SonicWALL Network Security Appliances

NET WORK SECURIT Y

NSA 2400MX

Getting Started Guide

SonicWALL NSA 2400MX Getting Started Guide

This Getting Started Guide provides instructions for basic installation and configuration of the SonicWALL Network Security Appliance (NSA) 2400MX running SonicOS Enhanced.

Setup
Step Procedure Est. Time

1 2 3 4

Pre-Configuration Tasks - page 1 Registering Your Appliance - page 5 Deployment Scenarios - page 13 Enabling Essential Security Services - page 23

Additional Configuration and Information

Support and Training Options - page 29 Product Safety and Regulatory Information - page 37

SonicWALL NSA 2400MX Getting Started Guide Page i

SonicWALL NSA 2400MX Front Panel

Status Lights
Provides dedicated LAN/WAN port status as follows: M0 module 0 is inserted M1 module 1 is inserted ALARM minor/major alarm* TEST rmware loading/booting/safemode* POWER unit is powered on

LAN Port (X0)

Provides LAN connectivity

10/100 Ethernet (X2-X17)

Provide 10/100 Ethernet connectivity

Network Security Appliance

2400MX

CLI Port
For connection to SonicOS command line interface

10/100/1000 Ethernet (X18-X25)

Provide 10/100/1000 Ethernet connectivity

USB Ports
For use with SonicWALL approved modules

WAN Port (X1)

Provides WAN connectivity *Refer to The SonicOS LED Reference Guide for more information on ALARM and TEST lights

Page ii SonicWALL NSA 2400MX Front Panel

SonicWALL NSA 2400MX Rear Panel

Power Switch
On (I) and Off (o) power switch for the SonicWALL appliance

AC Power Supply
AC power connection for use with the supplied power cable

PML

I o

M1 / M0 Expansion Bays
Expansion bays for additional SonicWALL modular accessories

SonicWALL NSA 2400MX Getting Started Guide Page iii

Page iv SonicWALL NSA 2400MX Front Panel

Pre-Configuration Tasks

In this Section:

1
1

This section provides pre-configuration information. Review this section before setting up your SonicWALL NSA 2400MX appliance. Checking NSA 2400MX Package Contents - page 2 Obtaining Configuration Information - page 3 Verifying System Requirements - page 4

SonicWALL NSA 2400MX Getting Started Guide Page 1

Checking NSA 2400MX Package Contents

Before setting up your SonicWALL NSA appliance, verify that your package contains the following parts: NSA 2400MX Appliance Ethernet Cable DB9 -> RJ45 (CLI) Cable Rack Mounting Kit Standard Power Cord* Getting Started Guide

Any Items Missing?

If any items are missing from your package, please contact SonicWALL support. A listing of the most current support documents are available online at: <http://www.sonicwall.com/us/support.html>
*The pictured power cord is intended for use in North America only.

Network Security Appliance

2400MX

(x2)

(x6)

Page 2 Checking NSA 2400MX Package Contents

Obtaining Configuration Information

Record and keep for future reference:

Internet Service Provider (ISP) Information

Record the following information about your current Internet service: If you connect using Please record No information is usually required , although some providers may require a host name. Host name: Static IP IP Address: Subnet Mask: . . . . . . . . . . . . . . . . . .

Registration Information
Serial Number: Record the serial number found on the bottom panel of your SonicWALL appliance. Record the authentication code found on the bottom panel of your SonicWALL appliance.

DHCP

Authentication Code:

Networking Information
LAN IP Address: Select a static IP address for your SonicWALL appliance that is within the range of your local subnet. If you are unsure, you can use the default IP address (192.168.168.168). Record the subnet mask for the local subnet where you are installing your SonicWALL appliance. Select a static IP address for your Ethernet WAN. This setting only applies if you are already using an ISP that assigns a static IP address.

Default Gateway: Primary DNS: DNS 2 (optional): DNS 3 (optional):

. Subnet Mask: .

Ethernet WAN IP Address: . . .

Note:

If you are not using one of the network configurations above, refer to <http://www.sonicwall.com/us/support.html>.

Administrator Information
Admin Name: Select an administrator account name. (default is admin) Select an administrator password. (default is password)

Admin Password:

SonicWALL NSA 2400MX Getting Started Guide Page 3

Verifying System Requirements

Before you begin the setup process, verify that you have: An Internet connection A Web browser supporting Java Script and HTTP uploads. Supported browsers include the following:
Accepted Browser Internet Explorer Firefox Opera Chrome Safari Browser Version Number 6.0 or higher 3.0 or higher 9.10 or higher for Windows 4.0 or higher 3.0 or higher for MacOS

Page 4 Verifying System Requirements

Registering Your Appliance

In this Section:
This section provides instructions for registering your SonicWALL NSA 2400MX appliance. Creating a MySonicWALL Account - page 6 Registering and Licensing Your Appliance - page 6 Upgrading Firmware on Your SonicWALL - page 9

2
2

Note: Registration is an important part of the setup process and is necessary to receive the benefits of SonicWALL security services,
firmware updates, and technical support.

SonicWALL NSA 2400MX Getting Started Guide Page 5

Creating a MySonicWALL Account

If you already have a MySonicWALL account, skip to the Registering and Licensing Your Appliance section. Otherwise, perform the following steps to create an account: 1. 2. In your browser, navigate to www.mysonicwall.com. In the login screen, click the Not a registered user link.

