SonicWALL NSA 240 Getting Started Manual
  1. Manuals
  2. Brands
  3. SonicWALL Manuals
  4. Firewall
  5. NSA 240
  6. Getting started manual

SonicWALL NSA 240 Getting Started Manual

Network security appliances
Hide thumbs Also See for NSA 240:
Table of Contents

Advertisement

Quick Links

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NSA 240 and is the answer not in the manual?

Questions and answers

Related Manuals for SonicWALL NSA 240

Summary of Contents for SonicWALL NSA 240

  • Page 2 SonicWALL NSA 240 Getting Started Guide This Getting Started Guide provides instructions for basic installation and configuration of the SonicWALL Network Security Appliance (NSA) 240 running SonicOS Enhanced. After you complete this guide, computers on your Local Area Network (LAN) will have secure Internet access.

  • Page 3: Sonicwall Nsa

    SonicWALL NSA 240 Front Panel LAN/WAN Port Status Provides dedicated LAN/WAN port status as follows: link/spd: Off=10M Green=100M Amber=1,000M Off=10M activity: Solid=link Green=100M Blinking=activity Solid=link Blinking=activity PC Card Slot (side of unit) NSA 240 Provides an interface for the WWAN PC...
  • Page 4 DB9 -> RJ45 cable LAN Port (X0) Reset Button Provides dedicated LAN Press and hold to access to local area manually reset the network resources appliance to “safe mode” SonicWALL NSA 240 Getting Started Guide Page iii...
  • Page 5 SonicWALL NSA 240 LED Reference Guide X0 X1 X2 X4 X5 X6 X7 X8 Page iv SonicWALL NSA 240 LED Reference Guide...
  • Page 6 Pre-Configuration Tasks In this Section: This section provides pre-configuration information. Review this section before setting up your SonicWALL NSA 240 appliance. • Check NSA 240 Package Contents - page 2 • Obtain Configuration Information - page 3 • Obtain WWAN Service Provider Information - page 5 •...
  • Page 7 Check NSA 240 Package Contents Before setting up your SonicWALL NSA appliance, verify that your Any Items Missing? package contains the following parts: If any items are missing from your package, please contact SonicWALL support. NSA 240 Appliance Release Notes...
  • Page 8 Record the authentication code found on the bottom panel of your SonicWALL appliance. Networking Information LAN IP Address: Select a static IP address for your SonicWALL appliance that is within the range of your local subnet. If you are unsure, you can use the default IP address (192.168.168.168). Subnet Mask: Record the subnet mask for the local subnet where you are installing your SonicWALL appliance.

  • Page 9: Deployment Scenarios

    Obtain Internet Service Provider (ISP) Information Record the following information about your secondary ISP: Record the following information about your current ISP: ISP 2 (Optional for Multiple WAN Failover) ISP 1 If you connect You likely Please record If you connect You likely Please record Cable modem,...

  • Page 10: Verifying Your Connection

    WWAN Account Information is automatically populated based on the chosen service provider and plan type. In most cases, if you selected the correct service provider and plan type the WWAN account information does not have to be altered. SonicWALL NSA 240 Getting Started Guide Page 5...
  • Page 11 Verify System Requirements Before you begin the setup process, verify that you have: • An Internet connection • A Web browser supporting Java Script and HTTP uploads Accepted Browser Version Browser Number Internet 6.0 or higher Explorer Firefox 2.0 or higher Netscape 9.0 or higher Opera...

  • Page 12: Additional Deployment Configuration

    Verifying Your Connection - page 9 Alert: DO NOT insert your PC card into the SonicWALL NSA 240 appliance until you have completed the setup process for your card as described in this section. SonicWALL NSA 240 Getting Started Guide...

  • Page 13: Support And Training Options

    This section covers prerequisites necessary to set up most through your PC using this card, you may skip this section and WWAN PC cards to work with the NSA 240. Using an available Registering Your Appliance - page 11 continue to...

  • Page 14: Product Safety And Regulatory Information

    Enter on the keyboard. Note: The name of your Ethernet adaptor may differ from the screenshot below. Common names for newly acquired cards are “Local Area Connection 2” or “Local Area Connection 3.” SonicWALL NSA 240 Getting Started Guide Page 9...
  • Page 15 Page 10 WWAN PC Card Setup...
  • Page 16 Registering and Licensing Your Appliance on MySonicWALL - page 13 Note: Registration is an important part of the setup process and is necessary in order to receive the benefits of SonicWALL security services, firmware updates, and technical support. SonicWALL NSA 240 Getting Started Guide...

  • Page 17: Deployment Scenarios - Page

    This method allows you to prepare for your deployment before making any changes to your existing network. Note that your SonicWALL NSA appliance does not need to be powered on during account creation or during the MySonicWALL registration and licensing process.
  • Page 18 • Registering a Second Appliance as a Backup Product Registration You must register your SonicWALL security appliance on MySonicWALL to enable full functionality. Login to your MySonicWALL account. If you do not have an account, you can create one at www.mysonicwall.com.
  • Page 19 Licensing Security Services and Software The following products and services are available for the SonicWALL NSA 240: The Service Management - Associated Products page in • Service Bundles: MySonicWALL lists security services, support options, and • Client/Server Anti-Virus Suite software, such as ViewPoint, that you can purchase or try with a •...
  • Page 20 These licenses are enabled on MySonicWALL when the SonicWALL appliance is delivered The MySonicWALL server will generate a license key for the to you. product. The key is added to the license keyset. You can use...
  • Page 21 On the Service Management - Associated Products page, scroll down to the Associated Products section to verify To ensure that your network stays protected if your SonicWALL that your product registered successfully. You should see appliance has an unexpected failure, you can purchase a...

  • Page 22: Table Of Contents

    Scenario C: L2 Bridge Mode - page 32 Tip: - page 3 Before completing this section, fill out the information in Obtain Configuration Information . You will need to enter this information during the Setup Wizard. SonicWALL NSA 240 Getting Started Guide Page 17...

  • Page 23: Sonicwall Nsa 240

    SonicWALL NSA 240 is ready for configuration. This typically occurs within a few minutes of applying power to the appliance. If the Test LED remains lit after the SonicWALL NSA appliance has been booted, restart the appliance by cycling power.

  • Page 24: Selecting A Deployment Scenario

    Current Gateway Configuration New Gateway Configuration Use Scenario No gateway appliance Single SonicWALL NSA as a primary gateway. A - NAT/Route Mode Gateway Pair of SonicWALL NSA appliances for high B - NAT with HA Pair availability.

  • Page 25: Scenario A: Nat/Route Mode Gateway

    Scenario A: NAT/Route Mode Gateway In this scenario, the SonicWALL NSA 240 is configured in NAT/ Internet Internet Route mode to operate as a single network gateway. Two SonicWALL NSA WWAN Internet sources may be routed through the SonicWALL X0 X1 X2...
  • Page 26 Connect one end of the provided Ethernet cable to the This section provides initial configuration instructions for computer you are using to manage the connecting your SonicWALL NSA 240. Follow these steps if you SonicWALL NSA Series. are setting up Scenario A.
  • Page 27 The SonicWALL Setup Wizard launches and guides you Troubleshooting Initial Setup through the configuration and setup of your SonicWALL If you cannot connect to the SonicWALL NSA appliance or the NSA appliance. Setup Wizard does not display, verify the following configurations: •...
  • Page 28 DHCP address. If you still cannot view a Web page, try one of these solutions: The SonicWALL NSA 240 ships with the internal DHCP server • Restart your Management Station to accept new active on the LAN port. However, if a DHCP server is already...

  • Page 29: Scenario B: Ha Pair In Nat/Route Mode

    For network installations with two SonicWALL NSA 240 appliances configured as a stateful synchronized pair for redundant high availability networking. SonicWALL NSA 1 In this scenario, one SonicWALL NSA 240 operates as the X0 X1 X2 X3 X4 X5 X6 X7 X8...

  • Page 30: Sonicwall Nsa 240 Getting Started Guide Page

    SonicWALL security appliance, perform the following setup: section is relevant to administrators following deployment Scenario B. On the back panel of the Backup SonicWALL security appliance, locate the serial number and write the number This section contains the following subsections: down.

  • Page 31: Tip

    Stateful Synchronization. This is because preempt mode can be over-aggressive about failing You can find the serial number on the back of the SonicWALL over to the backup appliance. security appliance, or in the System > Status screen of the backup unit.
  • Page 32 RIP or OSPF dynamic routing, and it is only displayed than this may cause unnecessary failovers, especially when the Advanced Routing option is selected on the when the SonicWALL is under a heavy load. Network > Routing page. When a failover occurs, Typically, SonicWALL recommends leaving the Heartbeat...
  • Page 33 From your management workstation, test connectivity through However, if you later choose to do a manual synchronization of the Backup SonicWALL by accessing a site on the public settings, click the Synchronize Settings button. You will see a Internet – note that the Backup SonicWALL, when active,...
  • Page 34 You can configure HA license synchronization by associating activate the Stateful High Availability Upgrade license for the two SonicWALL security appliances as HA Primary and HA primary unit in SonicOS. This is automatic if your appliance is Secondary on MySonicWALL. Note that the Backup appliance connected to the Internet.
  • Page 35 System > Status page. This To associate two already-registered SonicWALL security allows each unit to synchronize with the SonicWALL appliances so that they can use HA license synchronization, license server and share licenses with the associated perform the following steps: appliance.
  • Page 36 Next... Verifying Your Connection section, Continue to on page 35 to verify your WWAN connection. SonicWALL NSA 240 Getting Started Guide Page 31...

  • Page 37: Scenario C: L2 Bridge Mode

    Scenario C: L2 Bridge Mode For network installations where the SonicWALL NSA 240 is Network Gateway running in tandem with an existing network gateway. In this scenario, the original gateway is maintained. The SonicWALL NSA L2 Bridge Link SonicWALL NSA 240 is integrated seamlessly into the existing...
  • Page 38 • Configuring the Secondary Bridge Interface Connection Overview Connect the X1 port on your SonicWALL NSA 240 to the LAN port on your existing Internet gateway device. Then connect the X0 port on your SonicWALL to your LAN. Network Gateway...
  • Page 39 Configuring the Secondary Bridge Interface Note: Do not enable Never route traffic on the bridge-pair Complete the following steps to configure the SonicWALL appliance: unless your network topology requires that all packets entering the L2 Bridge remain on the L2 Bridge Navigate to Network >...
  • Page 40 Verifying Your Connection In this Section: This section provides instructions to ensure proper connectivity of your SonicWALL NSA 240 appliance. • Verifying Management Interface Connectivity - page 36 • Verifying WAN (Internet) Connectivity - page 37 • Viewing the WWAN Connection Status - page 37 •...

  • Page 41: Verifying Management Interface Connectivity

    Verifying WAN (Internet) Connectivity section, on page 37. Otherwise, continue with step 2. Wait for the SonicWALL NSA 240 to reboot. When the Test LED is no longer lit, the SonicWALL NSA 240 is ready for login. If the login page does not display after reboot, open a Web browser on the computer and manually navigate to the LAN IP address of your SonicWALL NSA 240.

  • Page 42: Verifying Wan (Internet) Connectivity

    (1) port to launch a new Web browser. Navigate to a website, such as: Connected Indicates an active connection. <http://www.sonicwall.com/> If the website displays, your SonicWALL NSA 240 is configured correctly as your gateway device. SonicWALL NSA 240 Getting Started Guide Page 37...

  • Page 43: Managing The Wwan Connection Status

    Unplug your appliance’s WAN port (if you plugged it in during the initial setup). Wait a few moments for the NSA 240 to failover to the WWAN for Internet connectivity. Refer to the front panel of If the Connection Manager shows “disconnected,” click the the appliance to see when the WWAN PC card shows Connect button.
  • Page 44 Enabling Essential Security Services In this Section: Security services are an essential component of a secure network deployment. This section provides instructions for registering and enabling security services on your SonicWALL NSA 240 appliance. • Activating Licenses in SonicOS - page 40 •...
  • Page 45 You must enable each security service individually in the MySonicWALL. It is available on <http://www.sonicwall.com> SonicOS user interface. See the following procedures to enable the top of the Service Management page for your SonicWALL and configure the three security services that must be enabled: NSA appliance. •...
  • Page 46 Select the Enable Inbound Inspection checkboxes for the protocols to inspect. By default, SonicWALL GAV inspects executes that file. SonicWALL Gateway Anti-Virus all inbound HTTP, FTP, IMAP, SMTP and POP3 traffic.
  • Page 47 Select the Enable Intrusion Prevention checkbox. Select the Disable SMTP Responses box to suppress the sending of email messages to clients from SonicWALL GAV when a virus is detected in an email or attachment. Select Enable HTTP Clientless Notification Alerts and...
  • Page 48 Navigate to the Security Services > Anti-Spyware page. Click Configure IPS Settings to enable IP packet Select the Enable Anti-Spyware checkbox. reassembly before inspection and create a SonicWALL IPS exclusion list. In the IPS Config View window, select Enable IPS...
  • Page 49 The Do not bypass CFS blocking for the administrator Click Configure Anti-Spyware Settings to configure checkbox controls content filtering for administrators. By clientless notification alerts and create a SonicWALL Anti- default, when the administrator (“admin” user) is logged into the Spyware exclusion list.
  • Page 50 For example, Configure column. you can configure SonicWALL Intrusion Prevention Service for To delete an individual trusted domain from the CFS incoming and outgoing traffic on the WLAN zone to add more Exclusion List, click the Delete icon for the entry in the security for internal network traffic.
  • Page 51 Page 46 Applying Security Services to Network Zones...
  • Page 52 Creating Network Access Rules - page 48 • Creating a NAT Policy - page 51 • Upgrading Firmware on Your SonicWALL - page 54 • Deploying SonicPoints for Wireless Access - page 57 • Configuring PortShield Interfaces - page 62 •...

  • Page 53: Manually Configuring Wwan Failover

    On the General tab, specify Country, Service Provider, and Plan Type. Click OK. By default, the SonicWALL security appliance’s stateful packet inspection allows all communication from the LAN to the Note: Internet, and blocks all traffic from the Internet to the LAN. The If you are unsure about your Plan Type, select following behaviors are defined by the “Default”...
  • Page 54 At the bottom of the table is the Any rule. Note: SonicWALL’s default firewall rules are set in this way for ease of initial configuration, but do not reflect best practice installations. Firewall rules should only allow the required traffic and deny all other traffic.
  • Page 55 • Select the service or group of services affected by the • In the TCP Connection Inactivity Timeout (minutes) access rule from the Service drop-down list. If the field, set the length of TCP inactivity after which the service is not listed, you must define the service in the access rule will time out.

  • Page 56: Creating A Nat Policy

    NAT by default when traffic crosses between the other interfaces. • Host – Host Address Objects define a single host by its IP You can create multiple NAT policies on a SonicWALL running address. SonicOS Enhanced for the same object – for instance, you can •...
  • Page 57 • Default Address Objects – displays Address Objects For MAC, enter the MAC address and netmask in the configured by default on the SonicWALL security Network and MAC Address field. appliance. For FQDN, enter the domain name for the individual...
  • Page 58 IPs 13. Click Add. are translated from the IP address of the SonicWALL security appliance WAN port to the IP address of the internal web Policies for subnets behind the other interfaces of the server.An example configuration illustrates the use of the fields...

  • Page 59: Upgrading Firmware On Your Sonicwall

    - page 55 • Upgrading the Firmware with Current Settings settings on your SonicWALL security appliance, protecting all - page 55 • Using SafeMode to Upgrade Firmware your existing settings in the event that it becomes necessary to Obtaining the Latest Firmware return to a previous configuration state.
  • Page 60 Upgrading the Firmware with Current Settings Using SafeMode to Upgrade Firmware Perform the following steps to upload new firmware to your If you are unable to connect to the SonicWALL security SonicWALL appliance and use your current configuration appliance’s management interface, you can restart the settings upon startup.
  • Page 61 After successfully booting the firmware, the login screen is displayed. If you booted with factory default settings, enter the default user name and password (admin / password) to access the SonicWALL management interface. Note: Remember to change your IP address settings back to DHCP.

  • Page 62: Deploying Sonicpoints For Wireless Access

    Deploying SonicPoints for Wireless Updating SonicPoint Firmware Access If your SonicWALL appliance has Internet connectivity, it will automatically download the correct version of the SonicPoint This section describes how to configure SonicPoints with the when you connect a SonicPoint device. See the SonicOS SonicWALL NSA 240.
  • Page 63 • Under WEP/WPA Encryption, select the drop-down list. Authentication Type for your wireless network. SonicWALL recommends using WPA2 as the • For Radio Mode, select the speed that the SonicPoint authentication type. will operate on. You can choose from the following: •...
  • Page 64 In the SSL VPN Server list, select an address object In the Edit Zone dialog box on the General tab, the Allow to direct traffic to the SonicWALL SSL VPN appliance. Interface Trust setting automates the creation of Access •...
  • Page 65 SonicPoints connected to this zone. Whenever a If you want to enable remote management of the SonicPoint connects to this zone, it will automatically SonicWALL security appliance from this interface, select be provisioned by the settings in the SonicPoint the supported management protocol(s): HTTP, HTTPS, Provisioning Profile, unless you have individually SSH, Ping, SNMP, and/or SSH.
  • Page 66 If the SonicPoint locates a peer SonicOS device via the keys or password that you configured in SonicOS. SonicWALL Discovery Protocol, the two units perform an encrypted exchange and the profile assigned to the relevant For more information about wireless configuration, see the wireless zone is used to automatically configure (provision) the SonicOS Enhanced Administrator’s Guide.

  • Page 67: Configuring Portshield Interfaces

    Configuring PortShield Interfaces The SonicWALL PortShield feature enables you to configure some or all of the switch ports on the SonicWALL NSA 240 appliance into separate contexts, or PortShield interfaces, providing protection from traffic on the LAN, WAN, and DMZ, as well as the devices inside your network.

  • Page 68: Troubleshooting Diagnostic Tools

    Several tools SonicWALL firewall appliance. The captured packets contain can be accessed on the System > Diagnostics page, and both data and addressing information. The System > Packet others are available on other screens.
  • Page 69 If you simply click Start without any capture. Once the configuration is complete, click Start to begin configuration, the SonicWALL appliance will capture all packets capturing packets. The settings available in the five main areas except those for internal communication, and will stop when the of configuration are summarized below: buffer is full or when you click Stop.
  • Page 70 OR. The Ping test bounces a packet off a machine on the Internet and returns it to the sender. This test shows if the SonicWALL security appliance is able to contact the remote host. If users on...
  • Page 71 Using the Log > View Page The SonicWALL security appliance maintains an Event log for tracking potential security threats. You can view the log in the Log > View page, or it can be automatically sent to an email address for convenience and archiving. The log is displayed in a table and can be sorted by column.

  • Page 72: Deployment Configuration Reference Checklist

    Setting logging levels Configuring Log Categories (“Logging Level” section) Configuring threat prevention on all used zones Configuring Zones (“Enabling SonicWALL Security Services on Zones“ section) Configuring Web filtering protection Configuring SonicWALL Content Filtering Service Changing administrator login Configuring Administration Settings ("Administrator Name &...
  • Page 73 Page 68 Deployment Configuration Reference Checklist...
  • Page 74 Support and Training Options In this Section: This section provides overviews of customer support and training options for the SonicWALL NSA 240. • Customer Support - page 70 • SonicWALL Live Product Demos - page 70 • Knowledge Portal - page 71 •...

  • Page 75: Customer Support

    Support Contract. Please review our Warranty Support Policy Demo Site provides free test drives of SonicWALL security for product coverage. SonicWALL also offers a full range of products and services through interactive live product consulting services to meet your needs, from our innovative...

  • Page 76: Knowledge Portal

    Knowledge Portal Onboard Help The Knowledge Portal allows users to search for SonicWALL SonicOS features a dynamic Onboard Help in the form of documents based on the following types of search tools: helpful tooltips that appear over various elements of the GUI when the mouse hovers over them.

  • Page 77: User Forums

    User Forums The SonicWALL User Forums is a resource that provides users the ability to communicate and discuss a variety of security and appliance subject matters. In this forum, the following categories are available for users: • Content Security Manager topics •...

  • Page 78: Training

    Training SonicWALL offers an extensive sales and technical training curriculum for Network Administrators, Security Experts and SonicWALL Medallion Partners who need to enhance their knowledge and maximize their investment in SonicWALL Products and Security Applications. SonicWALL Training provides the following resources for its customers: •...

  • Page 79: Related Documentation

    Radio Frequency Monitoring • Single Sign-On • SSL Control • Virtual Access Points • SonicWALL GMS 5.0 Administrator’s Guide • SonicWALL GVC 4.0 Administrator’s Guide • SonicWALL ViewPoint 5.0 Administrator’s Guide • SonicWALL GAV 4.0 Administrator’s Guide • SonicWALL IPS 2.0 Administrator’s Guide •...

  • Page 80: Sonicwall Secure Wireless Network Integrated Solutions Guide

    SonicWALL Secure Wireless Network This book is available in hardcopy by ordering directly from Elsevier Publishing at: Integrated Solutions Guide http://www.elsevier.com < > The Official Guide to SonicWALL’s market-leading wireless networking and security devices. SonicWALL NSA 240 Getting Started Guide Page 75...
  • Page 81 Page 76 SonicWALL Secure Wireless Network Integrated Solutions Guide...
  • Page 82 Safety and Regulatory Information - page 78 • Safety and Regulatory Information in German - page 79 • FCC Part 15 Class B Notice - page 80 • Copyright Notice - page 81 • Trademarks - page 81 SonicWALL NSA 240 Getting Started Guide Page 77...

  • Page 83: Safety And Regulatory Information

    The Lithium Battery used in the SonicWALL security appliance of heat. A maximum ambient temperature of 104º F (40º C) may not be replaced by the user. Return the SonicWALL is recommended. security appliance to a SonicWALL-authorized service center for Route cables away from power lines, fluorescent lighting •...

  • Page 84: Safety And Regulatory Information In German

    Verbindung von Geräten in Innenräumen. Schließen Sie an die Stellen Sie sicher, dass die Luft um das Gerät herum • Anschlüsse der SonicWALL keine Kabel an, die aus dem zirkulieren kann und die Lüftungsschlitze an der Seite des Gebäude herausgeführt werden, in dem sich das Gerät befindet.

  • Page 85: Fcc Part 15 Class B Notice

    Connect the equipment into an outlet on a circuit different from the receiver connection. • Consult SonicWALL for assistance. Complies with EN55022 Class B and CISPR22 Class B. *Refer to the label on the bottom of the unit for device information including Class A or Class B FCC information.

  • Page 86: Copyright Notice

    All certificates held by Secuwide, Corp. Specifications and descriptions subject to change without notice. Trademarks SonicWALL is a registered trademark of SonicWALL, Inc. Microsoft Windows 98, Windows Vista, Windows 2000, Windows XP, Windows Server 2003, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation.
  • Page 87 Notes SonicWALL NSA 240 Getting Started Guide Page 82...
  • Page 88 Notes SonicWALL NSA 240 Getting Started Guide Page 83...
  • Page 89 Page 84 Notes...
  • Page 90 F +1 408.745.9300 P/N 232-001580-00 Rev 00 08/08 ©2008 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice.

Table of Contents