SonicWALL SRA Virtual Appliance Getting Started

COMPREHENSIVE INTERNET SECURITY
SonicWALL Secure Remote Access Appliances
SonicWALL
SRA Virtual Appliance
Getting Started Guide
SonicWALL SRA Virtual Appliance5.0
Getting Started Guide
This Getting Started Guide contains installation procedures and configuration guidelines
for deploying the SonicWALL SRA Virtual Appliance on a server on your network. The
SonicWALL SRA Virtual Appliance includes a software appliance, which has been preinstalled and pre-configured for VMware environments, and allows for the secure and
easy deployment of SonicWALL SRA solution within a virtual environment.
The SonicWALL SRA Virtual Appliance provides the following benefits:
• Scalability and Redundancy:
• Multiple virtual machines can be deployed as a single system, enabling
specialization, scalability, and redundancy.
• Operational Ease:
• Users can virtualize their entire environment and deploy multiple machines
within a single server or across multiple servers.
• Product Versatility:
• SonicWALL SRA Virtual Applianceis compatible with other SonicWALL
platforms (Windows/Linux) as a stand-alone (All-In-One), control center, or
remote analyzer.
• Security:
• SonicWALL SRA Virtual Appliance provides an optimized, non-tamperable
software and hardware architecture.
Note: For more SonicWALL SRA Virtual Appliance information, refer to the
SonicWALL SSL-VPN 5.0 Administrator’s Guide. This and other
documentation are available at:
http://www.sonicwall.com/us/Support.html
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 1
Contents
This document contains the following sections:
1
“Before You Begin” on page 3
•
•
•
2
“Installing SonicWALL SRA Virtual Appliance” on page 5
•
“Installing the vSphere Client” on page 6
3
“Performing Basic Tasks and Configuration” on page 16
• “Powering the Virtual Appliance On or Off” on page 17
• “Configuring Interface IP and Route Settings on the Console” on page 17
• “Using the Command Line Interface” on page 19
• “Configuring Settings on the Appliance Web Interface” on page 23
4
“Registration Process” on page 24
•
•
5
Page 2
“Supported Platforms” on page 3
“Hardware Resource Requirements” on page 3
“Files for Installation” on page 4
“Creating a MySonicWALL Account” on page 24
“Registering Your SonicWALL SRA Virtual Appliance” on page 25
“Related Documentation” on page 26
1
Before You Begin
This section contains the following subsections:
• “Supported Platforms” on page 3
• “Hardware Resource Requirements” on page 3
• “Files for Installation” on page 4
Supported Platforms
The elements of basic VMware structure must be implemented prior to deploying the
SonicWALL SRA Virtual Appliance. The following VMware platforms are supported:
• ESXi 4.0 Update 1 (Build 208167 and newer)
• ESX 4.0 Update 1 (Build 208167 and newer)
You can use the following client applications to import the image and configure the virtual
settings:
• VMware vSphere – Provides infrastructure and application services in a
graphical user interface for ESX/ESXi, included with ESX/ESXi. Provides Thick
provisioning when deploying SonicWALL SRA Virtual Appliance.
Hardware Resource Requirements
The following hardware resources are the minimum requirements for the
SonicWALL SRA Virtual Appliance:
• 2 GB RAM
This is the minimum amount of RAM needed by the
SonicWALL SRA Virtual Appliance operating system to meet the product
performance and capacity specifications. A smaller amount of RAM can be
configured, but is not recommended.
• 1 CPU
This is the default number of CPUs provisioned in the
SonicWALL SRA Virtual Appliance. The minimum required number of CPUs is 1.
• 2 GB Hard Disk space
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 3
Files for Installation
You will use different files for a fresh installation than when updating to a newer version.
New Deployment Files
SonicWALL SRA Virtual Appliance is available for download from <http://
www.mysonicwall.com>. For a fresh install, the Open Virtual Appliance (OVA) file with
the following file name format is available for import and deployment to your ESX/ESXi
server:
• sw_sslvpnsra-vm_eng_5.0.0.2_5.0.0_p_16sv_366709.signed.ova
Note: Do not rename the OVA file.