Registering and Licensing Your Appliance

This section contains the following subsections: Product Registration - page 6 Licensing Security Services and Software - page 7 Verifying Bundled Services - page 7 Activating Pre-Purchased Services - page 8 Purchasing a New Service - page 8

Product Registration
You must register your SonicWALL security appliance on MySonicWALL to enable full functionality. 1. 2. 3. Login to your MySonicWALL account. If you do not have an account, you can create one at www.mysonicwall.com. On the main page, type the appliance serial number in the Register A Product field. Then click Next. On the My Products page, under Add New Product, type the friendly name for the appliance, select the Product Group if any, type the authentication code into the appropriate text boxes, and then click Register. On the Product Survey page, fill in the requested information and then click Continue.

3. 4. 5.

Complete the Registration form and click Register. Verify the information is correct and click Submit. In the screen confirming that your account was created, click Continue.

4.

Page 6 Creating a MySonicWALL Account

Licensing Security Services and Software

The Service Management - Associated Products page in MySonicWALL lists security services, support options, and software, such as ViewPoint, that you can purchase or try with a free trial. For details, click the Info button. Your current licenses are indicated in the Status column with either a license key or an expiration date. You can purchase additional services now or at a later time.

Gateway Services: Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Firewall Global Management System Content Filtering: Premium Edition Comprehensive Anti-Spam VPN Upgrade Desktop and Server Software: Enforced Client Anti-Virus and Anti-Spyware Global VPN Client Global VPN Client Enterprise ViewPoint SSL VPN Support Services: Dynamic Support 8x5 Dynamic Support 24x7 Software and Firmware Updates Hardware Warranty

Verifying Bundled Services

If your initial purchase included security services or other software bundled with the appliance, these licenses are enabled on MySonicWALL when the SonicWALL appliance is delivered to you and reflected in the Service Management page on MySonicWALL.

The following list highlights several products and services that are available for the SonicWALL NSA 2400MX: Service Bundles: Client/Server Anti-Virus Suite Comprehensive Gateway Security Suite

SonicWALL NSA 2400MX Getting Started Guide Page 7

Activating Pre-Purchased Services

To manage your licenses, perform the following tasks: 1. 2. Navigate to the My Products page and click the registered product you want to manage. If you purchase a service subscription or upgrade from a sales representative separately, you will receive an Activation Key for the product. This key is emailed to you after online purchases, or is on the front of the certificate that was included with your purchase. Locate the product on the Service Management page and click Enter Key in that row. In the Activate Service page, type or paste your key into the Activation Key field and then click Submit. Depending on the product, you will see an expiration date or a license key string in the Status column when you return to the Service Management page.

Purchasing a New Service

To license a 30-day trial for a service: 1. 2. Click Try in the Service Management page. A 30-day free trial is immediately activated. Review the status page, which should display relevant information including the activation status, expiration date, number of licenses, and links to installation instructions or other documentation.

To purchase a full license for a service: 1. 2. Click Buy Now. In the Buy Service page, type the number of licenses you want in the Quantity column for either the 1-year, 2-year, or 3-year license row and then click Add to Cart. In the Checkout page, follow the instructions to complete your purchase.

3.

3.

The MySonicWALL server will generate a license key for the product. The key is added to the license keyset. You can use the license keyset to manually apply all active licenses to your SonicWALL appliance. The service management screen will display the product you licensed with an expiration date when activation is complete.

Page 8 Registering and Licensing Your Appliance

Upgrading Firmware on Your SonicWALL

Although your SonicWALL ships with the most current firmware available at the time of manufacture, firmware upgrades that provide new features and functionality updates are always available through MySonicWALL. This section provides instructions to upgrade your firmware to the latest version of SonicOS: 1. Obtaining the Latest Firmware - page 9 Saving a Backup Copy of Your Preferences - page 9 Upgrading the Firmware with Current Settings - page 10 Using SafeMode to Upgrade Firmware - page 10 To obtain a new SonicOS Enhanced firmware image file for your SonicWALL security appliance, connect to your MySonicWALL account at: <http://www.mysonicwall.com> Copy the new SonicOS Enhanced image file to a convenient location on your management station.

existing settings in the event that it becomes necessary to return to a previous configuration state. The System Backup shows you the current configuration and firmware in a single, clickable restore image. In addition to using the backup feature to save your current configuration state to the SonicWALL security appliance, you can export the configuration preferences file to a directory on your local management station. This file serves as an external backup of the configuration preferences, and can be imported back into the SonicWALL security appliance. Perform the following procedures to save a backup of your configuration settings and export them to a file on your local management station: 1. On the System > Settings page, click Create Backup. Your configuration preferences are saved. The System Backup entry is displayed in the Firmware Management table. To export your settings to a local file, click Export Settings. A popup window displays the name of the saved file.

Obtaining the Latest Firmware

2.

2.

Saving a Backup Copy of Your Preferences

Before beginning the update process, make a system backup of your SonicWALL security appliance configuration settings. The backup feature saves a copy of the current configuration settings on your SonicWALL security appliance, protecting your

SonicWALL NSA 2400MX Getting Started Guide Page 9

Upgrading the Firmware with Current Settings

Perform the following steps to upload new firmware to your SonicWALL appliance and use your current configuration settings upon startup. 1. Download the SonicOS Enhanced firmware image file from MySonicWALL and save it to a location on your local computer. On the System > Settings page, click Upload New Firmware. Browse to the location where you saved the SonicOS Enhanced firmware image file, select the file and click the Upload button. On the System > Settings page, click the Boot icon in the row for Uploaded Firmware.

