Sangfor WOC 2050 User manual
SANGFOR WOC
(Version 9.0-9.1)
User Manual
December 2015
SANGFOR WAN Optimization Controller User Manual
Table of Contents
Table of Contents.............................................................................................................................1
Declaration.......................................................................................................................................6
Preface..............................................................................................................................................7
About This Manual .......................................................................................................................7
Document Conventions.................................................................................................................8
Graphic Interface Conventions .................................................................................................8
Symbol Conventions.................................................................................................................9
CLI Conventions.......................................................................................................................9
Technical Support .........................................................................................................................10
Acknowledgements........................................................................................................................10
Chapter 1 Knowing Your Sangfor Device................................................................................... 11
Operating Environment............................................................................................................... 11
Product Appearance .................................................................................................................... 11
Connecting Sangfor Device ........................................................................................................12
Chapter 2 Initial Login to Admin Console..................................................................................14
Logging in to Admin Console.....................................................................................................14
Modifying Administrator Password ............................................................................................16
Chapter 3 Deployment and Configuration .................................................................................17
Device Deployment.....................................................................................................................18
Deploying WOC in Gateway Mode....................................................................................18
Deploying WOC in Single Arm Mode................................................................................22
Deploying WOC in Double Arm Mode ..............................................................................25
Deploying WOC in Bridge Mode .......................................................................................26
Deploying WOC in Double Bridge Mode...........................................................................31
System Settings...........................................................................................................................33
System Time........................................................................................................................33
NTP Servers ........................................................................................................................33
Web UI Settings ..................................................................................................................34
Advanced System Settings..................................................................................................34
Network Settings.........................................................................................................................36
Local Subnet .......................................................................................................................36
Creating Local Subnet.........................................................................................................36
Policy-Based Route.............................................................................................................37
Static Route.........................................................................................................................40
1
SANGFOR WAN Optimization Controller User Manual
Creating Static Route ..........................................................................................................41
Dynamic Routing................................................................................................................41
Windows Domain................................................................................................................43
VPN Interface .....................................................................................................................44
VLAN Setting .....................................................................................................................45
CDP Settings.......................................................................................................................46
WCCP Settings....................................................................................................................46
Configuring Multiline .........................................................................................................50
Network Interface Card (NIC) ............................................................................................51
Users ...........................................................................................................................................52
Creating User ..............................................................................................................................54
Creating IP Group .......................................................................................................................54
Creating Application ...................................................................................................................55
Creating Schedule .......................................................................................................................57
Viewing Algorithms....................................................................................................................58
Configuring IP Assignment Options (DHCP).............................................................................59
Configuring Syslog Server..........................................................................................................61
Configuring SNMP Server..........................................................................................................62
Adding SNMP Traps...................................................................................................................63
Central Management...................................................................................................................64
Chapter 4 Sangfor VPN................................................................................................................66
Viewing VPN Status ...................................................................................................................65
Setting Up Inbound VPN Connection.........................................................................................67
Basic Setting .......................................................................................................................67
Sangfor VPN Users.............................................................................................................70
Searching for VPN Users...............................................................................................71
Creating VPN User ........................................................................................................72
Creating User Group......................................................................................................75
Importing Users .............................................................................................................76
Importing Users from Text File......................................................................................76
Importing Users from LDAP Server..............................................................................77
Exporting Users .............................................................................................................77
Virtual IP Pool.........................................................................................................................78
Creating Virtual IP Pool for Mobile VPN Users.....................................................................78
Creating Virtual IP Pool for Branch VPN Users.....................................................................81
Creating Schedule ...................................................................................................................82
Setting Up Outbound VPN Connection ......................................................................................83
2
SANGFOR WAN Optimization Controller User Manual
Creating Multiline Policy............................................................................................................85
Configuring LDAP Server ..........................................................................................................90
Configuring RADIUS Server......................................................................................................93
Configuring VPN Local Subnet..................................................................................................93
Configuring LAN Service...........................................................................................................95
Configuring Multicast Service....................................................................................................98
Configuring Tunnel Route ........................................................................................................100
Configuring Tunnel NAT ..........................................................................................................103
Generating Certificate...............................................................................................................105
Chapter 5 WAN Optimization....................................................................................................106
Application Proxy .....................................................................................................................106
