Manuale d’uso / di manutenzione del prodotto SSL-VPN 2000 del fabbricante SonicWALL
Vai alla pagina of 86
S e c u r e R e m o t e A c c e s s S o l u t i o n s A P P L I A N C E S S on i c W A LL S SL -V PN Se ri es SSL -V PN 2000 G e t t i n g S t a r t e d G u i d e.
SonicWALL SSL-VPN 2000 Getting Started Guide Pa ge 1 SonicW ALL SSL-VPN 2000 Appliance Getting S t arted Guide Thank you for your purch ase of th e SonicW ALL SSL-VPN 2000, the solution for secure remote access to mission-cr itical resources from virtually any end point—including desktops, laptop s, PDAs and smartphones.
Page 2 Before Y ou Begin Check Package Content s • One SonicW ALL SSL-VPN 2000 appliance • One SonicW ALL SSL-VPN 2000 Getting S tarted Guide • One SonicW ALL SSL-VPN Release Notes • One straight-through Etherne t cable • One rack-mount kit • One power cord* * A power cord is included only with units shipped to North America.
SonicWALL SSL-VPN 2000 Getting Started Guide Pa ge 3 Selecting a SonicW ALL Recommended Deployment Scenario The deployment scenarios describ ed in this section are based on actual customer deployments and are So nicW ALL-recomm ended deployment best p ractices.
Page 4 Applying Power to the SonicW ALL SSL-VPN 2000 1. Plug the power cord into th e SonicW ALL SSL-VPN 2000 and into an appropriate power outlet. 2. T urn on the power switch on the rear of the appliance next to the power cord. The Power LED on the fr ont p anel lig ht s up gr een when you turn on the SonicW ALL SSL-VPN 2000.
SonicWALL SSL-VPN 2000 Getting Started Guide Pa ge 5 Accessing the Management Interface T o access the W eb-based management interface of the SonicW ALL SSL-VPN 2000: 1. Connect one end of an Ethernet ca ble into the X0 port of your SonicW ALL SSL- VPN 2000.
Page 6 5. The SonicW ALL SSL-VPN management interface disp lays and prompts yo u to enter your user name and p assword. Enter “admin” in the User Name field, “pas swor d” in the Password field, select LocalDomain from the Domain drop-down list and click the Login button.
SonicWALL SSL-VPN 2000 Getting Started Guide Pa ge 7 Configuring Y our SonicW ALL SSL-VPN 2000 Once your SonicW ALL SSL-VPN 2000 is connected to a compute r through the management port (X0) , it can be configured through the W eb-based management interface.
Page 8 3. Enter a password for th e “admin” account in the Password field. Re-enter the password in the Confirm Password field. 4. Click the OK butto n to apply changes. Adding a Local User 1. Navigate to the Users > Local Users page. 2. Click the Add User button.
SonicWALL SSL-VPN 2000 Getting Started Guide Pa ge 9 Setting Time Zone 1. Navigate to the System > Time page . 2. Select the appr opriate time zone from the drop-down menu. 3. Click the Accept button. Note: Setting the time correctly is essential to many of the operations of the SonicWALL SSL-VPN 2000.
Page 10 4. (Optional) Enter a secondary DNS server in th e Secondary DNS Server field. 5. (Optional) Enter your DNS Domain in the DNS Domain Field. 6. (Optional) Enter your WINS server s in the Primary WINS Server and Secondary WINS Server fields. 7. Click the Accept button.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 11 3. In the Interface Settings dialog box, set the IP address and netmask to: 4. Click OK . When you click OK , you will lose your connection to the SSL-VPN.
Page 12 3. Select X0 in the Interfaces drop down list. 4. Click the Accept button. Adding a NetExtender Client Route NetExte nde r allows remote client s to have seamle ss access to reso urces on your lo cal network. 1. Navigate to the NetExtender > Client Rout es page.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 13 Setting your NetExtender Address Range The NetExtender IP r ange defines the IP ad dress pool from which addresses will be assigned to remote users du ring NetExtender sessions.