Using SafeMode to Upgrade Firmware

If you are unable to connect to the SonicWALL security appliances management interface, you can restart the SonicWALL security appliance in SafeMode. The SafeMode feature allows you to recover quickly from uncertain configuration states with a simplified management interface that includes the same settings available on the System > Settings page. To use SafeMode to upgrade firmware on the SonicWALL security appliance, perform the following steps: 1. Connect your computer to the X0 port on the SonicWALL appliance and configure your IP address with an address on the 192.168.168.0/24 subnet, such as 192.168.168.20. To configure the appliance in SafeMode, perform one of the following: Use a narrow, straight object, such as a straightened paper clip or a toothpick, to press and hold the reset button on the back of the security appliance for 30-seconds. The reset button is in a small hole next to the power supply. The Test light starts blinking when the SonicWALL security appliance has rebooted into SafeMode.

2. 3.

4.

2.

Note: On the System > Settings page, click the Boot icon in
the row for Uploaded Firmware with Factory Default Settings. 5. 6. In the confirmation dialog box, click OK. The SonicWALL restarts and then displays the login page. Enter your user name and password. Your new SonicOS Enhanced image version information is listed on the System > Settings page.

Page 10 Upgrading Firmware on Your SonicWALL

3.

Point the Web browser on your computer to 192.168.168.168. The SafeMode management interface displays.

4.

5.

6.

7. 8.

If you have made any configuration changes to the security appliance, select the Create Backup On Next Boot checkbox to make a backup copy of your current settings. Your settings will be saved when the appliance restarts. Click Upload New Firmware, and then browse to the location where you saved the SonicOS Enhanced firmware image, select the file and click the Upload button. Select the boot icon in the row for one of the following: Uploaded Firmware - New! Use this option to restart the appliance with your current configuration settings. Uploaded Firmware with Factory Defaults - New! Use this option to restart the appliance with default configuration settings. In the confirmation dialog box, click OK to proceed. After successfully booting the firmware, the login screen is displayed. If you booted with factory default settings, enter the default user name and password (admin / password) to access the SonicWALL management interface.

Note: Remember to change your IP address settings back to

DHCP. Otherwise, you may not be able to connect to the Internet.

SonicWALL NSA 2400MX Getting Started Guide Page 11

Page 12

Deployment Scenarios

In this Section:

3
3

This section provides detailed overviews of advanced deployment scenarios as well as configuration instructions for connecting your SonicWALL NSA 2400MX. Initializing the SonicWALL - page 14 Choose a Deployment Scenario - page 15 Setup for NAT / Route Mode Gateway - page 16 Setup for Layer 2 Bridge Mode - page 18 Verifying WAN (Internet) Connectivity - page 21

Tip: Before completing this section, fill out the information in Obtaining Configuration Information - page 3. You will need to enter this
information during the Setup Wizard.

SonicWALL NSA 2400MX Getting Started Guide Page 13

Initializing the SonicWALL

To begin deployment of your SonicWALL: 1. Connect the SonicWALL appliance to an AC power source.
Network Security Appliance

SonicWALL NSA 2400MX

2400MX

The Power LED on the front panel lights up blue when you plug in the SonicWALL NSA. The Test LED will light up and may blink while the appliance performs a series of diagnostic tests. When the Power LED is lit and the Test LED is no longer lit, the SonicWALL NSA 2400MX is ready for configuration. This typically occurs within a few minutes of applying power to the appliance.

X1 (WAN)

X0 (LAN)

Internet
Management Station

3. 4.

Note: If the Test LED remains lit after the SonicWALL NSA
appliance has been booted, restart the appliance by cycling power. 2. Using standard CAT-5 or better Ethernet cable, connect your Internet connection (switch/router/modem) to the X1 (WAN) port on your SonicWALL NSA Series appliance.

Connect one end of the provided Ethernet cable to the computer you are using to manage the SonicWALL NSA appliance. Connect the other end of the cable to the X0 (LAN) port on your SonicWALL NSA appliance. The Link LED above the X0 (LAN) port will light up in green or amber depending on the link throughput speed, indicating an active connection: - Amber indicates 1 Gbps - Green indicates 100 Mbps - Unlit while the right (activity) LED is illuminated indicates 10 Mbps

Page 14 Initializing the SonicWALL

Choose a Deployment Scenario

This Getting Started Guide contains two deployment scenarios. Select your scenario from one of the following:

NAT/Route Mode Gateway

For installations with a single SonicWALL NSA 2400MX, configured as an Internet or network gateway.

Layer 2 Bridge Mode

For installations where the SonicWALL NSA 2400MX is running in tandem with an existing network gateway.
Third Party Gateway

NSA 2400MX

Internet
Network Security Appliance

Internet
2400MX
Network Security Appliance

NSA 2400MX
2400MX

Local Clients

Local Data and Resources

Network Security Appliance

Web Server
Local Clients Local Data and Resources
Network Security Appliance

Web Server

E7500

Network Security Appliance

E7500

Network Security Appliance

Network Security Appliance

E7500

Network Security Appliance

E7500

E7500

Network Security Appliance Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance Network Security Appliance

E7500

Network Security Appliance Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

SSL-VPN Appliance
Secure Remote Access
SRA EX5000

Network Security Appliance

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance Network Security Appliance

E7500

Network Security Appliance Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

SSL-VPN Appliance
Secure Remote Access
SRA EX5000

Network Security Appliance

E7500

LAN 1

LAN 2

DMZ

LAN 1

LAN 2

DMZ

NAT/Route Mode Gateway

To complete setup for this scenario, turn to: Setup for NAT / Route Mode Gateway section, on page 16