HTTP Proxy ..........................................................................................................................106
CIFS Proxy............................................................................................................................107
SMTP Proxy..........................................................................................................................108
POP3 Proxy...........................................................................................................................108
Exchange Proxy ....................................................................................................................109
Oracle EBS Optimization......................................................................................................109
Citrix Optimization ............................................................................................................... 112
RDP Optimization................................................................................................................. 114
Video Optimization............................................................................................................... 114
Byte Cache................................................................................................................................ 117
Setting Up Inbound Acceleration Connection...........................................................................121
Creating User ........................................................................................................................121
Acceleration Policy...............................................................................................................123
Acceleration Policy Group....................................................................................................124
Setting Up Outbound Acceleration Connection........................................................................127
Creating Profile of Peer WOC ..............................................................................................127
Prefetching ............................................................................................................................131
Certificates................................................................................................................................134
Server Certificate ..................................................................................................................134
CA Certificate .......................................................................................................................136
Exclusion Rule..........................................................................................................................139
Creating Exclusion Rule ...........................................................................................................139
Viewing WAN Optimization Status ..........................................................................................142
Chapter 6 Bandwidth Management ..........................................................................................143
Application Identification .........................................................................................................143
Add Application Identification Rule.........................................................................................144
3
SANGFOR WAN Optimization Controller User Manual
Intelligent Identification............................................................................................................145
URL Group ...............................................................................................................................146
File Type Group ........................................................................................................................147
User Group................................................................................................................................148
Access Control Policy...............................................................................................................152
Creating Access Control Policy ................................................................................................152
Bandwidth Control....................................................................................................................159
Virtual Line ...............................................................................................................................160
Creating Virtual Line.................................................................................................................160
Bandwidth Channel...................................................................................................................163
Creating Assured Bandwidth Channel ......................................................................................163
Creating Limited Bandwidth Channel ......................................................................................165
Creating Bandwidth Control Exclusion Rule............................................................................167
Viewing Bandwidth Usage........................................................................................................169
Troubleshooting ........................................................................................................................171
Proxy Server..............................................................................................................................172
Excluded IP...............................................................................................................................172
Internal Rule Auto Update ........................................................................................................173
Chapter 7 Firewall ......................................................................................................................174
Configuring Source NAT Rule..................................................................................................174
Configuring Destination NAT Rule ..........................................................................................175
Creating Firewall Rule..............................................................................................................177
Anti-DoS...................................................................................................................................180
ARP Protection .........................................................................................................................181
Chapter 8 High Availability........................................................................................................183
Chapter 9 IPSec VPN..................................................................................................................185
Configuring Peer Device (Phase I) ...........................................................................................185
Creating Inbound/Outbound Policy (Phase II)..........................................................................187
Security Options........................................................................................................................189
Chapter 10 Maintenance ............................................................................................................194
Licensing Sangfor WOC and Function Modules ......................................................................194
Backing Up or Restoring System Settings................................................................................196
Backing Up or Restoring WANO Settings................................................................................196
Shutdown ..................................................................................................................................198
Web Console .............................................................................................................................200
Viewing Logs............................................................................................................................201
Appendix A: Internal Report Center ........................................................................................202
4
SANGFOR WAN Optimization Controller User Manual
Appendix B: PACC & Mobile VPN Client ...............................................................................203
Software Installation .................................................................................................................203
Network Deployment................................................................................................................207
Deployment of WOC for Use of PACC&PDLAN................................................................207
Deployment of WOC for Use of PACC ................................................................................208
Configuration............................................................................................................................208
System Settings..................................................................................................................... 211
Mobile VPN Settings ............................................................................................................212
Setting Up Outbound VPN Connection ................................................................................214
PACC Settings & WAN Optimization Status........................................................................216
Appendix C: Sangfor Firmware Updater .................................................................................220
Updating Your Sangfor Device .................................................................................................220
Appendix D: Acronyms and Abbreviations ..............................................................................226
5
SANGFOR WAN Optimization Controller User Manual
Declaration
Copyright © 2013 Sangfor Inc. All rights reserved.
No part of the contents of this document shall be extracted, reproduced or transmitted in any form
or by any means without prior written permission of SANGFOR.
SINFOR, SANGFOR and the Sangfor logo
are the trademarks or registered trademarks of
Sangfor Inc. All other trademarks used or mentioned herein belong to their respective owners.
This manual shall only be used as usage guide, and no statement, information, or suggestion in it
shall be considered as implied or express warranty of any kind, unless otherwise stated. This
manual is subject to change without notice. To obtain the latest version of this manual, please
contact the Customer Service of Sangfor.
6
SANGFOR WAN Optimization Controller User Manual
Preface
About This Manual
This WAN Optimization Controller (WOC) User Manual includes the following chapters:
Chapter
Describe…
Chapter 1 Knowing Your The product appearance, features and performance parameters of
Sangfor Device
Sangfor WOC, wiring and cautions before installation
Chapter 2 Initial Login
to Admin Console
The configuration steps required when administrator accesses the
Web administrator console of Sangfor WOC for the first time
Chapter 3 Deployment
and Configuration
How to deploy the physical Sangfor WOC and configure system
and network related settings through the administrator console
Chapter 4 Sangfor VPN
How to configure Sangfor VPN to establish inbound/outbound
secure VPN connection to a remote Sangfor WOC
Chapter 5 WAN
Optimization
How to configure WAN optimization module to accelerate data
transmitted across the WAN
Chapter 6 Bandwidth
Management
How to configure bandwidth management module to ensure or
restrict bandwidth usage of specific application, user or IP address.
Chapter 7 Firewall
How to configure firewall related settings
Chapter 8 High
Availability
How to configure the high availability (HA) feature, which makes
the system redundant and run more stable
Chapter 9 IPSec VPN
How to set up IPSec VPN connection between Sangfor WOC and
third-party VPN device
Chapter 10 Maintenance How to license the Sangfor WOC, maintain and debug the system,
etc.
Appendix A: Internal
How to enter and use the internal WOC Report Center
Report Center
Appendix B: PACC &
Mobile VPN Client
The installation and usage of the Portable Acceleration (PACC)
client and Mobile VPN client
Appendix C: Sangfor
Firmware Updater
How to use Sangfor Firmware Updater 6.0 to update the Sangfor
device
7
SANGFOR WAN Optimization Controller User Manual
Document Conventions
Graphic Interface Conventions
This user manual uses the following typographical conventions for special terms and instructions:
Convention
Meaning
Example
Page/tab name example:
Navigate to System > Users to enter the User page.
Parameter example:
IPAddress: Specifies the IP address that you want to
reserve for certain computer
Page title,
parameter,
Menus/submenus example:
Log in to the Web administrator console and go to
menu/submenu,
button,
key press,
link,
System > Network > Deployment.
Button example:
boldface
Click the Save button to save the settings.
Key press example:
other highlighted
keyword or item
Press Enter key to enter the administrator console.
Link example:
Once the certificate signing request is generated, click
the Download link to download the request.
Highlighted keyword/item example:
The user name and password are Admin by default.
italics
>
Directory, URL
Website: http://www.sangfor.com
Multilevel menu and Log in to the Web administrator console and go to
submenu
System > Network > Deployment.
“ ”
Prompt, quotation
Click on “This site might require the following ActiveX
control: ‘WebUI Control’ from ‘Sangfor Technologies
Co., Ltd’. Click here to install…”.
8
SANGFOR WAN Optimization Controller User Manual
Symbol Conventions
This manual also adopts the following symbols to indicate the parts which need special attention
to be paid during the operation:
Convention
Meaning
Description
Indicates actions that could cause setting error, loss of
data or damage to the device
Caution
Warning
Note
Indicates actions that could cause injury to human body
Indicates
information
helpful
suggestion
or
supplementary
CLI Conventions
Command syntax on Command Line Interface (CLI) applies the following conventions:
Content in brackets ( ]) is optional
Content in {} is necessary
If there is more than one option, use vertical bar (|) to separate each option, for example,
ip wccp 60 redirect { in | out }
CLI command appears in bold, for example:
configure terminal
Variables appear in italic, for example:
interface e0/1
9
SANGFOR WAN Optimization Controller User Manual
Technical Support
For technical support, please contact us through the following:
Website: http://www.sangfor.com
MSN, Email: tech.support@sangfor.com
Skype: sangfor.tech.support
Tel: + 60 3 2282 1206
Acknowledgements
Thanks for using our product and user manual. If you have any suggestion about the product or
user manual, please provide feedback to us through phone call or email. Your suggestion will be
much appreciated.
10
SANGFOR WAN Optimization Controller User Manual
Chapter 1 Knowing Your Sangfor Device
This chapter introduces the Sangfor WAN Optimization Controller (WOC) and the way of
connecting Sangfor WOC. After proper hardware deployment and installation, you can configure
and debug the system.
