COMPREHENSIVE INTERNET SECURITY SonicWALL Secure Remote Access Appliances SonicWALL SRA Virtual Appliance Getting Started Guide SonicWALL SRA Virtual Appliance5.0 Getting Started Guide This Getting Started Guide contains installation procedures and configuration guidelines for deploying the SonicWALL SRA Virtual Appliance on a server on your network. The SonicWALL SRA Virtual Appliance includes a software appliance, which has been preinstalled and pre-configured for VMware environments, and allows for the secure and easy deployment of SonicWALL SRA solution within a virtual environment. The SonicWALL SRA Virtual Appliance provides the following benefits: • Scalability and Redundancy: • Multiple virtual machines can be deployed as a single system, enabling specialization, scalability, and redundancy. • Operational Ease: • Users can virtualize their entire environment and deploy multiple machines within a single server or across multiple servers. • Product Versatility: • SonicWALL SRA Virtual Applianceis compatible with other SonicWALL platforms (Windows/Linux) as a stand-alone (All-In-One), control center, or remote analyzer. • Security: • SonicWALL SRA Virtual Appliance provides an optimized, non-tamperable software and hardware architecture. Note: For more SonicWALL SRA Virtual Appliance information, refer to the SonicWALL SSL-VPN 5.0 Administrator’s Guide. This and other documentation are available at: http://www.sonicwall.com/us/Support.html SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 1 Contents This document contains the following sections: 1 “Before You Begin” on page 3 • • • 2 “Installing SonicWALL SRA Virtual Appliance” on page 5 • “Installing the vSphere Client” on page 6 3 “Performing Basic Tasks and Configuration” on page 16 • “Powering the Virtual Appliance On or Off” on page 17 • “Configuring Interface IP and Route Settings on the Console” on page 17 • “Using the Command Line Interface” on page 19 • “Configuring Settings on the Appliance Web Interface” on page 23 4 “Registration Process” on page 24 • • 5 Page 2 “Supported Platforms” on page 3 “Hardware Resource Requirements” on page 3 “Files for Installation” on page 4 “Creating a MySonicWALL Account” on page 24 “Registering Your SonicWALL SRA Virtual Appliance” on page 25 “Related Documentation” on page 26 1 Before You Begin This section contains the following subsections: • “Supported Platforms” on page 3 • “Hardware Resource Requirements” on page 3 • “Files for Installation” on page 4 Supported Platforms The elements of basic VMware structure must be implemented prior to deploying the SonicWALL SRA Virtual Appliance. The following VMware platforms are supported: • ESXi 4.0 Update 1 (Build 208167 and newer) • ESX 4.0 Update 1 (Build 208167 and newer) You can use the following client applications to import the image and configure the virtual settings: • VMware vSphere – Provides infrastructure and application services in a graphical user interface for ESX/ESXi, included with ESX/ESXi. Provides Thick provisioning when deploying SonicWALL SRA Virtual Appliance. Hardware Resource Requirements The following hardware resources are the minimum requirements for the SonicWALL SRA Virtual Appliance: • 2 GB RAM This is the minimum amount of RAM needed by the SonicWALL SRA Virtual Appliance operating system to meet the product performance and capacity specifications. A smaller amount of RAM can be configured, but is not recommended. • 1 CPU This is the default number of CPUs provisioned in the SonicWALL SRA Virtual Appliance. The minimum required number of CPUs is 1. • 2 GB Hard Disk space SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 3 Files for Installation You will use different files for a fresh installation than when updating to a newer version. New Deployment Files SonicWALL SRA Virtual Appliance is available for download from <http:// www.mysonicwall.com>. For a fresh install, the Open Virtual Appliance (OVA) file with the following file name format is available for import and deployment to your ESX/ESXi server: • sw_sslvpnsra-vm_eng_18.104.22.168_5.0.0_p_16sv_366709.signed.ova Note: Do not rename the OVA file. Page 4 2 Installing SonicWALL SRA Virtual Appliance SonicWALL SRA Virtual Appliance is installed by deploying an OVA file to your ESX/ESXi server. Each OVA file contains all software components related to SonicWALL SRA Virtual Appliance. You can deploy the OVA files as needed for your SonicWALL SRA Virtual Appliance environment. SonicWALL SRA Virtual Appliance can be configured for a single server or in a distributed environment on multiple servers. You can deploy an OVA file by using the vSphere client, which comes with ESX/ESXi. For vSphere, point a browser to your ESX/ESXi server, and click on Download vSphere Client. SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 5 Installing the vSphere Client To perform a fresh install of the SonicWALL SRA Virtual Appliance using the vSphere client, perform the following steps: 1. Download the sw_sslvpnsra-vm_eng_22.214.171.124_5.0.0_p_16sv_366709.signed.ova file from MySonicWALL to a system that is accessible to your ESX/ESXi server. Note: Do not rename the OVA file. 2. Launch vSphere and use it to log on to your ESX/ESXi server. 