Layer 2 Bridge Mode

To complete setup for this scenario, turn to: Setup for Layer 2 Bridge Mode section, on page 18

SonicWALL NSA 2400MX Getting Started Guide Page 15

Setup for NAT / Route Mode Gateway

For installations with a single SonicWALL NSA 2400MX, configured as an Internet or network gateway. In this scenario, the SonicWALL NSA 2400MX is configured in NAT/Route mode to operate as a single network gateway. Two Internet sources may be routed through the SonicWALL appliance for load balancing and failover purposes. This section provides initial configuration instructions for connecting your SonicWALL NSA 2400MX. Follow these steps if you are setting up your SonicWALL in NAT/Route Mode. This section contains the following subsections: Accessing the Management Interface - page 16 Troubleshooting Initial Setup - page 17 Connecting to Your Network - page 17

3.

The SonicWALL Setup Wizard launches and guides you through the configuration and setup of your SonicWALL NSA appliance. The Setup Wizard launches only upon initial loading of the SonicWALL NSA management interface.

Note: You may also access the wizard by clicking on the

Wizards 4. icon in the toolbar. Follow the on-screen prompts to complete the Setup Wizard.

Depending on the changes made during your setup configuration, the SonicWALL may restart.

Accessing the Management Interface

The computer you use to manage the SonicWALL NSA Series must be set up to have an unused IP address on the 192.168.168.x/24 subnet, such as 192.168.168.20. To access the SonicOS Web-based management interface: 1. Start your Web browser. Remember to disable pop-up blocking software or add the management IP address http://192.168.168.168 to your pop-up blockers allow list. 2. Enter http://192.168.168.168 (the default LAN management IP address) in the Location or Address field.
Page 16 Setup for NAT / Route Mode Gateway

Troubleshooting Initial Setup

If you cannot connect to the SonicWALL NSA appliance or the Setup Wizard does not display, verify the following configurations: Did you correctly enter the management IP address in your Web browser? Are the Local Area Connection settings on your computer set to use DHCP or set to a static IP address on the 192.168.168.x/24 subnet? Do you have the Ethernet cable connected to your computer and to the X0 (LAN) port on your SonicWALL? Is the connector clip on your network cable properly seated in the port of the security appliance?

A simplified example below shows zones configured with multiple VLANs including: X1: WAN Zone X2-X5: WLAN Zone X18-X21: 1st Floor LAN Clients (QA Lab, DMZ) X22-X25: 2nd Floor LAN Clients (Exec, Eng, Mrktg) Several ports are configured with VLANs so that multiple zone types may be used across each interface.
X1 (WAN)

Internet or LAN 2
Network Security Appliance

NSA 2400MX
2400MX

X2-X5 SonicPoint N

X18-X21

X22-X25

Note: Some pop-up blockers may prevent the launch of the

Setup Wizard. You can temporarily disable your pop-up blocker, or add the management IP address of your SonicWALL (192.168.168.168 by default) to your popup blocker's allow list.
Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Local Wireless Clients

QA Lab VLAN

DMZ VLAN

Exec VLAN

Eng VLAN

Mrktg VLAN

Connecting to Your Network

Ports X0 and X1 are preconfigured as LAN and WAN, respectively. The remaining ports can be configured to meet the needs of your network: X2-X17 - 10/100 Fully Configurable Ethernet X18-X25 - 10/100/1000 Fully Configurable Gigabit Ethernet

Wireless (WLAN)

1st Floor LAN

2nd Floor LAN

Next... Continue to Verifying WAN (Internet) Connectivity page 21.

SonicWALL NSA 2400MX Getting Started Guide Page 17

Setup for Layer 2 Bridge Mode

For installations where the SonicWALL NSA 2400MX is running in tandem with an existing network gateway. L2 Bridge Mode employs a secure learning bridge architecture, enabling it to pass and inspect traffic types that cannot be handled by other methods of transparent security appliance integration. Using L2 Bridge Mode, a SonicWALL security appliance can be non-disruptively added to any Ethernet network to provide in-line deep packet inspection for all TCP and UDP traffic types, including IEEE 802.1Q VLANs, Spanning Tree Protocol, multicast, broadcast, and IPv6. This section provides instructions to configure the SonicWALL NSA appliance in tandem with an existing Internet gateway device. This section is relevant to users following an L2 Bridge Mode deployment only. This section contains the following subsections: Accessing the Management Interface - page 18 Connection Overview - page 19 Configuring the Primary Bridge Interface - page 19 Configuring the Secondary Bridge Interface - page 20

Accessing the Management Interface

The computer you use to manage the SonicWALL NSA Series must be set up to have an unused IP address on the 192.168.168.x/24 subnet, such as 192.168.168.20. To access the SonicOS Web-based management interface: 1. Start your Web browser. Remember to disable pop-up blocking software or add the management IP address http://192.168.168.168 to your pop-up blockers allow list. 2. Enter http://192.168.168.168 (the default LAN management IP address) in the Location or Address field. 3. The SonicWALL Setup Wizard launches and guides you through the initial configuration and setup of your SonicWALL NSA appliance. The Setup Wizard launches only upon initial loading of the SonicWALL NSA management interface.

Note: You may also access the wizard by clicking on the

Wizards 4. icon in the toolbar. Follow the on-screen prompts to complete the Setup Wizard.

Depending on the changes made during your setup configuration, the SonicWALL may restart.

