Dell SonicWALL Network Security Appliances NET WORK SECURIT Y NSA 2600 Getting Started Guide For localized product information, see page 48. ᴹޣᵜൠॆӗ૱ؑˈ䈧৲➗ㅜ 亥DŽ 䝻䞊䜹䝷䜲䝈䛥䜜䛯〇ရ䛾ሗ䛻䛴䛔䛶䛿䚸㻠㻥㻌䝨䞊䝆䜢ཧ↷䛧䛶䛟䛰䛥䛔䚹 Ь˲߭ ࢿ૽ ࢽؿЕ ࢇएձ ॳˈଜ ࡁۿ Para informação localizada do produto, veja página 50.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2014 Dell Inc. All rights reserved. Trademarks: Dell™, the DELL logo, SonicWALL™, and all other SonicWALL product and service names and slogans are trademarks of Dell, Inc.
In this Guide The Dell SonicWALL NSA 2600 appliance is designed to be the most scalable, reliable, and best performing multifunction appliance in its class. This Getting Started Guide provides instructions for basic installation and configuration of the Dell SonicWALL NSA 2600.
Chapter 3 Sections Include "Registering, Licensing, and Upgrading" on page 21 • • • • • • • • Chapter 4 Sections Include "Deployment Scenarios" on page 31 • • • • "Using MySonicWALL" on page 22 "Creating a MySonicWALL Account" on page 22 "Registration Overview" on page 23 "Registering in SonicOS" on page 23 "Alternative Registration Options" on page 24 "Security Services and Software" on page 25 "Activating & Managing Licenses Using MySonicWALL" on page 26 "Upgrading Firmware" on page 27 "Advanced
4 | In this Guide
Introduction to the NSA Appliance 1 In this Section: This section describes the items shipped with the Dell SonicWALL NSA 2600 appliance, provides front and rear illustrations of the NSA appliance, and includes a flow diagram illustrating the steps for setting up the appliance.
NSA 2600 Package Contents Before you begin the setup process, verify that your package contains the following items: 1. 2. 3. 4. 5. 6. One Dell SonicWALL NSA 2600 appliance Two Rack Mount Ear Kits One serial CLI cable One Ethernet cable One power cord* One Dell SonicWALL NSA 2600 Getting Started Guide *The included power cord is approved for use only in specific countries or regions. Before using a power cord, verify that it is rated and approved for use in your location.
The Front Panel SDHC Port Secure Digital High-Capacity (SDHC) port for future use USB Ports (2) For 3G/4G/Analog modem adaptor support Console Port MGMT Port (1 GE) Access the SonicOS Command Line Interface (CLI) via the enclosed serial CLI cable 1 Gigabit Ethernet Management Interface X6 X4 1GE X2 X0 M0 SDHC M0 Expansion Module ALARM TEST PWR SonicWALL NSA 2600 CONSOLE MGMT X7 X5 X3 X1 Expansion Module Bay Reset Button For Dell SonicWALL-approved expansion modules Press and hold fo
The Back Panel Fans (2) Dual auto-throttling fans for system temperature control I o Power Supply Provides power to the Dell SonicWALL appliance by plugging in the AC cord and switching the appliance on Note: See "Safety and Regulatory Information" on page 52 for important additional information on power supply requirements for the Dell SonicWALL NSA 2600 appliance.
Using this Getting Started Guide The following flow chart illustrates the necessary steps in the process of getting started with your new Dell SonicWALL NSA 2600 appliance.
10 | Using this Getting Started Guide
Configuring the Appliance 2 In this Section: This section provides an overview of available WAN types, a section to record configuration information, and initial setup information and procedures.
Determining the WAN Type Before configuring your NSA appliance, you will need to determine the type of WAN connection your setup will use. SonicOS supports the following types: • Static—Configures the appliance for a network that uses static IP addresses. • DHCP—Configures the appliance to request IP settings from a DHCP server on the Internet. • PPPoE—Point-to-Point Protocol over Ethernet (PPPoE) is typically used with a DSL modem.
Recording Configuration Information Ethernet WAN IP Address: Use this section to record your configuration information. Be sure to keep for future reference. _____._____._____._____ The default MGMT interface IP address is 192.168.1.254. Administrator Information Admin Name: Select an administrator account name. (default is admin) Admin Password: Select an administrator password.
Initial Setup The diagram below illustrates how to connect your management computer to the Dell SonicWALL NSA 2600 appliance for initial setup. Dell SonicWALL Appliance X6 X4 1GE X2 X0 M0 120V AC (U.S.
