SonicWALL SMA 6200 Quick start guide

SonicWall™SecureMobileAccess6200/7200

GettingStartedGuide

RegulatoryModelNumbers:

1RK31‐0B0–SMA6200

1RK30‐0AF–SMA7200

Copyright©2017SonicWallInc.Allrightsreserved.

SonicWallisatrademarkorregisteredtrademarkofSoni cWallInc.and/oritsaffiliatesintheU.S.A.and/orothercountries.Allothertrademarksandregistered

trademarksarepropertyoftheirrespectiveowners

TheinformationinthisdocumentisprovidedinconnectionwithSonicWallInc.and/oritsaffiliates’products .Nolicense,expressor

implied,byesto ppelor

otherwise,toanyintellectualpropertyrightisgrantedbythisdocumentorinconnectionwiththesaleofSonicWallproducts.EXCEPTASSETFORTHINTHETERMS

ANDCONDITIONSASSPECIFIEDINTHELICENSEAGREEMENTFORTHISPRO DUCT,SONICWALLAND/ORITSAFFILIATESASSUMENOLIABILITYWHATSOEVERAND



DISCL AIMSANYEXPRESS,IMPLIEDORSTATUTORYWARRANTYREL ATINGTOITSPRODUCTSINCLUDIN G,BUTNOTLIMITEDTO,THEIMPLIEDWARRANT YOF

MERCHANTABILIT Y,FITNESSFORAPART ICU L AR PU RPOSE,ORNON‐INFRINGEMENT.INNOEVENTSHALLSONICWALLAND/ORITSAFFILIATESBELIABLEFORANY

DIRECT,INDIRECT,CONSEQUENTIAL,PUNITIVE,232‐003431‐52RevAf

thisdocumentandreservestherighttomakechangestospecificationsandproduct

descriptionsatanytimewithoutnotice.SonicWallInc.and/oritsaffiliatesdonotmakeanycommitmenttoupdatetheinformationcontainedinthisdocument.

Formoreinformation,visithttps://www.sonicwall.com/legal/.

SMA6200/7200GettingStartedGuide

Updated‐June2017

232‐003431‐

52RevA

Legend

WARNING:AWARNINGiconindicatesapotentialforpropertydamage,personalinjury,ordeath.

CAUTION:ACAUTIONiconindicatespotentialdamagetohardwareorlossofdataifinstructionsarenotfollowed.

IMPORTANT,NOTE,TIP,MOBILE,orVIDEO:Aninformationiconindicatessupportinginformation.

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

3

1

InthisGuide

ThisGettingStartedGuideprovidesinstructionsforbasicinstallationandconfigurationoftheSonicWall™SecureMobileAccess

6200/7200appliances.

ForQuickPolicySetupCharts,refertoQuickPolicySetuponpage57.

Contents

Chapter1Sectionsincluded:

InthisGuideonpage3Contentsonpage3

Chapter2Sectionsincluded:

IntroductiontotheSMA6200/7200onpage7SMA6200/7200PackageContentsonpage8

SMA6200/7200FrontPanelsonpage10

SMA6200/7200BackPanelsonpage11

4

SonicWallSecur eMobileAccess6200/7200GettingStartedGuide

Chapter3Sectionsincluded:

PreparingtoDeploytheSMA6200/7200onpage13 NetworkArchitectureonpage14

PreparingfortheInstallationonpage16

AboutInstallationandDeploymentonpage19

Chapter4Sectionsincluded:

InstallationandConfigurationonpage21 ConnectingtheApplianceonpage22

StartingtheApplianceonpage22

EnteringNetworkSettingsUsing

theLCDonpage23

RunningtheSetupWizardonpage23

ConnectingtoAMConpage25

ConfiguringBasicWorkPlacePortalAccessonpage26

Chapter5Sectionsincluded:

RegisteringandObtainingaLicenseonpage31 UsingMySonicWallonpage32

CreatingaMySonicWallaccountonpage32

RegisteringyourApplianceonpage33

Downloading

yourLicenseFileonpage33

ImportingyourLicensesonpage34

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

5

Forgeneralsupportinformation,seeSonicWallSupportonpage55.