Page 18 Setup for Layer 2 Bridge Mode

Connection Overview
Connect the X1 port on your SonicWALL NSA 2400MX to the LAN port on your existing Internet gateway device. Then connect the X0 port on your SonicWALL to your LAN.
Network Gateway

Configuring the Primary Bridge Interface

The primary bridge interface is your existing Internet gateway device. The only step involved in setting up your primary bridge interface is to ensure that the WAN interface is configured for a static IP address. You will need this static IP address when configuring the SonicWALL as a secondary bridge device.

Internet or LAN 2

NSA 2400MX
Network Security Appliance

L2 Bridge Link

Note: The primary bridge interface must have a static IP

assignment.

2400MX

X2-X5 SonicPoint N

X18-X21

X22-X25

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Network Security Appliance

E7500

Local Wireless Clients

QA Lab VLAN

DMZ VLAN

Exec VLAN

Eng VLAN

Mrktg VLAN

Wireless (WLAN)

1st Floor LAN

2nd Floor LAN

SonicWALL NSA 2400MX Getting Started Guide Page 19

Configuring the Secondary Bridge Interface

Complete the following steps to configure the X0 interface on the SonicWALL appliance as a secondary bridged interface: 1. 2. Navigate to Network > DHCP Server In the DHCP Server Lease Scopes section, uncheck the Enable checkbox for the X0 interface DHCP scope.

Note: It is necessary to disable the DHCP server on the X0

interface, as manual IP addressing is used in L2 bridge mode. If you are using a port other than X0 for your bridged port, ensure that DHCP leases are disabled on this port. 6. 7. In the IP Assignment drop-down list, select Layer 2 Bridge Mode. In the Bridged to drop-down list, select the X1 interface.

Note: Do not enable Never route traffic on the bridge-pair

unless your network topology requires that all packets remain on the L2 Bridge segments. 3. 4. 5. Click the Accept button. Navigate to Network > Interfaces. Click the Configure icon in the right column of the X0 (LAN) interface. 8. 9. Configure management options (HTTP, HTTPS, Ping, SNMP, SSH, User logins, or HTTP redirects). Click OK.

Next... Continue to Verifying WAN (Internet) Connectivity page 21.

Page 20 Setup for Layer 2 Bridge Mode

Verifying WAN (Internet) Connectivity

To confirm connectivity to gateway, DNS, and other servers: 1. 2. 3. In the SonicOS interface, navigate to the System > Diagnostics page. From the Diagnostic Tool list, select Check Network Settings. Select the servers you wish to test, or select all.

4.

Click the Test All Selected button to test connectivity to these servers.

Note: Services which are not licensed on your installation will

show up as failed in the connectivity test.

SonicWALL NSA 2400MX Getting Started Guide Page 21

Page 22 Verifying WAN (Internet) Connectivity

Enabling Essential Security Services

In this Section:

4
4

Security services are an essential component of a secure network deployment. This section provides instructions for enabling security services on your SonicWALL NSA 2400MX appliance. Activating Licenses in SonicOS - page 24 Configuring Security Services - page 24 Enforcing Security Services on Network Zones - page 28 Security Service Dashboard - page 28

SonicWALL NSA 2400MX Getting Started Guide Page 23

Activating Licenses in SonicOS

After completing the registration process in SonicOS, you must perform the following tasks to activate your licenses and enable your licensed services from within the SonicOS user interface: Activate licenses Enable security services Apply services to network zones

To activate licenses in SonicOS: 1. 2. Navigate to the System > Licenses page. Under Manage Security Services Online do one of the following: Enter your MySonicWALL credentials, then click the Synchronize button to synchronize licenses with MySonicWALL. Paste the license keyset into the Manual Upgrade Keyset field. Click Submit.

To activate licensed services in SonicOS, you can enter the license keyset manually, or you can synchronize all licenses at once with MySonicWALL. The Setup Wizard automatically synchronizes all licenses with MySonicWALL if the appliance has Internet access during initial setup. If initial setup is already complete, you can synchronize licenses from the System > Licenses page. Manual upgrade using the license keyset is useful when your appliance is not connected to the Internet. The license keyset includes all license keys for services or software enabled on MySonicWALL. It is available on <http://www.sonicwall.com> at the top of the Service Management page for your SonicWALL NSA appliance.

3.

Configuring Security Services

SonicWALL security services are key components of threat management in SonicOS. The core security services are Gateway Anti-Virus, Intrusion Prevention Services, and AntiSpyware. You must enable each security service individually in the SonicOS user interface. Enable and configure applicable security services: Enabling Gateway Anti-Virus - page 25 Enabling Intrusion Prevention Services - page 25 Enabling Anti-Spyware - page 26 Enabling Comprehensive Anti-Spam Service - page 26 Enabling Content Filtering Service - page 27

Page 24 Activating Licenses in SonicOS

Enabling Gateway Anti-Virus

To enable Gateway Anti-Virus in SonicOS: 1. 2. 3. Navigate to Security Services > Gateway Anti-Virus. Select the Enable Gateway Anti-Virus checkbox. Choose to Enable Inbound Inspection and Enable Outbound Inspection on the desired protocols.

Enabling Intrusion Prevention Services

To enable Intrusion Prevention Services in SonicOS: 1. 2. 3. Navigate to Security Services > Intrusion Prevention. Select the Enable Intrusion Prevention checkbox. In the Signature Groups table, select the Prevent All and Detect All checkboxes for each attack priority that you want to prevent. Selecting the Prevent All and Detect All check boxes for High Priority Attacks and Medium Priority Attacks protects your network against the most dangerous and disruptive attacks.