Operating Environment
Voltage input: 110V/230V (AC, alternating current)
Temperature: 0-45°C
Humidity: 5%-90%
To ensure endurance and stability of the Sangfor WOC, please ensure the following:
The power supply is well grounded
Dustproof measures are taken
Working environment is well ventilated
Indoor temperature is kept stable
This product conforms to the requirements on environment protection. The placement, usage and
discard of the product should comply with the relevant national laws and regulations of the
country where it is applied.
Product Appearance
Front Panel of SANGFOR WOC 2050
Above is the front panel of SANGFOR WOC 2050. The interfaces from left to right are described
in the following table:
Interface
Description
CONSOLE
Network interface used for high availability (HA) feature or used by device
supplier to debug system.
USB
Standard USB port, connecting to peripheral device
11
SANGFOR WAN Optimization Controller User Manual
ETH0
ETH1
ETH2
ETH3
LAN interface, connecting to the LAN network segment; orange LED on the left
side indicates link status, while green LED on the right side indicates data flow.
DMZ interface, connecting to the DMZ network segment; orange LED on the
left side indicates link status, while green LED on right side indicates data flow.
WAN1 interface, connecting to the first Internet line; orange LED on the left
side indicates link status, while green LED on the right side indicates data flow.
WAN2 interface, connecting to the second Internet line; orange LED on the left
side indicates link status, while green LED on the right side indicates data flow.
POWER
ALARM
Power LED
Alarm LED
The picture above is just for reference. The actual product you purchased and received may vary.
Connecting Sangfor Device
After deploying the Sangfor WAN Optimization Controller (WOC) in your network (for details,
please refer to the Device Deployment section in Chapter 3), follow the instructions below to
connect the Sangfor WOC.
1.
Plug the power cable into the power interface on the rear panel of the device. Attach and turn
on power supply, and then watch the LEDs on the front panel of the Sangfor WOC.
When the device starts up, ALARM LED will turn on and keep on for 1 to 2 minutes, then
turn off; POWER LED (in green) will turn on; connection status LEDs (in orange) next to
WAN and LAN interface will also turn on.
After successful bootup, POWER LED (in green), connection status LEDs (in orange) WAN
and LAN interface will stay on. If data are being transferred through a port, the data flow
LED (in green, beside connection status LED) will blink.
If ALARM LED stays on always, please switch off the power supply and reboot the device. If
ALARM LED still keeps on after reboot, contact SANGFOR Customer Service.
12
SANGFOR WAN Optimization Controller User Manual
If the corresponding LED indicates normal working status, turn off and unplug the power
supply, and perform the following steps.
2.
3.
4.
Use RJ-45 straight-through Ethernet cable to connect the LAN interface to the internal
network.
Use RJ-45 Ethernet crossover cable to connect the WAN1 interface to the external network,
(i.e., router, optical fiber transceiver or ADSL Modem for external network).
If you want the Sangfor WOC to provide secure protection for DMZ (Demilitarized Zone),
use RJ-45 Ethernet cable to connect DMZ interface to the DMZ network from which Web
server, SNMP Server are providing services to external networks.
Use crossover cable to connect WAN interface to the router for external network.
Use straight-through cable to connect LAN interface to switch in the internal network.
For direct access to administrator Web console, use crossover cable to connect LAN
interface to the computer.
In case session cannot be established but the corresponding LED indicates normal working
status, please check whether the right type of cables are being used. The differences between
straight-through cable and crossover cable are shown in the figures on the following page.
13
SANGFOR WAN Optimization Controller User Manual
Chapter 2 Initial Login to Admin Console
Sangfor WAN Optimization Controller (WOC) provides Web-based administration. The initial
URL for Web administrator console access is http://10.254.254.254.
Before logging in to administrator console of WOC, please ensure the following:
Deploy a computer in the subnet where the Sangfor WOC resides.
Connect the PC’s network interface card (NIC) and LAN interface of Sangfor WOC to a
same layer-2 switch, or connect the PC’s NIC to LAN interface directly with a network
cable.
Ensure IE browser is installed on the PC. Non-IE browsers Opera, Firefox, Safari and
Chrome are not supported.
Logging in to Admin Console
1.
Turn on the PC and the Sangfor WOC. Add an IP address on the PC, an IP address that
resides in the network segment 10.254.254.X (for instance, 10.254.254.100) with subnet
mask 255.255.255.0, as shown below:
2.