The following sections provide initial configuration information and instructions for connecting your Dell SonicWALL NSA 2600 appliance for initial setup. • "Connecting the MGMT Port" on page 15 • "Applying Power to the NSA 2600" on page 15 • "NSA 2600 LED Activity" on page 15 • "Using the Setup Wizard" on page 16 Connecting the MGMT Port 1. 2. Using the provided Ethernet cable, connect one end of the cable to the computer you are using to manage the Dell SonicWALL NSA appliance.
Using the Setup Wizard 2. When you are ready to begin initial setup, configure your management computer with a static IP address on the 192.168.1.0/24 subnet, such as 192.168.1.20. This allows your computer to connect to SonicOS via the MGMT interface. 3. 4. Note: Be sure to disable pop-up blocking software, or set your Web browser to allow pop-ups and cookies. 5. Launch the Dell SonicWALL Setup Wizard by clicking the first Here link.
Connecting to the Internet Testing Your Internet Connection Use the following steps to test your Internet connection: After initial setup is complete, connect the LAN and WAN interfaces for access to external networks or the Internet. You cannot reach the Internet or other WAN destinations while connected to the MGMT interface. For Internet access, connect to X0 or another configured LAN interface. Note: Internet connectivity is needed for the recommended product registration process.
Internet Access The diagram below illustrates how to connect your computer to the Dell SonicWALL NSA 2600 appliance for Internet access. Dell SonicWALL Appliance X6 X4 X7 X5 1GE X2 X0 X3 X1 M0 120V AC (U.S.
Troubleshooting Your Connections Use the suggestions in this section to troubleshoot your MGMT and LAN connections.
20 | Troubleshooting Your Connections
Registering, Licensing, and Upgrading 3 In this Section: This section provides instructions for registering, licensing, and upgrading firmware on your Dell SonicWALL NSA 2600 appliance.
Using MySonicWALL Creating a MySonicWALL Account Dell SonicWALL requires a MySonicWALL account prior to configuring your appliance. If you already have a MySonicWALL account, you can continue to "Registration Overview" on page 23. A MySonicWALL account is required in order to register the Dell SonicWALL NSA 2600 appliance. Create a new MySonicWALL account from any computer by navigating to: .
Registration Overview Registering in SonicOS Although there are several ways to register your new Dell SonicWALL appliance, Dell SonicWALL recommends registering your appliance through the SonicOS management interface. After you have completed the Setup Wizard and can successfully connect to your Dell SonicWALL NSA 2600 appliance and access the Internet, you are ready to register the security appliance.
Alternative Registration Options Synchronizing Licenses Manually To manually synchronize licenses with MySonicWALL from the SonicOS interface: If you have registered your Dell SonicWALL appliance through the SonicOS interface, you can continue to "Security Services and Software" on page 25. Although Dell SonicWALL strongly recommends registering your appliance using the SonicOS interface, you can optionally use MySonicWALL to register your appliance. Registering on MySonicWALL 1. 2. 3. 4. 5. 6.
Security Services and Software The My Products > Product Management page in MySonicWALL lists security services, support options, and software that you can purchase or try with a free trial. For details, click the Name of the product. The Service Management page displays with the most recent details.
Activating & Managing Licenses Using MySonicWALL To activate your service licenses, log in to your MySonicWALL account and perform the following tasks: 1. If you registered your appliance through SonicOS, all licensed services are already activated. You can continue to "Upgrading Firmware" on page 27. If you purchased a service subscription or upgrade from a sales representative separately, you will have an Activation Key for the service.
Upgrading Firmware Dell SonicWALL recommends that you run the latest available firmware on your security appliance. You will need to upgrade the factory-installed firmware to the latest version available on MySonicWALL.
Obtaining the Latest Firmware Upgrading the Firmware To obtain a new SonicOS firmware image file for your Dell SonicWALL security appliance, perform the following steps: Perform the following steps to upload new firmware to your Dell SonicWALL appliance and use your current configuration settings upon startup. 1. 2. 3. 4. In a browser on your management computer, log into your MySonicWALL account at .
Using SafeMode to Upgrade Firmware 5. If you are unable to connect to the SonicOS management interface, you can restart the security appliance in SafeMode. The SafeMode feature allows you to recover quickly from uncertain configuration states with a simplified management interface that includes the same settings available on the System > Settings page. Perform the following steps to use SafeMode to upgrade firmware on the Dell SonicWALL security appliance: 1. 2. 3. 4.
30 | Upgrading Firmware
Deployment Scenarios 4 In this Section: This section provides configuration overviews, as well as deployment scenarios for your Dell SonicWALL NSA appliance.
Advanced Deployment Scenarios Select a deployment scenario that best fits your network scheme. Reference the table below and the diagrams on the following pages for help in choosing a scenario. Current Gateway Configuration New Gateway Configuration No gateway appliance Existing Internet gateway appliance Existing SonicWALL gateway appliance A X6 X4 X7 X5 1GE X2 X0 X3 X1 M0 Use Scenario Single NSA appliance as a primary gateway.