4.

Click the Accept button.

4.

Click the Accept button.

SonicWALL NSA 2400MX Getting Started Guide Page 25

Enabling Anti-Spyware
To enable Anti-Spyware in SonicOS: 1. 2. 3. 4. 5. Navigate to the Security Services > Anti-Spyware page. Select the Enable Anti-Spyware checkbox. Select the Prevent All and Detect All checkboxes for each spyware danger level that you want to prevent. Select the inbound Protocols you wish to inspect. Select the Enable Inspection of Outbound Spyware Communication checkbox to enforce signature inspection on outbound traffic.

Enabling Comprehensive Anti-Spam Service

To enable Anti-Spam in SonicOS: 1. Navigate to the Anti-Spam > Settings page.

Note: If the service is not registered yet, click the SonicWALL

Comprehensive Anti-Spam Service Trial link or register the service on MySonicWALL. 2. Select the Enable Anti-Spam Service checkbox.

3.

4.

Email System Detection will attempt to configure your service automatically. Alternatively, you may scroll down to configure Advanced Options, including service probes and your mail server address and port. Click the Accept button to complete the setup process.

6.

Click the Accept button.

Page 26 Configuring Security Services

Enabling Content Filtering Service

Content Filtering Service (CFS) Bypass for Administrators The Do not bypass CFS blocking for the administrator checkbox controls content filtering for administrators. By default, when the administrator (admin user) is logged into the SonicOS management interface from a system, CFS blocking is suspended for that systems IP address for the duration of the authenticated session. If you prefer to provide content filtering and apply CFS policies to the IP address of the administrators system, perform the following steps: 1. 2. Select the Do not bypass CFS blocking for the Administrator checkbox. Click Accept.

Disabling, Editing, or Deleting Addresses from the CFS Exclusion List You can temporarily disable CFS exclusions without removing all entries from the list. You can also delete some or all IP address ranges from the CFS Exclusion List. 1. To keep the CFS Exclusion List entries, but temporarily allow content filtering policies to be applied to these IP addresses, uncheck the Enable CFS Exclusion List checkbox. This disables CFS exclusions. To edit a trusted domain entry, click the pencil icon in the Configure column. To delete an individual trusted domain from the CFS Exclusion List, click the Delete icon for the entry in the Configure column. To delete all trusted domains from the CFS Exclusion List, click Delete All. On the Security Services > Content Filter page, click Accept.

2. 3.

Enabling and Adding to the CFS Exclusion List To enable the CFS Exclusion List and add a range of IP addresses to it, perform the following steps: 1. 2. 3. Select the Enable CFS Exclusion List checkbox. Click Add. The Add CFS Range Entry window is displayed. Enter the first IP address in the excluded range into the IP Address From: field and the last address into the IP Address To: field. Click OK. The IP address range is added to the CFS Exclusion List. On the Security Services > Content Filter page, click Accept.

4. 5.

4. 5.

SonicWALL NSA 2400MX Getting Started Guide Page 27

Enforcing Security Services on Network Zones

A network zone is a logical group of one or more interfaces to which you can apply security rules to regulate traffic passing from one zone to another zone.

Security Service Dashboard

The SonicOS Security Dashboard displays local and global statistics on blocked threats. The Security Dashboard is accessable from the System > Security Dashboard page in the SonicOS management interface.

Security services such as Gateway Anti-Virus are automatically applied to the LAN and WAN network zones. To protect other zones such as the DMZ or Wireless LAN (WLAN), you must apply the security services to the network zones. For example, you can configure SonicWALL Intrusion Prevention Service for incoming and outgoing traffic on the WLAN zone to add more security for internal network traffic. To apply services to network zones: 1. 2. 3. Navigate to the Network > Zones page. In the Zone Settings table, click the Configure icon for the zone where you want to apply security services. In the Edit Zone dialog box on the General tab, select the checkboxes for the security services to enable on this zone. Click OK. To enable security services on other zones, repeat steps 2 through step 4 for each zone.

4. 5.

Page 28 Enforcing Security Services on Network Zones

Support and Training Options

In this Section:
This section provides overviews of customer support and training options for the SonicWALL NSA 2400MX. Customer Support - page 30 Knowledge Base - page 30 SonicWALL Live Product Demos - page 31 User Forums - page 32 Training - page 33 Related Documentation - page 34 SonicWALL Secure Wireless Network Integrated Solutions Guide - page 35

SonicWALL NSA 2400MX Getting Started Guide Page 29

Customer Support
For answers to all your support questions visit the SonicWALL support Web site at <http://www.sonicwall.com/us/ Support.html> where you will find featured support topics, tutorials, and more. If you need further assistance, SonicWALL offers telephone, email, and Web-based support to customers with valid Warranty Support or a purchased support contract. Please review our Warranty Support Policy for product coverage.