Open the IE browser and enter the URL address (http://10.254.254.254) into the address bar.
Press Enter key to visit the login page to Web administrator console, as shown below:
14
SANGFOR WAN Optimization Controller User Manual
3.
Before login, you may install the required ActiveX control, as shown below:
Click on “This site might require the following ActiveX control: ‘WebUI Control’ from
‘Sangfor Technologies Co., Ltd’. Click here to install…” and then click on “Install ActiveX
Control…” to install the control, as shown below:
If no pop-up appears, click the link ActiveX on the login page to download the required
ActiveX controls.
4.
Enter the administrator username and password and click the Log In button. The default
administrator username is admin (case-insensitive) and password is Admin (case-sensitive).
5.
6.
To download root CA certificate, click on the link Root CA.
For version information of the software e, click on Version below the textboxes.
15
SANGFOR WAN Optimization Controller User Manual
Modifying Administrator Password
We strongly recommend you to change the administrator password on initial login, so as to
prevent others from logging in to the administrator Web console and using default admin
credentials to make unauthorized changes on the administrator account and initial configurations.
To modify default administrator password, perform the following steps:
1.
Navigate to System > Users to enter the Users page. The default administrator account is
admin, super administrator of the system.
2.
Click the account name admin to edit information of the administrator account:
3.
Enter and confirm the new password and click the OK button.
Password of the account admin should not be shared with anyone.
If the Sangfor WOC is to be maintained by several administrators, create multiple
administrator accounts for segregation of duty.
16
SANGFOR WAN Optimization Controller User Manual
Chapter 3 Deployment and Configuration
After logging in to the administrator console, you will see the left tree of configurable modules,
including System, Sangfor VPN, IPSec VPN, WAN Optimization, Bandwidth Management,
Firewall, High Availability and Maintenance.
What needs to be noted is that some modules may be invisible to you if the corresponding licenses
are not purchased.
During configuration, if there is an OK, Save or Save and Apply button on a page, click it after
modifying or configuring the parameters to save or apply the settings on that page. This will not
be illustrated again in the subsequent parts in this user manual.
17
SANGFOR WAN Optimization Controller User Manual
Device Deployment
The first thing you need to consider before deploying the physical Sangfor WAN Optimiztion
Controller (WOC) in your network is what deployment mode you should use, in that system and
network setting are subject to the deployment mode you choose. Take CDP and WCCP for
example. The two pages are available only in Acceleration Only service mode and Single arm
deployment mode.
Sangfor WOC supports Gateway Mode (or in-line mode in another term), Bridge Mode, Double
Bridge mode, Single Arm mode and Double Arm mode with Acceleration Only functionality, as
well as Gateway mode and Single Arm mode with VPN and Acceleation functionalities.
The followings sections describe what each mode is like and how to perform the essential
configuration.
Deploying WOC in Gateway Mode
Posit your Sangfor WOC on your network. Connect it to the other network (for details, please
refer to the section
1.
Connecting Sangfor Device in Chapter 1). The network topology with WOCs deployed in
Gateway mode is as shown in the figure below:
2.
Log in to the Web administrator console and go to System > Network > Deployment. Select
service mode Acceleration Only or VPN and Acceleration, and deployment mode Gateway
mode, as shown in the figure below:
18
SANGFOR WAN Optimization Controller User Manual
3.
Configure the fields on the above page. The following are the contents included on the
Deployment page with Gateway mode selected:
Service Mode: Service mode falls into Acceleration Only and VPN and Acceleration.
Acceleration Only: If this option is selected, only acceleration feature is enabled, which
means the Sangfor VPN feature does not work. Under this service mode, you can deploy
the WAN Optimization Controller (WOC) in Gateway mode, Bridge mode, Double
Bridge mode, Single Arm mode and Double Arm mode.
VPN and Acceleration: If this option is selected, both Sangfor VPN and acceleration
features are enabled. This service mode is suitable for the environment that the local and
peer WAN Optimization Controllers are deployed in public networks and need to
establish VPN connection in between. The Sangfor VPN module can help to build VPN
tunnel on which acceleration connection is established between the two terminals.
LAN Interface: Configures the IP address of the internal interface, LAN interface, which
is protected by the firewall. This IP address must be identical as that of the physical LAN
interface on the Sangfor WOC.
WAN Interface: This is the external (public) interface of the Sangfor WOC,
19
Table of contents
Other Sangfor Network Hardware manuals
