 CONSOLE SDHC MGMT X19 X17 X16 X14 X...

Page 29: ...ng and failover purposes Because only a single Dell SonicWALL appliance is deployed the added benefits of high availability with a stateful synchronized pair are not available To set up this scenario follow the steps covered in Configuring NAT Mode Gateway page 30 LAN Zone DMZ Zone WLAN Zone SonicPoint Internet ISP 1 A Dell SonicWALL NSA Appliance SonicWALL NSA 6600 CONSOLE SDHC MGMT X19 X17 X16 X...

Page 30: ...e without dropping connections if the Primary device loses connectivity To set up this scenario follow the steps covered in Configuring a Stateful HA Pair page 31 B SonicWALL NSA 6600 CONSOLE SDHC MGMT X19 X17 X16 X14 X12 X10 X8 X6 X4 1GE 1GE 10GE BYPASS STATUS X2 X0 X1 X3 X5 X7 X9 X11 X13 X15 X18 M0 ALARM TEST PWR SonicWALL NSA 6600 CONSOLE SDHC MGMT X19 X17 X16 X14 X12 X10 X8 X6 X4 1GE 1GE 10GE ...

Page 31: ...ect traffic types that cannot be handled by many other methods of transparent security appliance integration Using L2 Bridge Mode a Dell SonicWALL security appliance can be non disruptively added to any Ethernet network to provide in line deep packet inspection for TCP and UDP traffic To set up this scenario follow the steps covered in Configuring L2 Bridge Mode page 37 Dell SonicWALL NSA Applianc...

Page 32: ... SonicWALL security appliance Outbound traffic from the internal network uses many to one NAT address mappings for their LANs WLANs and other internal networks All traffic in SonicOS must go through both an access rule and a NAT policy a fundamental part of the NAT Mode architecture The NAT policy is even used for traffic that needs no IP address translation such as traffic traveling between two d...

Page 33: ...icy based NAT allows you to deploy different types of NAT simultaneously For configuration procedures and information regarding the different types of NAT policies such as Many to One One to One or One to Many Load Balancing refer to the SonicOS Administrator s Guide Configuring a Stateful HA Pair This section provides instructions for configuring a pair of Dell SonicWALL NSA 6600 appliances for S...

Page 34: ...figuring the High Availability Settings page on the Primary Dell SonicWALL security appliance Once you configure HA on the Primary appliance it communicates the settings to the Secondary appliance To configure HA on the Primary Dell SonicWALL log in to your Primary appliance and perform the following steps 1 Navigate to the High Availability Settings page 2 On the General tab select Active Idle fr...

Page 35: ...h you want to edit settings The Edit HA Monitoring dialog box displays 2 In the Primary IP Address field enter the unique LAN or WAN management IP address of the Primary appliance 3 In the Secondary IP Address field enter the unique LAN or WAN management IP address of the Secondary appliance 4 Select the Allow Management on Primary Secondary IP Address checkbox 5 Optionally Enable Physical Link Mo...

Page 36: ... for the interval in seconds between communication with upstream or downstream systems Dell SonicWALL recommends that you set the interval for at least 5 seconds You can set the Probe IP Address es on the High Availability Monitoring screen 4 The Election Delay Time is the number of seconds allowed for internal processing between the two units in the HA pair before one of them takes the primary ro...

Page 37: ...ppliance has not yet been registered follow the steps listed in the Registering on MySonicWALL section on page 19 to register it This is necessary to make it available for HA association with the Primary Once both appliances are registered you can then follow the steps below to associate the two Dell SonicWALL appliances 1 Login to your MySonicWALL account 2 Click My Products from the left navigat...

Page 38: ...ary Dell SonicWALL Status Active in the upper right hand corner To verify that the Primary and Secondary Dell SonicWALL security appliances are functioning correctly wait a few minutes then turn off the Primary device The Secondary security appliance should quickly take over From your management workstation test connectivity through the Secondary appliance by accessing a site on the public Interne...