Knowledge Base
The Knowledge Base allows users to search for SonicWALL documents based on the following types of search tools: Browse Search for keywords Full-text search

For further information, navigate to the Support > Knowledge Base page at: <http://www.mysonicwall.com/>

Page 30 Customer Support

SonicWALL Live Product Demos

Get the most out of your appliance with the complete line of SonicWALL products. The SonicWALL Live Demo Site provides free test drives of SonicWALL security products and services through interactive live product installations: Unified Threat Management Platform Secure Cellular Wireless Continuous Data Protection SSL VPN Secure Remote Access Content Filtering Secure Wireless Solutions Email Security SonicWALL GMS and ViewPoint For further information, visit: <http://livedemo.sonicwall.com/>

SonicWALL NSA 2400MX Getting Started Guide Page 31

User Forums
The SonicWALL User Forums is a resource that provides users the ability to communicate and discuss a variety of security and appliance subject matters. In this forum, the following categories are available for users: Content Security Manager topics Continuous Data Protection topics Email Security topics Firewall topics Network Anti-Virus topics Security Services and Content Filtering topics SonicWALL GMS and Viewpoint topics SonicPoint and Wireless topics SSL VPN topics NSA 2400MX / Wireless WAN - 3G Capability topics VPN Client topics VPN site-to-site and interoperability topics

For further information, visit: <https://forum.sonicwall.com/>

Page 32 User Forums

Training
SonicWALL offers an extensive sales and technical training curriculum for Network Administrators, Security Experts and SonicWALL Medallion Partners who need to enhance their knowledge and maximize their investment in SonicWALL Products and Security Applications. SonicWALL Training provides the following resources for its customers: E-Training Instructor-Led Training Custom Training Technical Certification Authorized Training Partners

For further information, visit: <http://www.sonicwall.com/us/support/training.html>

SonicWALL NSA 2400MX Getting Started Guide Page 33

Related Documentation
See the following related documents for more information: SonicOS Enhanced Administrators Guide SonicOS Enhanced Release Notes SonicOS Enhanced Feature Modules Application Firewall Dashboard HA License Sync Multiple Admin NAT Load Balancing Packet Capture Radio Frequency Monitoring Single Sign-On SSL Control Virtual Access Points SonicWALL GMS 5.0 Administrators Guide SonicWALL GVC 4.0 Administrators Guide SonicWALL ViewPoint 5.0 Administrators Guide SonicWALL GAV 4.0 Administrators Guide SonicWALL IPS 2.0 Administrators Guide SonicWALL Anti-Spyware Administrators Guide SonicWALL CFS Administrators Guide

For further information, visit: <http://www.sonicwall.com/us/support/289.html>

Page 34 Related Documentation

SonicWALL Secure Wireless Network Integrated Solutions Guide

Looking to go wireless? Have questions about what it takes to build a truly secure wireless network? Check out the SonicWALL Secure Wireless Network Integrated Solutions Guide. This book is the official guide to SonicWALLs marketleading wireless networking and security devices. This title is available in hardcopy at fine book retailers everywhere, or by ordering directly from Elsevier Publishing at: <http://www.elsevier.com>

SonicWALL NSA 2400MX Getting Started Guide Page 35

Page 36 SonicWALL Secure Wireless Network Integrated Solutions Guide

Product Safety and Regulatory Information

In this Section:
This section provides regulatory along with trademark and copyright information. Safety and Regulatory Information - page 38 Weitere Hinweise zur Montage - page 39 FCC Part 15 Class A Notice - page 40 Canadian Radio Frequency Emissions Statement - page 40 CISPR 22 (EN 55022) Class A - page 40 Regulatory Information for Korea - page 40 Copyright Notice - page 41 Trademarks - page 41

SonicWALL NSA 2400MX Getting Started Guide Page 37

Safety and Regulatory Information

Regulatory Model/Type 1RK16-076 Product Name NSA 2400MX

Rack Mounting the SonicWALL

The above SonicWALL appliances are designed to be mounted in a standard 19-inch rack mount cabinet. The following conditions are required for proper installation: Use the mounting hardware recommended by the rack manufacturer and ensure that the rack is adequate for the application. Four mounting screws, compatible with the rack design, must be used and hand tightened to ensure secure installation. Choose a mounting location where all four mounting holes line up with those of the mounting bars of the 19-inch rack mount cabinet. Mount in a location away from direct sunlight and sources of heat. A maximum ambient temperature of 104 F (40 C) is recommended. Route cables away from power lines, fluorescent lighting fixtures, and sources of noise such as radios, transmitters and broadband amplifiers. The included power cord is intended for use in North America only. For European Union (EU) customers, a power cord is not included. Ensure that no water or excessive moisture can enter the unit. Allow unrestricted airflow around the unit and through the vents on the side of the unit. A minimum of 1 inch (25.44mm) clearance is recommended. Mount the SonicWALL appliances evenly in the rack in order to prevent a hazardous condition caused by uneven mechanical loading.

Consideration must be given to the connection of the equipment to the supply circuit. The effect of overloading the circuits has minimal impact on overcurrent protection and supply wiring. Appropriate consideration of equipment nameplate ratings must be used when addressing this concern. Reliable grounding of rack-mounted equipment must be maintained. Particular attention must be given to power supply connections other than direct connections to the branch circuits such as power strips.

Lithium Battery Warning

The Lithium Battery used in the SonicWALL Internet security appliance may not be replaced by the user. The SonicWALL must be returned to a SonicWALL authorized service center for replacement with the same or equivalent type recommended by the manufacturer. If, for any reason, the battery or SonicWALL Internet security appliance must be disposed of, do so following the battery manufacturer's instructions.

Cable Connections
All Ethernet and RS232 (Console) cables are designed for intra-building connection to other equipment. Do not connect these ports directly to communication wiring or other wiring that exits the building where the SonicWALL is located.