Chapter6Sectionsincluded:

RackMountingtheApplianceonpage37 AttachingInnerRailstotheApplianceonpage40

InstallingtheOuterRailsonpage40

InstallingtheApplianceintheRackonpage42

RemovingtheAppli ancefromtheRackonpage42

Chapter7Sectionsincluded:

SafetyandRegulatoryInformationonpage45 SafetyInstructionsonpage46

Sicherheitsanweisungenonpage48

安全說明onpage51

DeclarationofConformityonpage53

WarrantyInformationonpage53

台灣 RoHS/ 限用物質含有情況標示資訊onpage54

6

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

7

2

IntroductiontotheSMA6200/7200

Thissectiondescri bestheitemsshippedwiththeSonicWallSecureMobileAccess6200/7200appliancesandprovidesfrontand

rearillustrationsoftheappliances.

• SMA6200/7200PackageContentsonpage8

• SMA6200/7200FrontPanelsonpage10

• SMA6200/7200BackPanelsonpage11

8

SonicWallSecur eMobileAccess6200/7200GettingStartedGuide

SMA6200/7200PackageContents

Beforeyoubeginthesetupprocess,verifythatyourpackagecontainsthefollowingitems:

1OneSMA6200orSMA7200appliance

2Onerackmountingkit

3OneRJ45toDB9consolecable

4OneEthernetcable

5OnepowercordforSMA6200ortwopowercordsforSMA7200*

6OneSonicWallSecureMobileAccess6200/7200Getting

StartedGuide

*Theincludedpowercord(s)areapprovedforuseonlyinspecificcountriesorregions.Beforeusingapowercord,verifythatitis

ratedandapprovedforuseinyourlocation.ThepowercordsareforACmainsinstallationonly.SeeSafetyandRegulatory

Informationonpage45for

minimumpowercordratingandadditionalsafetyinformation.

添付の電源コードに関して

電気安全を確保するために、弊社製品にご使用いただく電源コードは必ず製品同梱の電源コードをご使用ください。

この電源コードは他の製品では使用できません。

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

9

Packagecontents

Ifanyitemsaremissingfromyourpackage,contactSupportathttps://support.sonicwall.com.

1

4

5

6

3

2

SonicWall™ Secure Mobile Access 6200/7200

Geƫng Started Guide

Regulatory Model Numbers:

1RK31-0B0 – SMA 6200

1RK30-0AF – SMA 7200

10

SonicWallSecur eMobileAccess6200/7200GettingStartedGuide

SMA6200/7200FrontPanels

LCD controls

Console port

DisplayPort

USB ports

LED Indicators

(top to bottom)

Hard disk drive activity

Alarm condition

Test - Quick blinking: Initializing;

Solid: Test mode

Power 1/2 - Blue: operating correctly;

Yellow: Unconnected power supply or failure

X1 / X0

X3 / X2

X5 / X4

SFP+ ports

(10 Gb)

Diagnostics port

(for future use)

(Disabled)

(1 Gb)

Digital audio/video

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

11

SMA6200/7200BackPanels

SMA6200:

Hard drives (2) Power supply

Fans (3)

12

SonicWallSecur eMobileAccess6200/7200GettingStartedGuide

SMA7200:

Hard drives (2) Power supplies (2)

Fans (3)

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

13

3

PreparingtoDeploytheSMA6200/7200

Thissectionprovidesanoverviewofsingle‐homedanddual‐homednetworkarchitectureanddiscussesfirewallsettingsandother

informationyouneedaboutcomponentsofyournetworktosuccessfullydeploytheSMA6200/7200.

• NetworkArchitectureonpage14

• PreparingfortheInstallationonpage16

• AboutInstallationandDeploymentonpage

19

14

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

NetworkArchitecture

AllSMA6200/7200appliancescanbesetupineitheradual

interfaceorsingleinterfaceconfiguration,alsoknownasdual‐

homedandsingle‐homed.

Ineitherconfiguration,appliancemanagementwithAMCis

accomplishedbyaccessingtheinternal(X0)interface.

Thisguidestepsyouthroughabasicsingle‐homedinterface

configuration.For

thehighestlevelofsecurityand

performance,SonicWallrecommendsadual‐homed

configuration.Ref ertotheDeploymentPlanningGuideand

SMAAdministrationGuide forfurtherinformation.

Dual‐HomedConfiguration(Internal

andExternalInterfaces)

Onenetworkinterfaceisusedforexternaltraffic(thatis,to

andfromtheInternet),andtheotherinterfaceisusedfor

internaltraffic(toandfromyourcorporatenetwork).

Single‐HomedInterfaceConfiguration

(InternalInterface)

Asinglenetworkinterfaceisusedforbothinternaland

externaltraffic.Inthisconfiguration,theapplianceisusually

installedinthedemilitarizedzone(orDMZ,alsoknownasa

perimeternetwork).