Page 14 T o set your NetExtender ad dress range, perform the following step s: 1. Navigate to the NetExtender > Client Settings page . 2. Enter an address range for yo ur clients in the Client Address Range Begin and Client Address Range End fields.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 15 Connecting the SonicW ALL SSL-VPN 2000 Before continuing, reference the diagra ms on the following pages to connect the SonicW ALL SSL-VPN 2000 to your network.
Page 16 Scenario B: Configuring Y our Network Interface Configure your SonicW ALL SSL-VPN 2000 to connect with your SonicW ALL UTM appliance under network configur ations given in Scenario B. On your SonicW ALL SSL-VPN 2000: 1. Navigate to the Network > Interfaces page .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 17 Scenario B: Connecting the SonicW ALL SSL-VPN 2000 T o con nect the SonicW ALL SSL-VPN 2000 u sing Scenario B, perform the fo llowing steps: 1.
Page 18 Scenario C: Configuring Y our Network Interface Configure your SonicW ALL SSL-VPN 2000 to connect to your SonicWALL UTM appliance under network configur ations given in Scenario C. On the SonicW ALL SSL-VPN 2000: 1. Navigate to the Network > Interfaces page .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 19 Scenario C: Connecting the SonicW ALL SSL-VPN 2000 T o connect the SonicWALL SSL-VPN 2000 using Scenario C, perf orm the fo llowin g steps: 1. Connect one end of an Ethernet ca ble to an unused port on your LAN hub or switch.
Page 20 Configuring Y our Gateway Device Now that you have set up your SonicW ALL SSL-VPN 2000, you need to configure your gateway device to work with the SonicW ALL SSL-VPN 2000. Refer to the table in “Selecting a SonicW ALL Recommended Deployment Scenario” on pa ge 3 to determine the proper scenario for you r network configuration.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 21 Scenario A: Configuring a DMZ or OPT Port in SonicOS S tanda rd 1. Navigate to the Network > Settings page . 2. Click the Configure button for the DMZ or OPT interface. 3. Select the DMZ in NA T Mode radio button.
Page 22 4. In the Step 1: Access Rule T ype page, se lect Public Server Rule an d then click Next . 5. In the Step 2: Public Server page, perfor m the following selections and then click Next : 6. In the Congratulations p age, clic k Apply to cr eate the rules and allow access from the W AN to the SonicW ALL SSL-VPN appliance on the DMZ.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 23 If you are allowing HTTP access to the SonicW ALL SSL-VPN appliance, create a public server access rule for HTTP: 1. In the Firewall > Access Rules page, click . 2. In the Welcome to the Network Acces s Rules Wizard p age, click Next .
Page 24 7. In the Step 4: Access Rule Source Interface and Address p age, perform the following selections and then click Next : Interface DMZ IP Address Begin The X0 IP address of the SonicWALL SSL-VPN appliance, 192.168.200.1 by default IP Address End The X0 IP address of the SonicWALL SSL-VPN appliance, 192.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 25 8. In the Step 5: Access Rule Destina tion Interface and Address p age, pe rf or m th e following selections and then click Next : 9. In the Step 6: Access Rule Time p age, leave Tim e Ac tiv e set to Always Active unless you want to limit when you want SS L-VPN clients to have access to the LAN.
Page 26 Create access to the LAN for NetExtender: 1. In the Firewall > Access Rules page, click . 2. In the Welcome to the SonicW ALL Network Access Rules p age , click Next . 3. In the Step 1: Access Rule T ype page, se lect General Rule . Click Next .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 27 Scenario A: Adding a New SSL-VPN Custom Zone in Sonic OS Enhanced 1. Navigate to the Network > Interfaces page . 2. Click Configure button for the X2 int erface (or any other available interfa c e ).
Page 28 Scenario A: Allowing W AN -> SSL-VPN Connection in SonicOS Enhanced Follow this procedure if you are connecting yo ur SonicW ALL SSL-VPN 2000 to a SonicWALL UTM appliance runnin g SonicOS Enhance d .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 29 4. In the Add Service Group dialog box, create a ser vice group for HTTP a nd HTTPS: • Enter a name for the service. • Select both HTTP and HTTPS and click the right arrow button . • Click OK when both HTTP and HTTPS are in the right colum n .
Page 30 7. In the Server Public Informatio n page, either accep t the default IP addr ess or enter an IP address in your allowe d pu blic IP range. Note: The default IP address is the WAN IP address of your SonicWALL UT M appliance.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 31 Scenario A: Allowing SSL-VPN -> LAN Connection in SonicOS Enhanced When users have connected to the SSL-VPN, they need to be able to connect to resources on the LAN. 1. In the administration interface, navigate to the Ne twork > Address Object s pag e.
Page 32 5. In the Add Object dialog box, cr eate an address object for the X0 interface IP address of your SonicW ALL SSL-VPN 2000: Click OK to create the object. 6. On the Network > Address Object s page, in the Address Gr oups section, click . 7.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 33 9. On the Firewall > Access Rules page in the matrix view , click the S SL VPN > LAN icon. 10.
Page 34 1 1. In the Add Rule window , create a rule to allow access to the LAN for the address group you just created: Click OK to create the rule. Continue to S tep Action Allow From Zone SSL VPN T o.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 35 Scenario B: SSL-VPN on Existing DMZ This section provides procedures to co nfigure your gateway appliance based on Scenario B.
Page 36 4. In the Step 1: Access Rule T ype page, se lect Public Server Rule an d then click Next . 5. In the Step 2: Public Server page, perfor m the following selections and then click Next : 6. In the Congratulations p age, clic k Apply to cr eate the rules and allow access from the W AN to the SonicW ALL SSL-VPN appliance on the DMZ.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 37 If you are allowing HTTP access to the SonicW ALL SSL-VPN appliance, create a public server access rule for HTTP: 1. In the Firewall > Access Rules page, click . 2. In the Welcome to the Network Acces s Rules Wizard p age, click Next .
Page 38 6. In the Step 4: Access Rule Source Interface and Address p age, perform the following selections and then click Next : Interface DMZ IP Address Begin The X0 IP address of the SonicWALL SSL-VPN appliance within your DMZ range, for example 10.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 39 7. In the Step 5: Access Rule Destina tion Interface and Address p age, pe rf or m th e following selections and then click Next : 8. In the Step 6: Access Rule Time p age, leave Tim e Ac tiv e set to Always Active unless you want to limit when you want SS L-VPN clients to have access to the LAN.
Page 40 Create access to the LAN for NetExtender: 1. In the Firewall > Access Rules page, click . 2. In the Welcome to the SonicW ALL Network Access Rules p age , click Next . 3. In the Step 1: Access Rule T ype page, se lect General Rule . Click Next .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 41 Scenario B: Allowing W AN -> DMZ Connection in SonicOS Enhanced Follow this procedure if you are co nnecting your SonicW ALL SSL-VPN 2000 to a SonicW ALL UTM appliance running SonicOS Enhanced .
Page 42 4. In the Add Service Grou p dialog box, create a service g roup for HTTP and HTTPS: • Enter a name for the service. • Select both HTTP a nd HTTPS and click . • Click OK when both HTTP and HTTPS are in the right column. 5. In the Public Server T ype page, click Next .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 43 7. In the Server Public Information page, either accept the default IP address or ente r an IP address in your allowed public IP range. Note: The default IP address is the WAN IP address of your SonicWALL UTM appliance.
Page 44 3. In the Add Object dialog box, cr eate an address object for the X0 interface IP address of your SonicW ALL SSL-VPN 2000: Click OK to create the object.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 45 7. In the Add Ad dress Object Group dialog box, create a group for th e X0 interface IP address of your SonicW ALL SSL-VPN 2000 and the NetExtender IP range: • Enter a name for the grou p. • In the left column, se lect the two groups you crea ted and click the arrow button .
Page 46 1 1. In the Add Rule window , create a rule to allow access to the LAN for the address group you just created: Click OK to create the rule. Continue to S tep Action Allow From Zone DMZ T o Zon.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 47 Scenario C: SSL-VPN on the LAN This section provides procedures to co nfigure your gateway appliance based on Scenario C.
Page 48 3. In the Add Object dialog box, cr eate an address object for the X0 interface IP address of your SonicW ALL SSL-VPN 2000: Click OK to create the object.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 49 7. In the Add Ad dress Object Group dialog box, create a group for th e X0 interface IP address of your SonicW ALL SSL-VPN 2000 and the NetExtender IP range: • Enter a name for the grou p. • In the left column, se lect the two groups you crea ted and click the arrow button .
Page 50 1 1. In the Add Rule window , create a rule to allow access to the LAN for the address group you just created: Click OK to create the rule. Action Allow From Zone SSL VPN T o Zone LAN Service .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 51 Scenario C: Setting Public Server Access in SonicOS S t andard 1. Select Wizards in the left navigation bar . 2. Click the Network Access Rules W izard option and press the Next button. 3. Select Public Server Rule .
Page 52 Scenario C: Setting Public Server Access in SonicOS Enhanced 1. Click the Wizards ico n in the top right corner of the SonicOS Enhanced management interface. 2. Select the Public Server Wizard option and then click Next . 3. Select We b Se rve r from the Server T ype drop-down menu.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 53 8. Enter a comment, such as “W AN to SSL-VPN” to describe your conne ction. 9. Click the Next button to continue the Wizard. 10. V erify that the Public Server field contains the correct IP address ( Y ou can generally leave this at the default sett ing).
Page 54 T esting Y our SSL-VPN Connection Now you have configured your Son icW ALL UTM appliance and SonicW ALL SSL- VPN 20 00 for secure SSL VPN remote access.This section provides instructions to verify your SSL-VPN connectio n using a remote client on the W AN.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 55 5. Click the NetExtender button and complete the clie nt inst allation. When complete, the following message is displayed: 6. Ping a host on your corpor ate LAN to verify your SSL-VPN remote connection.
Page 56 Registering Y our SonicW ALL SSL-VPN 2000 Before Y ou Register V erify that the time, DNS, and default r oute settings on your SonicW ALL SSL-VPN are correct bef ore you register you r appliance. T o verify or con figure the time set tings, navigate to the System > Time p age.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 57 3. On the System > Licenses page, click Activate, Up grade, or Renew services . The License M anagement page is displayed. 4. If you have a mySonicW ALL.com account, enter yo ur mySonicW ALL.com user name and password into the fields and then click Submit .
Page 58 6. Under Product Survey , fill in the requested information and then click Submit . The display change s to inform you that your SonicW ALL SSL-VPN 2000 is registe red. 7. Click Continue . 8. In the License Management p age, your latest license information is displayed.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 59 Configuring Dynamic DNS To begin using Dynamic DNS, you must first set up an account with one of the four free service providers listed below: • DynDNS.org • changeip.com • No-IP .com •y i .
Page 60 To configure Dynamic DNS on the SonicW ALL UTM ap pliance, perform these steps: 1. On the Network > Dynamic DNS page, click the Add button .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 61 7. Enter the fully qualified domain na me (FQDN) of the ho stname you register ed with dyndns.org. Make sure you provide the same hostname and domain as you configured. 8. Y ou may optionally select Enable Wildcard and/or configure an MX entry in the Mail Exchanger field.
Page 62 Configuring a St atic IP Address If you did not enable the SonicW ALL UTM appliance DHCP server , you must configure each computer with a st atic IP address from your LAN or WLAN IP addr ess range.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 63 Windows 2000 1. From your Windows Star t menu, select Settin gs . 2. Open Network and Dial-up Connections . 3. Click Properties . 4. Highlight Internet Protocol (TCP/IP) and click Proper ties . 5. Select Use the following IP address .
Page 64 Mounting Guidelines The SonicW ALL SSL-VPN 2000 is designed to be mo unted in a standard 19-inch rack mount cabinet. The following condi tions are required for proper installa tio n: • Use the mounting hardwar e recommended by the rack manufacturer and en sure that the rack is adequate for the application.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 65 Glossary of Networking T erms ActiveX - A technology that allows the sharing of applications and data across the W eb.
Page 66 SSL VPN - Secure Socket Layer Virtual Private Networking. A secured p rivate communications network usually used within a company , or by several different companies or organizations, communicating over a public network. SSL technology is used either for tunneling the entire network stack, or for securing what is essentially a Web proxy .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 67 SonicW ALL Global Support Services On your appliance, on the W eb, and on the ph one, we make it easy and fast to find the information you need to keep your SonicW ALL solution, and your network, running smoothly and efficiently .
Page 68 Customer Support SonicW ALL of fers Web-base d and telephone suppor t to customers who have a valid W arranty or who purchased a Support Contra ct.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 69 Extend Y our Support Coverage. SonicW ALL Dynamic Support Services extend the suppo rt coverage on your SonicW ALL solution beyond the warranty period.
Page 70 Knowledge Port al The Knowledge Por tal allows user s to sear ch fo r S oni cWALL documents based on the following types of se ar ch too ls: •B r o w s e • Search for keywords • Full-t ext search For further information, na vigate to the Support > Knowledge Port al page at: < http://www .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 71 User Forums The SonicW ALL User Forums is a resour ce that provides users the ability to communicat e and discuss a vari ety of security and appliance subject matters.
Page 72 Tr a i n i n g SonicW ALL of fers an extensive sales and te chnical training curricu lum for Network Administrators, Security Experts and So nicW ALL Medallion Partners who need to enhance their knowledge an d maximize thei r investment in SonicW ALL Products and Security Applications.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 73 Related Document ation See the following related docu ments for more information: • SonicW ALL SSL-VPN Administrator ’ s Guide • SonicW ALL SSL-VPN Release Notes • SonicWALL SSL-VPN Feature Modules • SonicW ALL SSL-VPN 3.
Page 74 SonicW ALL Live Product Demos The SonicWALL Live Demo Site provid es free test drives of SonicW ALL security products and services throu gh inte ractiv e live product installations: • SSL VP.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 75 SonicW ALL Secure Wire less Network Integrated Solutions Guide The Of ficial Guide to SonicW ALL ’s market -leading wireless networking and secu rity devices. This 512-p age book is available in hardcopy .
Page 76 SonicW ALL Global T echnical Assistance Center Cont act Information T able 2: Global T echnical Assist ance Contact List Country T oll Free Phone Number T oll Phone Number Calling from North Americ a (Suppor t available in English) United S tates +1 888.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 77 Calling from Asia Pacific (Support availabl e in English except for Japan where supp ort is offered in Jap anese only) Australia +1 800.35.1642 Hong Kong +1 800.93.0997 India 000.800.100.3395 Japan +81 (0)3.
Page 78 FCC Part 15 Class A Notice SonicW ALL SSL-VPN 2000 Regulato ry S tatement and Safety Instructions This regulatory information can also be foun d in the electronic file, “ SonicW ALL_SSL-VPN_Regulatory_S tatement.p df ,” located on the So nicW ALL Web site: < http://www .
SonicWALL SSL-VPN 2000 Getting Started Guide Page 79 VCCI St atement Canadian Radio Frequenc y Emissions St atement This Class A digital app aratus complies with Cana dia n ICES-003. Cet appareil numériq ue de la classe A est conforme à toutes la norme NMB-003 du Canada.
Page 80 Declaration of Conformity Regulatory Information for Korea All products with country code “” (blank) and “A” are made in the USA. All product s with country code “B” are made in China. All products with country code “C” or “D” are made in T aiwan R.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 81 Copyright Notice © 2008 SonicW ALL, Inc. All rights re served. Under the copyright la ws, this manual or the software descri bed within, can not be copied, in whole or p art, without the written consent of the manufactu rer , except in the normal use of the sof t ware to make a backup copy .
Page 82 Declaration of Conformity Notes.
SonicWALL SSL-VPN 2000 Getting Started Guide Page 83 Notes.
Page 84 Declaration of Conformity Notes.
©20 0 8 So ni cWA L L, I nc . is a r eg is te re d tr a de ma rk o f S on icW AL L, I nc . O th er p ro du ct n am es m ent i on ed h er ei n m ay b e tr a de ma rk s a nd /o r re gi s ter ed t r ad em ar k s o f th ei r re sp ec ti v e co mp a ni es .
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il SonicWALL SSL-VPN 2000 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del SonicWALL SSL-VPN 2000 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso SonicWALL SSL-VPN 2000 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul SonicWALL SSL-VPN 2000 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il SonicWALL SSL-VPN 2000, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del SonicWALL SSL-VPN 2000.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il SonicWALL SSL-VPN 2000. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo SonicWALL SSL-VPN 2000 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.