3. From the Home screen, click the Inventory icon to display the virtual appliances running on your ESX/ESXi server. Page 6 4. To begin the import process, click File and select Deploy OVF Template. 5. In the Source screen of the Deploy OVF Template window, select either Deploy from file or Deploy from URL. For Deploy from file, click Browse and then select the OVA file to import. For Deploy from URL, type in the URL of the OVA file. Click Next. SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 7 6. In the OVF Template Details screen, verify the information about the selected file. To make a change, click the Source link to return to the Source screen, and select a different file. To continue, click Next. Page 8 7. In the End User License Agreement screen, read the agreement, click Accept, and then click Next. SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 9 8. In the Name and Location screen, enter a description name for the virtual appliance in the Name field. Select the desired location in the Inventory Location field. Click Next. Page 10 9. In the Host / Cluster screen, click to select the host or cluster on which to run the SonicWALL SRA Virtual Appliance, and then click Next. SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 11 10. In the Resource Pool screen, select the resource pool within which to deploy this SonicWall SRA Virtual Appliance, and then click Next. Page 12 11. In the Datastore screen, select the datastore on which to store the files for the SonicWALL SRA Virtual Appliance, and then click Next. SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 13 12. In the Ready to Complete screen, review and verify the displayed information. To begin the deployment with these settings, click Finish. Otherwise, click Back to navigate back through the screens to make a change. The Deploying dialog box shows the progress. Page 14 13. In the Deployment Completed Successfully dialog box, click Close. The name of the new SonicWALL SRA Virtual Appliance appears in the left pane of the vSphere window. SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 15 3 Performing Basic Tasks and Configuration This section describes how to power on and configure basic settings on the SonicWALL SRA Virtual Appliance, including virtual hardware settings and networking settings. The following tasks are required to configure your SonicWALL SRA Virtual Appliance before registering it: 1. Power on the virtual appliance. See “Powering the Virtual Appliance On or Off” on page 17. 2. Open the virtual appliance console and configure the following host settings: • IP address • Default route See “Configuring Interface IP and Route Settings on the Console” on page 17. 3. Log in to the appliance system interface and configure the following: • Host name • Network settings • Time settings See “Configuring Settings on the Appliance Web Interface” on page 23. Page 16 Powering the Virtual Appliance On or Off There are multiple ways to power the SonicWALL SRA Virtual Appliance on or off. To power the virtual appliance on (or off): 1. Do one of the following: • Right-click the SonicWALL SRA Virtual Appliance in the left pane and navigate to Power > Power On (or Power > Power Off) in the right-click menu. • Select the SonicWALL SRA Virtual Appliance in the left pane and then click Power on the virtual machine (or Shut down the virtual machine) on the Getting Started tab in the right pane. • Select the SonicWALL SRA Virtual Appliance in the left pane and then click Power On (or Shut down guest) on the Summary tab in the right pane. Configuring Interface IP and Route Settings on the Console After powering on the SonicWALL SRA Virtual Appliance, perform the following steps to open the console and configure the IP address and default route settings: 1. In vSphere, right-click the SonicWALL SRA Virtual Appliance in the left pane and select Open Console in the right-click menu. SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 17 2. When the console window opens, click inside the window, type admin at the Login: prompt and press Enter, and then type password at the Password: prompt and press Enter. The SNWLCLI> prompt is displayed. Note: The mouse pointer disappears when you click in the console window. To release it, press Ctrl+Alt. 3. Configure the local IP address for the virtual appliance with the command: interface eth0 <IP Address> <Subnet Mask> 4. Configure the DNS with the command: dns --nameserver <DNS IP> 5. Configure the default route for the virtual appliance with the command: route --add default --destination <gateway IP> You can test connectivity by pinging another server or your main gateway, for example: ping <gateway IP> Press Ctrl+c to stop pinging. 6. Type exit to exit the CLI. Close the console window by clicking the X. Note: Refer to the Using the Command Line Interface section, on page 19 for more information about changing the settings. Page 18 Using the Command Line Interface The Command Line Interface (CLI) is a text-only mechanism for interacting with a computer operating system or software by typing commands to perform specific tasks. It is a critical part of the deployment of the SRA Virtual Appliance, where basic networking needs to be configured from the console. While the SonicWALL SRA 1200 and 4200 physical appliance products have a default IP address and network configuration that requires a client’s network settings to be reconfigured to connect, the network settings in the VMware virtual environment might conflict with the SonicWALL defaults. The CLI utility remedies this by allowing basic configuration of the network settings when deploying the SonicWALL SRA Virtual Appliance. After the Virtual Appliance firmware has fully booted, the following login prompt is displayed: To access the CLI, login as admin. The password is the same as the password for the “admin” account configured on the appliance. The default is password. Note: User input used in the examples highlighted in red indicates text entered by the user; there is no coloring of text done on the actual CLI. If the incorrect password is entered, the login prompt is displayed again. If the correct password is entered, the CLI is launched. SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 19 Basic system information and network settings are displayed along with the main menu, as shown in the example below: Note: You can press Ctrl-C at any time to log out and exit the CLI, returning to the Login prompt. The Main Menu has four selections: 1. Setup Wizard This option launches a simple wizard to change the basic network settings, starting with the X0 IP Address, X0 subnet mask, default gateway, primary and secondary DNS, and the hostname. The following CLI output illustrates an example where each field is changed: Page 20 If a field is not filled out, the prior value is retained, allowing you to change only a single field. After each field has been prompted, the new network settings are shown and a confirmation message is given for the user to review and verify the changes before applying them. The following shows the result when you save the changes: After saving the changes, press Enter to return to the original display of the System Information and Network Settings. Verify that the changes have taken effect: If no changes are saved, a message displays. Pressing Enter returns to the initial display of the System Information and Network settings. Note: When applying settings that change the IP address, there may be a delay of up to 5 seconds as the interface settings are updated. 2. Reboot Selecting this option displays a confirmation prompt, and then reboots: 3. Restart SSL-VPN Services SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 21 This option is a confirmation prompt, and then restarts the Web server and the related SSL-VPN daemon services. This command is equivalent to issuing the Easy AccessCtrl restart command. 4. Logout The logout option ends the CLI session and returns to the login prompt. Note: The X0 interface is the only interface configurable through the CLI. Currently, configuring any other interfaces using the CLI on SonicWALL SRA 4200/ SRA 1200/ SRA VM is not supported. Page 22 Configuring Settings on the Appliance Web Interface After configuring the IP address and default route settings on the SonicWALL SRA Virtual Appliance console, the next steps are to configure the rest of the appliance settings as you would for the SonicWALL SRA 4200 or SRA 1200 appliance. Perform the following steps to complete host configuration for the virtual appliance: 1. Launch a browser and enter the URL of the virtual appliance. 2. On the appliance interface login page, type in the default credentials and then click Login. The default credentials are: User – admin Password – password After login, you will see the SRA management interface: SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 23 4 Registration Process The SonicWALL SRA Virtual Appliance must be registered before use. This section contains the following subsections: • “Creating a MySonicWALL Account” on page 24 • “Registering Your SonicWALL SRA Virtual Appliance” on page 25 Creating a MySonicWALL Account A MySonicWALL account is required for product registration. If you already have an account, continue to the Registering Your SonicWALL SRA Virtual Appliance section. Perform the following steps to create a MySonicWALL account: 1. In your browser, navigate to http://www.mysonicwall.com. 2. In the login screen, click the Not a registered user? link. 3. Complete the Registration form, then click Register. 4. Verify that the information is correct and click Submit. 5. In the screen confirming that your account was created, click Continue. Note: MySonicWALL registration information is not sold or shared with any other company. Page 24 Registering Your SonicWALL SRA Virtual Appliance You must register your SonicWALL SRA Virtual Appliance before first use. Registration is performed using the appliance management interface. When registration is completed, SonicWALL SRA Virtual Appliance will be licensed on your virtual appliance. SonicWALL SRA SSL VPN Virtual Appliance 5.0 provides for user based licensing. By default, the virtual appliance comes with a 5-user license. Extra licenses can be added in 5, 10, and 25 user denominations, up to a maximum that allows for 50 concurrent user sessions. Licensing is controlled by SonicWALL’s license manager service, and customers can add licenses through their MySonicWALL accounts. Unregistered units support the default license allotment for their model, but the unit must be registered in order to activate additional licensing from MySonicWALL. License status is displayed in the SSL VPN management interface, on the Licenses & Registration section of the 'System > Status' page. If a user attempts to log in to the Virtual Office portal and there are no more available user licenses, the login page will display the error, “No more User Licenses available. Please contact your administrator.” The same error is displayed if a user launches the NetExtender client when all user licenses are in use. These login attempts are logged with a similar message in the log entries, displayed in the 'Log > View' page. To register your SonicWALL SRA Virtual Appliance, perform the following steps: 1. Log in to your SonicWALL Email Security Virtual Appliance. The System > License Management page displays. 2. Enter your mySonicWALL.com account Username and Password in the appropriate fields. Click Submit. 3. The Administration section displays. Enter the Serial Number, Authentication Code, and Friendly Name for your SonicWALL appliance. Click Submit to finish the registration process. 4. You have successfully registered your SonicWALL SSL-VPN Virtual Appliance. Click Continue to view the Manage Licenses screen or continue configuring other settings within the appliance. SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 25 5 Related Documentation The SonicWALL SRA Virtual Appliance 5.0 documentation set includes the following user guides: • SonicWALL SSL VPN 5.0 Administrator’s Guide • SonicWALL SSL VPN 5.0 User’s Guide • SonicWALL SSL VPN 5.0 NetExtender Feature Module • SonicWALL SSL VPN 5.0 Citrix Access Feature Module • SonicWALL SSL VPN 5.0 Web Application Firewall Feature Module • SonicWALL SSL VPN 5.0 Application Offloading and HTTP(S) Bookmarks Feature Module • SonicWALL SSL VPN 5.0 Release Notes For basic and advanced deployment examples, refer to the available user guides, feature modules, and deployment technotes. Page 26 SonicWALL Live Product Demos Get the most out of your SonicWALL SRA Virtual Appliance with the complete line of SonicWALL products. The SonicWALL Live Demo Site provides free test drives of SonicWALL security products and services through interactive live product installations: • • • • • • • • Unified Threat Management Platform Secure Cellular Wireless Continuous Data Protection SSL VPN Secure Remote Access Content Filtering Secure Wireless Solutions Email Security GMS and ViewPoint For further information, visit: <http://livedemo.sonicwall.com/> SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide Page 27 Notes Page 28 SonicWALL, Inc. 2001 Logic Drive T +1 408.745.9600 San Jose, CA 95124-3452 F +1 408.745.9300 www.sonicwall.com PN: 232-001968-00 Rev A 3/11 ©2011 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/o r registered trademarks of their respective companies. Speciﬁcations and descriptions subject to change without notice.