SMA appliance

Firewall

Corporate network

Internet

File

Server

Application

Server

Web

Server

Firewall

DMZ

Internal interface

SMA appliance

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

15

Inbothconfigurations,incomingrequeststotheSMA6200/

7200services—includingHTTP/StrafficfortheWebproxy

service—aresentoverport80(HTTP)andport443(HTTPS).

TrafficfromtheOnDemandagentisalwayssentoverport443.

Becausemostnetworksareconfiguredtoenabletrafficover

theseports,youshould

notneedtoreconfigurefirewallson

yournetwork.

Youshouldinstalltheapplianceinalocationwhereitcan

connecttoresourcesonyournetwork,including:

• Applicationserversandfileservers,includingWeb

servers,client/serverapplications,andWindowsfile

servers.

• Externalauthenticationrepositories(suchasanLDAP,

MicrosoftActiveDirectory,or

RADIUSserver).

• OneormoreDomainNameSystem(DNS)servers.

• Optionally,aWindowsInternetNameService(WINS)

server.ThisisrequiredforbrowsingWindowsnetworks

usingWorkPlace.

Althoughnotrequired,enablingtheappliancetocommunicate

withtheseadditionalresourcesprovidesgrea terfunctionality

andeaseofuse:

• NetworkTimeProtocol(NTP)

serverforsynchronizing

thetimeontheappliance.

• Externalserverforstoringsyslogoutput.

• Administrator’sworkstationforsecureshell(SSH)

access.

Youcanconfiguretheappliancetouseaself‐signedserver

certificate,or,forenhancedsecurity,youcanobtaina

certificatefromacommercialcertificateauthority(CA).For

moreinformation,

refertotheSMAAdministrationGuide.

CAUTION:TheSMA6200/7200appliancedoesnot

providefullfirewallcapabilitiesandshouldbesecured

behindafirewall.Runningwithoutafirewallmakesthe

appliancevulnerabletoattacksthatcancompromise

securityanddegradeperformance.

16

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

PreparingfortheInstallation

Beforebeginningtheinstallation,youneedtogather

informationaboutyournetworkingenvironmentandverify

thatyourfirewallsareproperlyconfiguredtopermittrafficto

andfromtheapplianceasexplainedinthefollowingsections:

• GatheringInformationonpage16

• VerifyingyourFirewallPoliciesonpage17

GatheringInformation

Beforeconfiguringtheappliance,youneedtogatherthe

followinginform ation.Youarepromptedforsomeofthis

informationwhenrunningtheSetupWizard,butmostofitwill

beusedwhenyouconfiguretheapplianceintheAppliance

ManagementConsole(AMC).RefertotheSMAAdministration

Guide.

Settingsrequired

tostartApplianceManagementConsole

• Therootpasswordforadministeringtheappliance

• Thenamefortheappliance(becausethisnameisused

onlyinlogfiles,youdonotneedtoaddittoDNS)

• TheinternalIPaddressand,optionally,anexternalIP

address

• Selectaroutingmodeandsupply

IPaddressesforthe

networkgatewaystotheInt ernet,andyourcorporate

network.

Certificateinformation

Severalpiecesofinformationareusedtogener atetheserver

andAMCcertificates:

• Afullyqualifieddomainname(FQDN)fortheappliance

andforanyWorkPlacesitesthatuseauniquename.

Thesenamesshouldbe

addedtoyourpublicDNS;they

arealsovisibletouserswhentheyconnecttoWeb‐

basedresources.

• AFQDNfortheApplianceManagementConsole(AMC)

server.TheAMCservernameisusedtoaccessAMC,

whichisaWeb‐basedtoolforadministeringthe

appliance.

Namelookupinformation

• InternalDNS

domainnameofthenetworktowhichthe

applianceisconnected

• PrimaryinternalDNSserveraddress(additionalDNS

serversareoptional)

• IPaddressforaninternalWINSserverandthenameof

yourWindowsdomain(requiredtobrowsefilesona

WindowsnetworkusingWorkPlace,butareotherwise

optional)

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

17

Authenticationinformation

Servernameandlogininformationforyourauthentication

servers(LDAP,ActiveDirectory,orRADIUS)

VirtualAddresspoolinformation

Ifyouareplanningtodeployeithernetworktunnelclient

(ConnectTunnelorOnDemandTunnel),youmustallocateIP

addressesforoneormoreaddresspools.Formore

information,refertothe

SMAAdministration Guide.

Optionalconfigurationinformation

• ToenableSSHaccessfromaremotemachine,youneed

toknowtheremotehost’s IPaddress.

• TosynchronizewithanNTPserver,youneedtoknow

theIPaddressesforoneormoreNTPservers.

• Tosenddatatoasyslogserver,

youneedtoknowtheIP

addressandportnumberforoneormoresyslog

servers.

VerifyingyourFirewallPolicies

Fortheappliancetofunctioncorrectly,youmustopenports

onyourexternal(Internet‐facing)andinternalfirewalls.

ExternalFirewall

Forsecureaccesstotheapp liancefromaWebbrowseror

OnDemand,youmustmakesurethatports80and443are

openonfirewallsatyoursite.Openingyourfirewalltopermit

SSHaccessisoptional,butcanbeusefulforperforming

administrativetasksfromaremotesystem.

ExternalFirewall

Traffic



Type

Port/

protocol

Usage Required?

ESP 4500/UDP ESPTunnel Yes

HTTP 80/tcp Unencryptednetwork

access

Yes

HTTPS 443/tcp Encryptednetworkaccess Yes

SSH 22/tcp Administrativeaccessto

theapplication

No

18

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

InternalFirewall

Ifyouhaveafirewallontheinternalnetwork,youmayneedto

adjustitspolicytoopenportsforback‐endapplicationswith

whichtheappliancemustcommunicate.Inadditionto

openingportsforstandardnetworkser vicessuchasDNSand

email,youmayneedtomodifyyourfirewallpolicy

beforethe

appliancecanaccessthefollowingservices.

InternalFirewall

TrafficType Port/protocol Usage

Microsoft

networking

138/tcpand

138/udp

137/tcpand

137/udp

139/udp

162/snmp

445/smb

UsedbyWorkPlaceto

performWINSname

resolution,browse

requests,andaccess

fileshares

LDAP

(unencrypted)

389/tcp Communicatewithan

LDAPdirectoryor

MicrosoftActive

Directory

LDAPoverSSL

(encrypted)

636/tcp Communicatewithan

LDAPdirectoryor

MicrosoftActive

DirectoryoverSSL

RADIUS 1645/udpor

1812/udp

Communicatewitha

RADIUSauthentication

server

NTP 123/udp Synchronizethe

applianceclockwithan

NTPserver

Syslog 514/tcp Sendsystemlog

informationtoasyslog

server

SNMP 161/udp Monitortheappliance

fromanSNMP

managementtool

InternalFirewall

TrafficType Port/protocol Usage

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

19

AboutInstallationand

Deployment

Thissectionoutlinestheprocessofinstalling,configuring,and

testingtheappliance,andthendeployingitinaproduction

environment.TheInstallationandDeploymentProcesstable

providesanoverviewofthesteps.

InstallationandDeploymentProcess

InstallationStep Description

Makeanoteofyour

applianceserial

numberand

authenticationcode.

You’llneedthisinformation

when you

registeryourproducton

MySonicWall.Theserialnumberand

authenticationcodeareprintedon

yourappliancelabel;theyarealso

displayedontheGeneralSettings

pageinAMC.

Rack‐mountthe

applianceand

connectthecables.

SeeRackMountingtheApplianceon

page37andConnectingthe

Appliance on

page22.

Turnontheappliance

andbegin

configuration.

Toconnect toyourapplianceonyour

internalnetworkyoumustspecifyan

internalIPaddressandthesubnet

mask.Usethecontrolsonthe frontof

theappliance.SeeEnteringNetwork

SettingsUsingtheLCDonpage23.

RunSetupWizard. Thewizardguides

youthroughthe

processofinitialsetupforyourSMA

appliance.SeeRunningtheSetup

Wizardonpage23.

Registeryour

applianceon

MySonicWall.

Registeryourapplianceon

MySonicWall.Productregistration

givesyouaccesstoessential

resources,suchasyourlicensefile

andupdates.Toregister,youneed

boththeserial

numberforyour

applianceanditsauthentication

code.

InstallationandDeploymentProcess

InstallationStep Description

20

SonicWallSecureMobileAccess6200/7200GettingStartedGuide

Page is loading ...

SonicWALL SMA 6200 Quick start guide

This manual is also suitable for

SonicWALL SMA 6200 Quick start guide

Related papers

Other documents