Sonicwall Sma 6200 User manual

SonicWall™SecureMobileAccess6200/7200

GettingStartedGuide

RegulatoryModelNumbers:

1RK31‐0B0–SMA6200

1RK30‐0AF–SMA7200

SonicWallisatrademarkorregisteredtrademarkofSonicWallInc.and/oritsaffiliatesintheU.S.A.and/orothercountries.Allothertrademarksandregistered

trademarksarepropertyoftheirrespectiveowners

TheinformationinthisdocumentisprovidedinconnectionwithSonicWallInc.and/oritsaffiliates’products.Nolicense,expressorimplied,byestoppelor

otherwise,toanyintellectualpropertyrightisgrantedbythisdocumentorinconnectionwiththesaleofSonicWallproducts.EXCEPTASSETFORTHINTHETERMS

ANDCONDITIONSASSPECIFIEDINTHELICENSEAGREEMENTFORTHISPRODUCT,SONICWALLAND/ORITSAFFILIATESASSUMENOLIABILITYWHATSOEVERAND

DISCLAIMSANYEXPRESS,IMPLIEDORSTATUTORYWARRANT YRELATINGTOITSPRODUCTSINCLUDING,BUTNOTLIMITEDTO,THEIMPLIEDWARRANT YOF

MERCHANTABILITY,FITNESSFORAPA RT I C U L A R PURPOSE,ORNON‐INFRINGEMENT.INNOEVENTSHALLSONICWALLAND/ORITSAFFILIATESBELIABLEFORANY

DIRECT,INDIRECT,CONSEQUENTIAL,PUNITIVE,232‐003431‐51RevBfthisdocumentandreservestherighttomakechangestospecificationsandproduct

descriptionsatanytimewithoutnotice.SonicWallInc.and/oritsaffiliatesdonotmakeanycommitmenttoupdatetheinformationcontainedinthisdocument.

Formoreinformation,visithttps://www.sonicwall.com/legal/.

SMA6200/7200GettingStartedGuide

Updated‐June2017

232‐003431‐51RevB

Legend

WARNING:AWARNINGiconindicatesapotentialforpropertydamage,personalinjury,ordeath.

CAUTION:ACAUTIONiconindicatespotentialdamagetohardwareorlossofdataifinstructionsarenotfollowed.

IMPORTANT,NOTE,TIP,MOBILE,orVIDEO:Aninformationiconindicatessupportinginformation.

SonicWallSecureMobileAccess6200/7200GettingStartedGuide 3

InthisGuide

ThisGettingStartedGuideprovidesinstructionsforbasicinstallationandconfigurationoftheSonicWall™SecureMobileAccess

6200/7200appliances.

ForQuickPolicySetupCharts,refertoQuickPolicySetuponpage57.

Contents

Chapter1Sectionsincluded:

InthisGuideonpage3Contentsonpage3

Chapter2Sectionsincluded:

IntroductiontotheSMA6200/7200onpage7SMA6200/7200PackageContentsonpage8

SMA6200/7200FrontPanelsonpage10

SMA6200/7200BackPanelsonpage11

4SonicWallSecureMobileAccess6200/7200GettingStartedGuide

Chapter3Sectionsincluded:

PreparingtoDeploytheSMA6200/7200onpage13 NetworkArchitectureonpage14

PreparingfortheInstallationonpage16

AboutInstallationandDeploymentonpage19

Chapter4Sectionsincluded:

InstallationandConfigurationonpage21 ConnectingtheApplianceonpage22

StartingtheApplianceonpage22

EnteringNetworkSettingsUsingtheLCDonpage23

RunningtheSetupWizardonpage23

ConnectingtoAMConpage25

ConfiguringBasicWorkPlacePortalAccessonpage26

Chapter5Sectionsincluded:

RegisteringandObtainingaLicenseonpage31 UsingMySonicWallonpage32

CreatingaMySonicWallaccountonpage32

RegisteringyourApplianceonpage33

DownloadingyourLicenseFileonpage33

ImportingyourLicensesonpage34

SonicWallSecureMobileAccess6200/7200GettingStartedGuide 5

Forgeneralsupportinformation,seeSonicWallSupportonpage55.

Chapter6Sectionsincluded:

RackMountingtheApplianceonpage37 AttachingInnerRailstotheApplianceonpage40

InstallingtheOuterRailsonpage40

InstallingtheApplianceintheRackonpage42

RemovingtheAppliancefromtheRackonpage42

Chapter7Sectionsincluded:

SafetyandRegulatoryInformationonpage45 SafetyInstructionsonpage46

Sicherheitsanweisungenonpage48

安全說明onpage51

DeclarationofConformityonpage53

WarrantyInformationonpage53

台灣 RoHS/限用物質含有情況標示資訊onpage54

6SonicWallSecureMobileAccess6200/7200GettingStartedGuide

SonicWallSecureMobileAccess6200/7200GettingStartedGuide 7

IntroductiontotheSMA6200/7200

ThissectiondescribestheitemsshippedwiththeSonicWallSecureMobileAccess6200/7200appliancesandprovidesfrontand

rearillustrationsoftheappliances.

•SMA6200/7200PackageContentsonpage8

•SMA6200/7200FrontPanelsonpage10

•SMA6200/7200BackPanelsonpage11

8SonicWallSecureMobileAccess6200/7200GettingStartedGuide

SMA6200/7200PackageContents

Beforeyoubeginthesetupprocess,verifythatyourpackagecontainsthefollowingitems:

1OneSMA6200orSMA7200appliance

2Onerackmountingkit

3OneRJ45toDB9consolecable

4OneEthernetcable

5OnepowercordforSMA6200ortwopowercordsforSMA7200*

6OneSonicWallSecureMobileAccess6200/7200GettingStartedGuide

*Theincludedpowercord(s)areapprovedforuseonlyinspecificcountriesorregions.Beforeusingapowercord,verifythatitis

ratedandapprovedforuseinyourlocation.ThepowercordsareforACmainsinstallationonly.SeeSafetyandRegulatory

Informationonpage45forminimumpowercordratingandadditionalsafetyinformation.

添付の電源コードに関して

電気安全を確保するために、弊社製品にご使用いただく電源コードは必ず製品同梱の電源コードをご使用ください。

この電源コードは他の製品では使用できません。

SonicWallSecureMobileAccess6200/7200GettingStartedGuide 9

Packagecontents

Ifanyitemsaremissingfromyourpackage,contactSupportathttps://support.sonicwall.com.

SonicWall™ Secure Mobile Access 6200/7200

Geƫng Started Guide

Regulatory Model Numbers:

1RK31-0B0 – SMA 6200

1RK30-0AF – SMA 7200

10 SonicWallSecureMobileAccess6200/7200GettingStartedGuide

SMA6200/7200FrontPanels

LCD controls

Console port

DisplayPort

USB ports LED Indicators

(top to bottom)

Hard disk drive activity

Alarm condition

Test - Quick blinking: Initializing;

Solid: Test mode

Power 1/2 - Blue: operating correctly;

Yellow: Unconnected power supply or failure

X1 / X0

X3 / X2

X5 / X4

SFP+ ports

(10 Gb)

Diagnostics port

(for future use)

(Disabled)

(1 Gb)

Digital audio/video

SonicWallSecureMobileAccess6200/7200GettingStartedGuide 11

SMA6200/7200BackPanels

SMA6200:

Hard drives (2) Power supply

Fans (3)

12 SonicWallSecureMobileAccess6200/7200GettingStartedGuide

SMA7200:

Hard drives (2) Power supplies (2)

Fans (3)

SonicWallSecureMobileAccess6200/7200GettingStartedGuide 13

PreparingtoDeploytheSMA6200/7200

Thissectionprovidesanoverviewofsingle‐homedanddual‐homednetworkarchitectureanddiscussesfirewallsettingsandother

informationyouneedaboutcomponentsofyournetworktosuccessfullydeploytheSMA6200/7200.

•NetworkArchitectureonpage14

•PreparingfortheInstallationonpage16

•AboutInstallationandDeploymentonpage19

14 SonicWallSecureMobileAccess6200/7200GettingStartedGuide

NetworkArchitecture

AllSMA6200/7200appliancescanbesetupineitheradual

interfaceorsingleinterfaceconfiguration,alsoknownasdual‐

homedandsingle‐homed.

Ineitherconfiguration,appliancemanagementwithAMCis

accomplishedbyaccessingtheinternal(X0)interface.

Thisguidestepsyouthroughabasicsingle‐homedinterface

configuration.Forthehighestlevelofsecurityand

performance,SonicWallrecommendsadual‐homed

configuration.RefertotheDeploymentPlanningGuideand

SMAAdministrationGuideforfurtherinformation.

Dual‐HomedConfiguration(Internal

andExternalInterfaces)

Onenetworkinterfaceisusedforexternaltraffic(thatis,to

andfromtheInternet),andtheotherinterfaceisusedfor

internaltraffic(toandfromyourcorporatenetwork).

Single‐HomedInterfaceConfiguration

(InternalInterface)

Asinglenetworkinterfaceisusedforbothinternaland

externaltraffic.Inthisconfiguration,theapplianceisusually

installedinthedemilitarizedzone(orDMZ,alsoknownasa

perimeternetwork).

SMA appliance

Firewall

Corporate network

Internet

File

Server

Application

Server Web

Server

Firewall

DMZ

Internal interface

SMA appliance

SonicWallSecureMobileAccess6200/7200GettingStartedGuide 15

Inbothconfigurations,incomingrequeststotheSMA6200/

7200services—includingHTTP/StrafficfortheWebproxy

service—aresentoverport80(HTTP)andport443(HTTPS).

TrafficfromtheOnDemandagentisalwayssentoverport443.

Becausemostnetworksareconfiguredtoenabletrafficover

theseports,youshouldnotneedtoreconfigurefirewallson

yournetwork.

Youshouldinstalltheapplianceinalocationwhereitcan

connecttoresourcesonyournetwork,including:

•Applicationserversandfileservers,includingWeb

servers,client/serverapplications,andWindowsfile

servers.

•Externalauthenticationrepositories(suchasanLDAP,

MicrosoftActiveDirectory,orRADIUSserver).

•OneormoreDomainNameSystem(DNS)servers.

•Optionally,aWindowsInternetNameService(WINS)

server.ThisisrequiredforbrowsingWindowsnetworks

usingWorkPlace.

Althoughnotrequired,enablingtheappliancetocommunicate

withtheseadditionalresourcesprovidesgreaterfunctionality

andeaseofuse:

•NetworkTimeProtocol(NTP)serverforsynchronizing

thetimeontheappliance.

•Externalserverforstoringsyslogoutput.

•Administrator’sworkstationforsecureshell(SSH)

access.

Youcanconfiguretheappliancetouseaself‐signedserver

certificate,or,forenhancedsecurity,youcanobtaina

certificatefromacommercialcertificateauthority(CA).For

moreinformation,refertotheSMAAdministrationGuide.

CAUTION:TheSMA6200/7200appliancedoesnot

providefullfirewallcapabilitiesandshouldbesecured

behindafirewall.Runningwithoutafirewallmakesthe

appliancevulnerabletoattacksthatcancompromise

securityanddegradeperformance.

16 SonicWallSecureMobileAccess6200/7200GettingStartedGuide

PreparingfortheInstallation

Beforebeginningtheinstallation,youneedtogather

informationaboutyournetworkingenvironmentandverify

thatyourfirewallsareproperlyconfiguredtopermittrafficto

andfromtheapplianceasexplainedinthefollowingsections:

•GatheringInformationonpage16

•VerifyingyourFirewallPoliciesonpage17

GatheringInformation

Beforeconfiguringtheappliance,youneedtogatherthe

followinginformation.Youarepromptedforsomeofthis

informationwhenrunningtheSetupWizard,butmostofitwill

beusedwhenyouconfiguretheapplianceintheAppliance

ManagementConsole(AMC).RefertotheSMAAdministration

Guide.

SettingsrequiredtostartApplianceManagementConsole

•Therootpasswordforadministeringtheappliance

•Thenamefortheappliance(becausethisnameisused

onlyinlogfiles,youdonotneedtoaddittoDNS)

•TheinternalIPaddressand,optionally,anexternalIP

address

•SelectaroutingmodeandsupplyIPaddressesforthe

networkgatewaystotheInternet,andyourcorporate

network.

Certificateinformation

Severalpiecesofinformationareusedtogeneratetheserver

andAMCcertificates:

•Afullyqualifieddomainname(FQDN)fortheappliance

andforanyWorkPlacesitesthatuseauniquename.

ThesenamesshouldbeaddedtoyourpublicDNS;they

arealsovisibletouserswhentheyconnecttoWeb‐

basedresources.

•AFQDNfortheApplianceManagementConsole(AMC)

server.TheAMCservernameisusedtoaccessAMC,

whichisaWeb‐basedtoolforadministeringthe

appliance.

Namelookupinformation

•InternalDNSdomainnameofthenetworktowhichthe

applianceisconnected

•PrimaryinternalDNSserveraddress(additionalDNS

serversareoptional)

•IPaddressforaninternalWINSserverandthenameof

yourWindowsdomain(requiredtobrowsefilesona

WindowsnetworkusingWorkPlace,butareotherwise

optional)

SonicWallSecureMobileAccess6200/7200GettingStartedGuide 17

Authenticationinformation

Servernameandlogininformationforyourauthentication

servers(LDAP,ActiveDirectory,orRADIUS)

VirtualAddresspoolinformation

Ifyouareplanningtodeployeithernetworktunnelclient

(ConnectTunnelorOnDemandTunnel),youmustallocateIP

addressesforoneormoreaddresspools.Formore

information,refertotheSMAAdministrationGuide.

Optionalconfigurationinformation

•ToenableSSHaccessfromaremotemachine,youneed

toknowtheremotehost’sIPaddress.

•TosynchronizewithanNTPserver,youneedtoknow

theIPaddressesforoneormoreNTPservers.

•Tosenddatatoasyslogserver,youneedtoknowtheIP

addressandportnumberforoneormoresyslog

servers.

VerifyingyourFirewallPolicies

Fortheappliancetofunctioncorrectly,youmustopenports

onyourexternal(Internet‐facing)andinternalfirewalls.

ExternalFirewall

ForsecureaccesstotheappliancefromaWebbrowseror

OnDemand,youmustmakesurethatports80and443are

openonfirewallsatyoursite.Openingyourfirewalltopermit

SSHaccessisoptional,butcanbeusefulforperforming

administrativetasksfromaremotesystem.

ExternalFirewall

Traffic

Type

Port/

protocol Usage Required?

ESP 4500/UDP ESPTunnel Yes

HTTP 80/tcp Unencryptednetwork

access

Yes

HTTPS 443/tcp Encryptednetworkaccess Yes

SSH 22/tcp Administrativeaccessto

theapplication

18 SonicWallSecureMobileAccess6200/7200GettingStartedGuide

InternalFirewall

Ifyouhaveafirewallontheinternalnetwork,youmayneedto

adjustitspolicytoopenportsforback‐endapplicationswith

whichtheappliancemustcommunicate.Inadditionto

openingportsforstandardnetworkservicessuchasDNSand

email,youmayneedtomodifyyourfirewallpolicybeforethe

appliancecanaccessthefollowingservices.

InternalFirewall

TrafficType Port/protocol Usage

Microsoft

networking

138/tcpand

138/udp

137/tcpand

137/udp

139/udp

162/snmp

445/smb

UsedbyWorkPlaceto

performWINSname

resolution,browse

requests,andaccess

fileshares

LDAP

(unencrypted)

389/tcp Communicatewithan

LDAPdirectoryor

MicrosoftActive

Directory

LDAPoverSSL

(encrypted)

636/tcp Communicatewithan

LDAPdirectoryor

MicrosoftActive

DirectoryoverSSL

RADIUS 1645/udpor

1812/udp

Communicatewitha

RADIUSauthentication

server

NTP 123/udp Synchronizethe

applianceclockwithan

NTPserver

Syslog514/tcp Sendsystemlog

informationtoasyslog

server

SNMP161/udp Monitortheappliance

fromanSNMP

managementtool

InternalFirewall

TrafficType Port/protocol Usage

SonicWallSecureMobileAccess6200/7200GettingStartedGuide 19

AboutInstallationand

Deployment

Thissectionoutlinestheprocessofinstalling,configuring,and

testingtheappliance,andthendeployingitinaproduction

environment.TheInstallationandDeploymentProcesstable

providesanoverviewofthesteps.

InstallationandDeploymentProcess

InstallationStep Description

Makeanoteofyour

applianceserial

numberand

authenticationcode.

You’llneedthisinformationwhenyou

MySonicWall.Theserialnumberand

authenticationcodeareprintedon

yourappliancelabel;theyarealso

displayedontheGeneralSettings

pageinAMC.

Rack‐mountthe

applianceand

connectthecables.

SeeRackMountingtheApplianceon

page37andConnectingthe

Applianceonpage22.

Turnontheappliance

andbegin

configuration.

Toconnecttoyourapplianceonyour

internalnetworkyoumustspecifyan

internalIPaddressandthesubnet

mask.Usethecontrolsonthefrontof

theappliance.SeeEnteringNetwork

SettingsUsingtheLCDonpage23.

RunSetupWizard. Thewizardguidesyouthroughthe

processofinitialsetupforyourSMA

appliance.SeeRunningtheSetup

Wizardonpage23.

applianceon

MySonicWall.

MySonicWall.Productregistration

givesyouaccesstoessential

resources,suchasyourlicensefile

andupdates.Toregister,youneed

boththeserialnumberforyour

applianceanditsauthentication

code.

InstallationandDeploymentProcess

InstallationStep Description

20 SonicWallSecureMobileAccess6200/7200GettingStartedGuide

This manual suits for next models

Table of contents

Other SonicWALL Security System manuals

SonicWALL

SonicWALL SMA 100 Series User manual

SonicWALL

SonicWALL Pro 1260 User manual

Popular Security System manuals by other brands

Aritech

Aritech TD8403 Programming manual

Panasonic

Panasonic KX-HNB600 Quick setup

VSDIGITAL

VSDIGITAL V5 kingguard user manual

EVS

EVS Synapse U4T100 Installation & configuration manual

SECO-LARM

SECO-LARM ENFORCER SH-532BQ manual

Pandora

Pandora Camper Pro v2 manual

FireAngel

FireAngel Wi-Safe 2 W2-CO-10X Installation and user guide

ACR Electronics

ACR Electronics RLB-33S - REV D Product support manual

Interlogix

Interlogix advisorone Installation sheet

Wheelock

Wheelock MZC-144 installation instructions

SpeedTech Lights

SpeedTech Lights APEX S-AP100 instruction manual

Resolution Products

Resolution Products RE151 GE manual

Cavius

Cavius FLOOD manual

Honeywell

Honeywell VISTA-128BPT Installation and setup guide

Gemini

Gemini GEM-P816 installation instructions

Optex

Optex DXBHUF Assembly instructions

Haibrain

Haibrain PROGUARD 800 Series installation manual

dallmeier

dallmeier Panomera S7 Commissioning

SonicWALL SMA 6200 User manual

Popular Security System manuals by other brands