Scenario A: NAT Mode Gateway For new network installations or installations where the NSA appliance is replacing the existing network gateway. A Dell SonicWALL NSA Appliance X6 X4 X7 X5 1GE X2 X0 X3 X1 M0 SDHC M0 Expansion Module ALARM TEST PWR SonicWALL NSA 2600 MGMT CONSOLE ISP 1 In this scenario, the NSA appliance is configured in NAT mode to operate as a single network gateway. Two Internet connections may be routed through the NSA appliance for load balancing and failover purposes.
Scenario B: Stateful HA Pair For network installations with two Dell SonicWALL NSA appliance configured as a stateful synchronized pair for redundant High Availability (HA) networking. In this scenario, one NSA appliance operates as the Active gateway device and the other NSA appliance is in Standby mode.
Scenario C: L2 Bridge Mode For network installations where the Dell SonicWALL NSA appliance is running in tandem with an existing network gateway. C Third Party Gateway LAN Dell SonicWALL NSA Appliance In this scenario, the original gateway is maintained. The Dell SonicWALL NSA appliance is integrated seamlessly into the existing network, providing the benefits of deep packet inspection and comprehensive security services on all network traffic.
Dell SonicWALL NSA Appliance Configuring NAT Mode Gateway X6 X4 X7 X5 1GE X2 X0 X3 X1 M0 SDHC M0 Expansion Module ALARM This section provides an overview of a Dell SonicWALL NSA appliance operating as a single network gateway in NAT mode, which is the default mode for a newly configured NSA appliance. This section is relevant to administrators following deployment Scenario A.
NAT policies allow the flexibility to control Network Address Translation based on matching combinations of Source IP address, Destination IP address, and Destination Services. Policy-based NAT allows you to deploy different types of NAT simultaneously. For configuration procedures and information regarding the different types of NAT policies, such as Many-to-One, One-toOne, or One-to-Many Load Balancing, refer to the SonicOS Administrator’s Guide.
Dell SonicWALL HA/Failover Pair Dell SonicWALL NSA Appliance 1 X6 X4 X7 X5 1GE X2 X0 X3 X1 M0 SDHC M0 Expansion Module ALARM TEST PWR SonicWALL NSA 2600 CONSOLE MGMT Dell SonicWALL NSA Appliance 2 X6 X4 X7 X5 1GE X2 X0 X3 X1 M0 SDHC M0 • Ensure the Primary and Secondary security appliances’ LAN, WAN, and other interfaces are properly connected for failover. • Connect the HA Control and Data Links on the Primary and Secondary appliances with appropriate cables.
Configuring HA Monitoring Settings 2. After configuring the HA settings, you need to configure the Monitoring settings for the LAN or WAN.This includes configuring unique IP addresses for each appliance in the Stateful HA pair. You will need to log into the appliances using these IP addresses in order to complete the registration process from within SonicOS, which will allow license sharing and synchronization. 3. Navigate to the High Availability > Monitoring page to configure the Monitoring settings.
Configuring Optional HA Settings 2. The following settings are optional. You can configure these settings from the High Availability > Settings page. 1. 2. 3. 4. To backup the firmware and settings when you upgrade the firmware version, select the Generate/Overwrite Backup Firmware and Settings When Upgrading Firmware checkbox. Select the Enable Virtual MAC checkbox to allow the Primary and Secondary appliances to share a single MAC address.
Synchronize Firmware is typically used after taking your Secondary appliance offline while you test a new firmware version on the Primary appliance before upgrading both appliances to it. 10. Click Force Active / Idle Failover to force a failover between your Primary and Secondary appliances. 11. Click Accept to retain the settings on this screen.
9. Log in to the SonicOS management interface of the Primary appliance using the unique IP address assigned on the High Availability > Monitoring page. 10. Navigate to the System > Status page and click the registration link. This allows the unit to synchronize with the Dell SonicWALL license server and share licenses with the associated appliance. 11. Then, log in to the SonicOS management interface of the Secondary appliance using its unique IP address. 12.
Third Party Gateway Configuring L2 Bridge Mode LAN Dell SonicWALL NSA Appliance This section provides instructions to configure the Dell SonicWALL NSA appliance in tandem with an existing Internet gateway device. This section is relevant to users following deployment Scenario C.
Configuring the Secondary Bridge Interface 1. 2. 3. 4. Navigate to the Network > Interfaces page from the navigation panel. Click the Configure icon in the right column of the X0 (LAN) interface. In the IP Assignment drop-down, select Layer 2 Bridged Mode. In the Bridged to drop-down, select the X1 interface. 44 | Configuring L2 Bridge Mode 5. Configure management options (HTTP, HTTPS, Ping, SNMP, SSH, User logins, or HTTP redirects).
Support and Training Options 5 In this Section: This section provides overviews of customer support and training options for the Dell SonicWALL NSA 2600.
Customer Support Knowledge Portal Designed for customers with Dell SonicWALL NSA solutions, Dell SonicWALL NSA Support 24x7 is an around-the-clock support service that includes phone, email and Web-based technical support, software and firmware updates and upgrades and Advance Exchange hardware replacement. Please Note: Continuous support is recommended on all NSA products.
User Forums Training The Dell SonicWALL User Forums is a resource that provides users the ability to communicate and discuss a variety of security and appliance subject matters.
Related Documentation Additionally Supported Languages See the following related documents for more information: • Dell SonicWALL SonicOS Administrator’s Guide • Dell SonicWALL SonicOS Release Notes • Dell SonicWALL Feature Modules • Application Intelligence and Control • Application Bandwidth Management • IPFIX/Netflow Reporting • Deep Packet Inspection for SSL • Multiple Administrators • NAT Load Balancing • Packet Capture • RF Management • Single Sign On • SSL Control • Virtual Access Points • Dell Son
ロー カ ラ イ ズ版フ ァ ームウ ェ アおよび ド キ ュ メ ン ト について Dell SonicWALL 導入ガ イ ド 、 ク イ ッ ク ス タ ー ト ガ イ ド 、 ユー ザ ガ イ ド 、 装置用 フ ァ ームウ ェ ア、 および多彩なエ ン ド ユー ザ ク ラ イ ア ン ト が複数の言語で利用で き る よ う にな り ま し た。 利用可能な日本語 ド キ ュ メ ン ト は、 http://www.sonicwall.com/ japan/documents/support_document.html を ご覧下 さ い。 導入ガ イ ド またはク イ ッ ク ス タ ー ト ガ イ ド の手順に沿っ て、 MySonicWALL (http://www.mysonicwall.
Notificação de Firmware e Documentação Localizada As Guias de noções básicas, Guias de início rápido, Guias de Usuário, firmware de aplicações, e varios clientes de usuário final de Dell SonicWALL estão agora disponíveis em varias línguas. Pode encontrar a documentação disponível em Português em http://www.sonicwall.com/br/pt/. Siga as instruções da Guia de noções básicas ou Guia de início rápido para registrar seu produto em MySonicWALL no http://www.mysonicwall.com.
Product Safety and Regulatory Information 6 In this Section: This section provides regulatory along with trademark and copyright information.
Safety and Regulatory Information Regulatory Model/Type Product Name 1RK29-0A9 NSA 2600 Safety Instructions The following conditions are required for proper installation: • The Dell SonicWALL appliance is designed to be mounted in a standard 19-inch rack mount cabinet. • Use the mounting hardware recommended by the rack manufacturer and ensure that the rack is adequate for the application. • Ensure that no water or excessive moisture can enter the unit.
• Verwenden Sie für eine sichere Montage vier passende Befestigungsschrauben, und ziehen Sie diese mit der Hand an. Wählen Sie einen Ort im 19-Zoll-Rack, wo alle vier Befestigungen der Montageschien verwendet werden. • Ein angemessen dimensionierter und geprüfte Sicherung, sollte Bestandteil der Haus-Installation sein. Bitte folgen die den lokalen Richtlinien beim Einkauf von Material oder Komponenten.
鋰電池警告 使用者不得自行更換 戴爾 SonicWALL 網際網路安全性裝置中使 用的鋰電池。必須將 戴爾 SonicWALL 送回 戴爾 SonicWALL 授權 的服務中心,以更換相同的鋰電池或製造商推薦的同類型鋰電 池。若因任何原因必須丟棄電池或 戴爾 SonicWALL 網際網路安 全性裝置,請嚴格遵守電池製造商的指示。 纜線連結 所有乙太網路與 RS232 ( 主控台 ) 線路都是為與其他裝置進行內 建連接所設計的。請不要將這些連接埠直接連接至通訊線路, 或其他連出 戴爾 SonicWALL 所在建築的線路。 FCC Part 15 Class A Notice NOTE: This equipment was tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
Regulatory Information for Korea Ministry of Information and Telecommunication Certification Number MSIP-REM-SWL-0A9 All products with country code “A” and “J” are made in the U.S.A. All products with country code “C” or “D” are made in Taiwan R.O.C. All certificates held by Secuwide, Corps. A 급 기기 ( 업무용 정보통신기기 ) 이 기기는 업무용으로 전자파적합등록을 한 기기이오니 판매자 또는 사용자는 이 점을 주의하시기 바라며 , 만약 잘못 판매 또는 구입하였을 때에는 가정용으로 교환하시기 바랍니다 .
56 | Copyright Notice