Page 39: ...ur Dell SonicWALL to your LAN resources Configuring the Primary Bridge Interface The primary bridge interface is connected to your existing Internet gateway device The only step involved in setting up your primary bridge interface is to ensure that the WAN interface is configured for a static IP address You will need this static IP address when configuring the secondary bridge Note that the primar...

Page 40: ...he Bridged to drop down select the X1 interface 5 Configure management options HTTP HTTPS Ping SNMP SSH User logins or HTTP redirects Note Do not enable Never route traffic on this bridge pair unless your network topology requires that all packets entering the L2 Bridge remain on the L2 Bridge segments You may optionally enable the Block all non IPv4 traffic setting to prevent the L2 bridge from p...

Page 41: ...ovides overviews of customer support and training options for the Dell SonicWALL NSA 6600 Customer Support page 40 Knowledge Portal page 40 User Forums page 41 Training page 41 Related Documentation page 42 5 NSA_6600_GSG book Page 39 Wednesday April 3 2013 4 52 PM ...

Page 42: ...il and Web based technical support software and firmware updates and upgrades and Advance Exchange hardware replacement Please Note Continuous support is required on all NSA products For further information visit http www sonicwall com us support html Knowledge Portal The Knowledge Portal is a resource which allows users to search for Dell SonicWALL documents based on the following types of search...

Page 43: ... Scrutinizer WAN Acceleration WXA For further information visit https forum sonicwall com Training Dell SonicWALL offers an extensive sales and technical training curriculum for Network Administrators Security Experts and Dell SonicWALL Medallion Partners who need to enhance their knowledge and maximize their investment in Dell SonicWALL Products and Security Applications Dell SonicWALL Training p...

Page 44: ...IPFIX Netflow Reporting Deep Packet Inspection for SSL Multiple Administrators NAT Load Balancing Packet Capture RF Management Single Sign On SSL Control Virtual Access Points Dell SonicWALL Global VPN Client Administrator s Guide Dell SonicWALL GAV Administrator s Guide Dell SonicWALL IPS Administrator s Guide Dell SonicWALL Anti Spyware Administrator s Guide For further information visit http ww...

Page 45: ...n provides illustrated rack mounting instructions for the Dell SonicWALL NSA 6600 For more information on rack mounting requirements see the Product Safety and Regulatory Information section on page 49 6 NSA_6600_GSG book Page 43 Wednesday April 3 2013 4 52 PM ...

Page 46: ...44 Rack Mounting Instructions Rack Mounting Instructions M4 SCREW 8 WASHERS 8 Fasten 4 screws to the rail Assemble the Slide Rail A B A B NSA_6600_GSG book Page 44 Wednesday April 3 2013 4 52 PM ...

Page 47: ...Rack Mounting Instructions 45 M5 SCREW 8 M5 Nut 8 Assemble the Slide Rail Fasten two sided screws to the rail C C NSA_6600_GSG book Page 45 Wednesday April 3 2013 4 52 PM ...

Page 48: ...46 Rack Mounting Instructions Assemble Inner Rail to Chassis Fasten 6 screws to attach the inner channel onto the chassis M4 SCREW 6 D D NSA_6600_GSG book Page 46 Wednesday April 3 2013 4 52 PM ...

Page 49: ...Rack Mounting Instructions 47 Insert Chassis to Frame Push hook down to separate Slide inner channel into rails NSA_6600_GSG book Page 47 Wednesday April 3 2013 4 52 PM ...

Page 50: ...48 Rack Mounting Instructions NSA_6600_GSG book Page 48 Wednesday April 3 2013 4 52 PM ...

Page 51: ... this Section This section provides regulatory along with trademark and copyright information Safety and Regulatory Information page 50 Warranty Information page 54 Copyright Notice page 54 7 NSA_6600_GSG book Page 49 Wednesday April 3 2013 4 52 PM ...

Page 52: ...inet A suitably rated and approved branch circuit breaker shall be provided as part of the building installation Follow local code when purchasing materials or components Consideration must be given to the connection of the equipment to the supply circuit Appropriate consideration of equipment nameplate ratings must be used when addressing this concern Do not overload the circuit Reliable groundin...

Page 53: ...kauf von Material oder Komponenten Prüfen Sie den Anschluss des Geräts an die Stromversorgung damit der Überstromschutz sowie die elektrische Leitung nicht von einer eventuellen Überlastung der Stromversorgung beeinflusst werden Prüfen Sie dabei sorgfältig die Angaben auf dem Aufkleber des Geräts Überlasten Sie nicht den Stromkreis Eine sichere Erdung der Geräte im Rack muss gewährleistet sein Ins...

Page 54: ... 塓娵 䘬 㓗暣嶗㕟嶗 ἄ 䁢 墅娚墅伖䘬ᶨ悐 ˤ 岤屟㛸㕁ㆾ悐ẞ㗪炻ㅱ思 䔞 ℐẋ䡤ˤ ɀ 枰䔁 墅伖冯暣㸸暣嶗䘬忋 柴炻暣嶗忶庱 忶暣㳩ᾅ 嬟冯暣嶗暣䶂䘬 枧暨旵军㚨Ỷˤ妋㰢忁ᾳ 柴㗪炻暨㬋䡢侫 ㄖ墅伖所䇴柵 ῤˤᶵ天忶庱暣嶗ˤ ɀ 枰䵕嬟 月䘬㨇㝞墅庱姕 ˤ 枰䈡 䔁シ暣㸸ὃㅱ 忋䶂炻侴ᶵ㗗䚜 忋 暣㸸㜧ᷳ栆䘬 㓗暣嶗ˤ ɀ晐旬䘬暣㸸䶂 旸㕤䈡 䘬 ㆾ ἧ䓐ˤἧ䓐 炻婳䡢 娵暣㸸䶂䘬柵 ῤᶼ 塓娵 Ἀ䘬 ᶲἧ䓐ˤ ɀ Ṍ㳩暣㸸䶂怬忋 叿暣㸸㗪䦣昌ㆾ 墅暣㸸ˤ ɀ䔞 墅 临 妠䓊 側朊ᷳ 炻 枰䓐ⶍ 㕳坢憀挾 䵲ˤ ɀ㚜 桐 悐ẞ 炻婳Ṽ䳘教嬨炻 思 ὃ䘬 䣢ˤ 折暣㰈嬎 ἧ䓐侭ᶵ 冒埴㚜 䇦 ŔŰůŪŤŘłōōġ䵚晃䵚嶗 ℐ 墅伖 ἧ 䓐䘬折暣㰈ˤ 枰 䇦 ŔŰůŪŤŘłōōġ復 䇦 ŔŰůŪŤŘłōō 㪲 䘬㚵 炻ẍ㚜 䚠 䘬折暣㰈ㆾ墥忈 啎䘬 栆 折暣 㰈ˤ劍 ảỽ 枰 㡬暣㰈ㆾ...

Page 55: ...炻㕤 ỷ䑘 ἧ䓐㗪炻 傥㚫忈ㆸ 柣㒦 炻 㬌䧖ね㱩ᶳ炻ἧ䓐侭㚫塓天㯪 㝸ṃ怑䔞䘬 䫾ˤ VCCI Statement 塭伖 ˣ Ρͱ烐ね 埻塭伖 ˤ 塭伖 䑘 ἧ䓐 暣㲊 崟 ˤ ἧ䓐侭 怑 䫾 嫃 天㯪 ˤˢˢˢˢˢˢ VCCI A Canadian Radio Frequency Emissions Statement This Class A digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe A est conforme à toutes la norme NMB 003 du Canada Complies with EN 55022 Class A and CISPR22 Class A Warning This is a class A product In...

Page 56: ...e described within cannot be copied in whole or part without the written consent of the manufacturer except in the normal use of the software to make a backup copy The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original This exception does not allow copies to be made for others whether or not sold but all of the material purchased with all...

Page 57: ...NSA_6600_GSG book Page 1 Wednesday April 3 2013 4 52 PM ...