Page 38 Safety and Regulatory Information

Weitere Hinweise zur Montage

Das SonicWALL Modell ist fr eine Montage in einem standardmigen 19-Zoll-Rack konzipiert. Fr eine ordnungsgeme Montage sollten die folgenden Hinweise beachtet werden: Vergewissern Sie sich, dass das Rack fr dieses Gert geeignet ist und verwenden Sie das vom Rack-Hersteller empfohlene Montagezubehr. Verwenden Sie fr eine sichere Montage vier passende Befestigungsschrauben, und ziehen Sie diese mit der Hand an. Whlen Sie einen Ort im 19-Zoll-Rack, wo alle vier Befestigungen der Montageschien verwendet werden. Whlen Sie fr die Montage einen Ort, der keinem direkten Sonnenlicht ausgesetzt ist und sich nicht in der Nhe von Wrmequellen befindet. Die Umgebungstemperatur darf nicht mehr als 40 C betragen. Achten Sie darauf, das sich die Netzwerkkabel nicht in der unmittelbaren Nhe von Stromleitungen, Leuchtstoffrhren und Strquellen wie Funksendern oder Breitbandverstrkern befinden. Das beigefgte Netzkabel ist nur fr den Gebrauch in Nordamerikas Vorgesehen. Fr Kunden in der Europaschen Union (EU) ist ein Netzkabel nicht im Lieferumfang enthalten. Stellen Sie sicher, dass das Gert vor Wasser und hoher Luftfeuchtigkeit geschtzt ist. Stellen Sie sicher, dass die Luft um das Gert herum zirkulieren kann und die Lftungsschlitze an der Seite des Gehuses frei sind. Hier ist ein Belftungsabstand von mindestens 26 mm einzuhalten. Bringen Sie die SonicWALL waagerecht im Rack an, um mgliche Gefahren durch ungleiche mechanische Belastung zu vermeiden. Prfen Sie den Anschluss des Gerts an die Stromversorgung, damit der berstromschutz sowie die elektrische Leitung nicht von einer eventuellen berlastung der Stromver

sorgung beeinflusst werden. Prfen Sie dabei sorgfltig die Angaben auf dem Aufkleber des Gerts. Eine sichere Erdung der Gerte im Rack muss gewhrleistet sein. Insbesondere muss auf nicht direkte Anschlsse an Stromquellen geachtet werden wie z. B. bei Verwendung von Mehrfachsteckdosen.

Hinweis zur Lithiumbatterie

Die in der Internet Security Appliance von SonicWALL verwendete Lithiumbatterie darf nicht vom Benutzer ausgetauscht werden. Zum Austauschen der Batterie muss die SonicWALL in ein von SonicWALL autorisiertes Service-Center gebracht werden. Dort wird die Batterie durch denselben oder entsprechenden, vom Hersteller empfohlenen Batterietyp ersetzt. Beachten Sie bei einer Entsorgung der Batterie oder der SonicWALL Internet Security Appliance die diesbezglichen Anweisungen des Herstellers.

Kabelverbindungen
Alle Ethernet- und RS232-C-Kabel eignen sich fr die Verbindung von Gerten in Innenrumen. Schlieen Sie an die Anschlsse der SonicWALL keine Kabel an, die aus dem Gebude in dem sich das Gert befindet ,herausgefhrt werden.

SonicWALL NSA 2400MX Getting Started Guide Page 39

FCC Part 15 Class A Notice

NOTE: This equipment was tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy. And if not installed and used in accordance with the instruction manual, the device may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the interference at his own expense. Complies with EN 55022 Class A and CISPR22 Class A Warning: This is a class A product. In a domestic environment, this product may cause radio interference in which case the user may be required to take adequate measures. Caution: Modifying this equipment or using this equipment for purposes not shown in this manual without the written consent of SonicWALL, Inc. could void the users authority to operate this equipment.

CISPR 22 (EN 55022) Class A

Warning: This is a class A product. In a domestic environment, this product may cause radio interference in which case the user may be required to take adequate measures. Declaration of Conformity
Application of council Directive 2004/108/EC (EMC) and 2006/95/EC (LVD) Standards to which conformity is declared EN 55022 (2006) Class A EN 55024 (1998) +A1 (2001), +A2 (2003) EN 61000-3-2 (2005) EN 61000-3-3 (1995) +A1 (2001), +A2 (2005) EN 60950-1 (2006) National Deviations: AR, AT, AU, BE, BR, CA, CH, CN, CZ, DE, DK, FI, FR, GB, GR, HU, IL, IN, IT, JP, KE, KR, MY, NL, NO, PL, SE, SG, SI, SK, US

Regulatory Information for Korea

Ministry of Information and Telecommunication Certification Number SWL-1RK16-076

BMSI Statement

All products with country code (blank) and A are made in the USA. All products with country code B are made in China. All products with country code C or D are made in Taiwan R.O.C. All certificates held by Secuwide, Corp.

VCCI Statement

Canadian Radio Frequency Emissions Statement

This Class A digital apparatus complies with Canadian ICES-003. Cet appareil numrique de la classe A est conforme toutes la norme NMB-003 du Canada.

Page 40 Safety and Regulatory Information

Copyright Notice
2010 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, cannot be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format. Specifications and descriptions subject to change without notice.

Trademarks
SonicWALL is a registered trademark of SonicWALL, Inc. Windows 2000, Windows XP, Windows Server 2003, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation. Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. Firefox is a trademark of the Mozilla Foundation. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies and are the sole property of their respective manufacturers.

SonicWALL NSA 2400MX Getting Started Guide Page 41

Page 42

SonicWALL, Inc. 2001 Logic Drive San Jose, CA 95124-3452 T +1 408.745.9600 F +1 408.745.9300 www.sonicwall.com

P/N 232-001475-51 Rev A 3/24/10

PROTECTION AT THE SPEED OF BUSINESS

2010 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice.