manualshive.com logo in svg

SonicWALL NSA 2400, Руководство по началу работы


Поделиться
Скачать
background image

SonicWALL NSA 2400 Getting Started Guide  

Page 29

Synchronizing Settings

Once you have configured the HA setting on the Primary 
SonicWALL security appliance, click the 

Synchronize Settings

 

button. You should see a 

HA Peer Firewall has been updated

 

message at the bottom of the management interface page. Also 
note that the management interface displays 

Logged Into: 

Primary SonicWALL Status: (green ball) Active

 in the upper-

right-hand corner.

By default, the 

Include Certificate/Keys

 setting is enabled. 

This specifies that certificates, certificate revocation lists (CRL) 
and associated settings (such as CRL auto-import URLs and 
OCSP settings) are synchronized between the Primary and 
Backup units. When local certificates are copied to the Backup 
unit, the associated private keys are also copied. Because the 
connection between the Primary and Backup units is typically 
protected, this is generally not a security concern.

Tip:

A compromise between the convenience of 

synchronizing certificates and the added security of not 
synchronizing certificates is to temporarily enable the 
Include Certificate/Keys setting and manually 
synchronize the settings, and then disable Include 
Certificate/Keys.

To verify that Primary and Backup SonicWALL security 
appliances are functioning correctly, wait a few minutes, then 
trigger a test failover by logging into the Primary unit and doing 
a restart. The Backup SonicWALL security appliance should 
quickly take over. 

From your management workstation, test connectivity through 
the Backup SonicWALL by accessing a site on the public 
Internet – note that the Backup SonicWALL, when active, 
assumes the complete identity of the Primary, including its IP 
addresses and Ethernet MAC addresses. 

Log into the Backup SonicWALL’s unique LAN IP address. The 
management interface should now display 

Logged Into: 

Backup SonicWALL Status: (green ball) Active 

in the upper-

right-hand corner.

Now, power the Primary SonicWALL back on, wait a few 
minutes, then log back into the management interface. If 
stateful synchronization is enabled (automatically disabling 
preempt mode), the management GUI should still display 

Logged Into: Backup SonicWALL Status: (green ball) 
Active

 in the upper-right-hand corner.

If you are using the Monitor Interfaces feature, experiment with 
disconnecting each monitored link to ensure correct 
configuration.

Содержание NSA 2400

Страница 1: ...Getting Started Guide SonicWALL Network Security Appliances NETWORK SECURITY NSA 2400...

Страница 2: ...SonicOS Enhanced After you complete this guide computers on your Local Area Network LAN will have secure Internet access Document Contents This document contains the following sections Pre Configurat...

Страница 3: ...ble parts from the SonicWALL NSA appliance Proper guidelines can be found in the Safety and Regulatory Information section on page 64 of this guide I o PML Front Back 1U rack mountable 17 x 10 25 x 1...

Страница 4: ...n Tasks In this Section This section provides pre configuration information Review this section before setting up your SonicWALL NSA 2400 appliance Check Package Contents page 4 Obtain Configuration I...

Страница 5: ...your package please contact SonicWALL support A listing of the most current support documents are available online at http www sonicwall com us support html The included power cord is intended for us...

Страница 6: ...panel of your SonicWALL appliance LAN IP Address Select a static IP address for your SonicWALL appliance that is within the range of your local subnet If you are unsure you can use the default IP addr...

Страница 7: ...e use LED Top to Bottom Power LED Indicates the SonicWALL NSA appliance is powered on Test LED Flickering Indicates the appliance is initializing Steady blinking Indicates the appliance is in SafeMode...

Страница 8: ...A 2400 Getting Started Guide Page 7 The Back Panel Icon Feature Description Fans 2 The SonicWALL NSA 2400 includes two fans for system temperature control Power Supply The SonicWALL NSA 2400 power sup...

Страница 9: ...u must use MySonicWALL to associate a backup unit that can share the Security Services licenses with your primary SonicWALL If you do not yet have a MySonicWALL account you can use MySonicWALL to regi...

Страница 10: ...Creating a MySonicWALL Account page 10 Registering and Licensing Your Appliance on MySonicWALL page 10 Licensing Security Services and Software page 11 Registering a Second Appliance as a Backup page...

Страница 11: ...ration page 10 Licensing Security Services and Software page 11 Managing Licenses page 11 Registering a Second Appliance as a Backup page 12 Product Registration You must register your SonicWALL secur...

Страница 12: ...e ViewPoint Support Services Dynamic Support 8x5 Dynamic Support 24x7 Software and Firmware Updates Managing Licenses To manage your licenses perform the following tasks 1 In the MySonicWALL Service M...

Страница 13: ...ilability HA pair You can purchase the license associate the two appliances as part of the registration process on MySonicWALL The second SonicWALL will automatically share the Security Services licen...

Страница 14: ...To return to the Service Management Associated Products page click the serial number link for this appliance Registration Next Steps Your SonicWALL NSA 2400 HA Pair is now registered and licensed on M...

Страница 15: ...age 15 Scenario A NAT Route Mode Gateway page 16 Scenario B State Sync Pair in NAT Route Mode page 17 Scenario C L2 Bridge Mode page 18 Initial Setup page 19 Upgrading Firmware on Your SonicWALL page...

Страница 16: ...oute Mode Gateway Pair of SonicWALL NSA appliances for high availability B NAT with State Sync Pair Existing Internet gateway appliance SonicWALL NSA as replacement for an existing gateway appliance A...

Страница 17: ...d through the SonicWALL appliance for load balancing and failover purposes Because only a single SonicWALL appliance is deployed the added benefits of high availability with a stateful synchronized pa...

Страница 18: ...nformation is synchronized between the two devices so that the backup appliance can seamlessly switch to active mode without dropping any connections if the primary device loses connectivity To set up...

Страница 19: ...nsparent security appliance integration Using L2 Bridge Mode a SonicWALL security appliance can be non disruptively added to any Ethernet network to provide in line deep packet inspection for all trav...

Страница 20: ...ion page 22 Activating Licenses in SonicOS page 22 Upgrading Firmware on Your SonicWALL page 23 System Requirements Before you begin the setup process check to verify that you have An Internet connect...

Страница 21: ...ou plug in the SonicWALL NSA The Alarm LED may light up and the Test LED will light up and may blink while the appliance performs a series of diagnostic tests When the Power LEDs are lit and the Test...

Страница 22: ...er the management IP address in your Web browser Are the Local Area Connection settings on your computer set to use DHCP or set to a static IP address on the 192 168 168 x 24 subnet Do you have the Et...

Страница 23: ...navigate to http www sonicwall com If you can view the SonicWALL home page you have configured your SonicWALL NSA appliance correctly If you cannot view the SonicWALL home page renew your management s...

Страница 24: ...is available on http www sonicwall com at the top of the Service Management page for your SonicWALL NSA appliance To activate licenses in SonicOS 1 Navigate to the System Licenses page 2 Under Manage...

Страница 25: ...n the System Settings page click Create Backup Your configuration preferences are saved The System Backup entry is displayed in the Firmware Management table 2 To export your settings to a local file...

Страница 26: ...settings available on the System Settings page To use SafeMode to upgrade firmware on the SonicWALL security appliance perform the following steps 1 Connect your computer to the X0 port on the SonicW...

Страница 27: ...e 27 Configuring Advanced HA Settings page 27 Synchronizing Settings page 29 Synchronizing Firmware page 30 Configuring HA License Overview page 30 Associating Pre Registered Appliances page 31 Initia...

Страница 28: ...mmunicates the settings to the Backup SonicWALL security appliance To configure HA on the Primary SonicWALL perform the following steps 1 Navigate to the High Availability Settings page 2 Select the E...

Страница 29: ...the interval in seconds between communication with upstream or downstream systems The default is 20 seconds and the allowed range is 5 to 255 seconds You can set the Probe IP Address es on the High Av...

Страница 30: ...le the Include Certificate Keys setting and manually synchronize the settings and then disable Include Certificate Keys To verify that Primary and Backup SonicWALL security appliances are functioning...

Страница 31: ...o use Stateful HA you must first activate the Stateful High Availability Upgrade license for the primary unit in SonicOS This is automatic if your appliance is connected to the Internet See Registerin...

Страница 32: ...page in the text boxes under Associate New Products type the serial number and the friendly name of the appliance that you want to associate as the child secondary backup unit 7 Select the group from...

Страница 33: ...his static IP address when configuring the secondary bridge Note The primary bridge interface must have a static IP assignment Configuring the Secondary Bridge Interface Complete the following steps t...

Страница 34: ...rk topology requires that all packets entering the L2 Bridge remain on the L2 Bridge segments You may optionally enable the Block all non IPv4 traffic setting to prevent the L2 bridge from passing non...

Страница 35: ...Page 34 Configuring L2 Bridge Mode...

Страница 36: ...SonicOS diagnostic tools and a deployment configuration reference checklist Creating Network Access Rules page 36 Creating a NAT Policy page 38 Creating Address Objects page 39 Configuring NAT Policie...

Страница 37: ...ocks all traffic from the Internet to the LAN The following behaviors are defined by the Default stateful inspection packet access rule enabled in the SonicWALL security appliance To create an access...

Страница 38: ...lay the Add Service window or Add Service Group window Select the source of the traffic affected by the access rule from the Source drop down list Selecting Create New Network displays the Add Address...

Страница 39: ...or s Guide for more information on managing QoS marking in access rules 6 Click OK to add the rule Creating a NAT Policy The Network Address Translation NAT engine in SonicOS Enhanced allows users to...

Страница 40: ...nge Range Address Objects define a range of contiguous IP addresses Network Network Address Objects are like Range objects in that they comprise multiple hosts but rather than being bound by specified...

Страница 41: ...in the FQDN field 6 Click OK Configuring NAT Policies NAT policies allow you to control Network Address Translation based on matching combinations of Source IP address Destination IP address and Desti...

Страница 42: ...olicy checkbox if you want a matching NAT Policy to be automatically created in the opposite direction This will create the outbound as well as the inbound policies 13 Click OK Policies for subnets be...

Страница 43: ...rvice Management page for your SonicWALL NSA appliance To activate licenses in SonicOS 1 Navigate to the System Licenses page 2 Under Manage Security Services Online do one of the following Enter your...

Страница 44: ...ton Enabling Intrusion Prevention Services To enable Intrusion Prevention Services in SonicOS 1 Navigate to Security Services Intrusion Prevention 2 Select the Enable Intrusion Prevention checkbox 3 I...

Страница 45: ...signature inspection on outbound traffic 6 Click the Accept button Enabling Comprehensive Anti Spam Service To enable Anti Spam in SonicOS 1 Navigate to the Anti Spam Settings page Note If the service...

Страница 46: ...IP Address From field and the last address into the IP Address To field 4 Click OK The IP address range is added to the CFS Exclusion List 5 On the Security Services Content Filter page click Accept E...

Страница 47: ...s throughout your enterprise The SonicPoint section of the SonicOS management interface lets you manage the SonicPoints connected to your system Before you can manage SonicPoints in the Management Int...

Страница 48: ...ix to be used as the first part of the name for each SonicPoint provisioned Select the Country Code for where the SonicPoints are operating 2 In the 802 11g Radio tab Select Enable Radio Select a sche...

Страница 49: ...11g bands at the same time The settings in the 802 11a Radio and 802 11a Advanced tabs are similar to the settings in the 802 11g Radio and 802 11g Advanced tabs 5 When finished click OK Configuring...

Страница 50: ...raffic that enters into the WLAN Zone interface be either IPsec traffic WPA traffic or both Note If you have configured WPA2 as your authentication type you do not need to enable WiFiSec If you have e...

Страница 51: ...HTTP and or HTTPS in User Login 7 Click OK Connecting the SonicPoint When a SonicPoint unit is first connected and powered up it will have a factory default configuration IP Address 192 168 1 20 usern...

Страница 52: ...gnostic Tools SonicOS provides a number of diagnostic tools to help you maintain your network and troubleshoot problems Several tools can be accessed on the System Diagnostics page and others are avai...

Страница 53: ...ombined into a search string with a logical AND Select the Group Filters box next to any two or more criteria to combine them with a logical OR Using Log View The SonicWALL security appliance maintain...

Страница 54: ...Zones Enabling SonicWALL Security Services on Zones section Configuring Web filtering protection Configuring SonicWALL Content Filtering Service Changing administrator login Configuring Administratio...

Страница 55: ...Page 54 Deployment Configuration Reference Checklist...

Страница 56: ...rovides overviews of customer support and training options for the SonicWALL NSA 2400 Customer Support page 56 Knowledge Base page 56 SonicWALL Live Product Demos page 57 User Forums page 58 Training...

Страница 57: ...SonicWALL offers telephone email and Web based support to customers with valid Warranty Support or a purchased support contract Please review our Warranty Support Policy for product coverage Knowledge...

Страница 58: ...Site provides free test drives of SonicWALL security products and services through interactive live product installations Unified Threat Management Platform Secure Cellular Wireless Continuous Data Pr...

Страница 59: ...ailable for users Content Security Manager topics Continuous Data Protection topics Email Security topics Firewall topics Network Anti Virus topics Security Services and Content Filtering topics Sonic...

Страница 60: ...Medallion Partners who need to enhance their knowledge and maximize their investment in SonicWALL Products and Security Applications SonicWALL Training provides the following resources for its custom...

Страница 61: ...tiple Admin NAT Load Balancing Packet Capture Radio Frequency Monitoring Single Sign On SSL Control Virtual Access Points SonicWALL GMS Administrator s Guide SonicWALL GVC Administrator s Guide SonicW...

Страница 62: ...es to build a truly secure wireless network Check out the SonicWALL Secure Wireless Network Integrated Solutions Guide This book is the official guide to SonicWALL s market leading wireless networking...

Страница 63: ...Page 62 SonicWALL Secure Wireless Network Integrated Solutions Guide...

Страница 64: ...ed Guide Page 63 Product Safety and Regulatory Information In this Section This section provides regulatory trademark and copyright information Safety and Regulatory Information page 64 Copyright Noti...

Страница 65: ...ding Consideration must be given to the connection of the equip ment to the supply circuit The effect of overloading the circuits has minimal impact on overcurrent protection and supply wir ing Approp...

Страница 66: ...ftungsabstand von mindestens 26 mm einzuhalten Bringen Sie die SonicWALL waagerecht im Rack an um m gliche Gefahren durch ungleiche mechanische Belastung zu vermeiden Pr fen Sie den Anschluss des Ger...

Страница 67: ...adian Radio Frequency Emissions Statement This Class A digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe A est conforme toutes la norme NMB 003 du Canada Complies w...

Страница 68: ...ptions are subject to change without notice Trademarks SonicWALL is a registered trademark of SonicWALL Inc Microsoft Windows 98 Windows Vista Windows 2000 Windows XP Windows Server 2003 Internet Expl...

Страница 69: ...Page 68 Notes Notes...

Страница 70: ...ned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice SonicWALL Inc 2001 Logic Drive San Jose CA 9512...

Отзывы:

Нет отзывов

Похожие инструкции для NSA 2400

Draytek Vigor 5510Gi Quick Start Manual preview
Vigor 5510Gi
Бренд: Draytek Страницы: 56
PaloAlto Networks PA-4000 Series Hardware Reference Manual preview
PA-4000 Series
Бренд: PaloAlto Networks Страницы: 28
Triton RiskVision Setup Manual preview
RiskVision
Бренд: Triton Страницы: 26
Kerio Tech Operator Box 3000 series Quick Installation Manual preview
Operator Box 3000 series
Бренд: Kerio Tech Страницы: 8
IDQ Quantis Appliance User Manual preview
Quantis Appliance
Бренд: IDQ Страницы: 47

Бренды по названию

Популярные бренды

Загрузить еще бренды