Page 4
2
Installing SonicWALL SRA Virtual Appliance
SonicWALL SRA Virtual Appliance is installed by deploying an OVA file to your
ESX/ESXi server. Each OVA file contains all software components related to
SonicWALL SRA Virtual Appliance.
You can deploy the OVA files as needed for your SonicWALL SRA Virtual Appliance
environment. SonicWALL SRA Virtual Appliance can be configured for a single server or
in a distributed environment on multiple servers.
You can deploy an OVA file by using the vSphere client, which comes with ESX/ESXi.
For vSphere, point a browser to your ESX/ESXi server, and click on Download vSphere
Client.
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 5
Installing the vSphere Client
To perform a fresh install of the SonicWALL SRA Virtual Appliance using the vSphere
client, perform the following steps:
1. Download the sw_sslvpnsra-vm_eng_5.0.0.2_5.0.0_p_16sv_366709.signed.ova file
from MySonicWALL to a system that is accessible to your ESX/ESXi server.
Note: Do not rename the OVA file.
2. Launch vSphere and use it to log on to your ESX/ESXi server.
3. From the Home screen, click the Inventory icon to display the virtual appliances
running on your ESX/ESXi server.
Page 6
4. To begin the import process, click File and select Deploy OVF Template.
5. In the Source screen of the Deploy OVF Template window, select either Deploy
from file or Deploy from URL. For Deploy from file, click Browse and then select
the OVA file to import. For Deploy from URL, type in the URL of the OVA file. Click
Next.
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 7
6. In the OVF Template Details screen, verify the information about the selected file. To
make a change, click the Source link to return to the Source screen, and select a
different file. To continue, click Next.
Page 8
7. In the End User License Agreement screen, read the agreement, click Accept, and
then click Next.
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 9
8. In the Name and Location screen, enter a description name for the virtual appliance
in the Name field. Select the desired location in the Inventory Location field. Click
Next.
Page 10
9. In the Host / Cluster screen, click to select the host or cluster on which to run the
SonicWALL SRA Virtual Appliance, and then click Next.
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 11
10. In the Resource Pool screen, select the resource pool within which to deploy this
SonicWall SRA Virtual Appliance, and then click Next.
Page 12
11. In the Datastore screen, select the datastore on which to store the files for the
SonicWALL SRA Virtual Appliance, and then click Next.
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 13
12. In the Ready to Complete screen, review and verify the displayed information. To
begin the deployment with these settings, click Finish. Otherwise, click Back to
navigate back through the screens to make a change.
The Deploying dialog box shows the progress.
Page 14
13. In the Deployment Completed Successfully dialog box, click Close.
The name of the new SonicWALL SRA Virtual Appliance appears in the left pane of
the vSphere window.
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 15
3
Performing Basic Tasks and Configuration
This section describes how to power on and configure basic settings on the
SonicWALL SRA Virtual Appliance, including virtual hardware settings and networking
settings.
The following tasks are required to configure your SonicWALL SRA Virtual Appliance
before registering it:
1. Power on the virtual appliance.
See “Powering the Virtual Appliance On or Off” on page 17.
2. Open the virtual appliance console and configure the following host settings:
• IP address
• Default route
See “Configuring Interface IP and Route Settings on the Console” on page 17.
3. Log in to the appliance system interface and configure the following:
• Host name
• Network settings
• Time settings
See “Configuring Settings on the Appliance Web Interface” on page 23.
Page 16
Powering the Virtual Appliance On or Off
There are multiple ways to power the SonicWALL SRA Virtual Appliance on or off.
To power the virtual appliance on (or off):
1. Do one of the following:
• Right-click the SonicWALL SRA Virtual Appliance in the left pane and navigate
to Power > Power On (or Power > Power Off) in the right-click menu.
• Select the SonicWALL SRA Virtual Appliance in the left pane and then click
Power on the virtual machine (or Shut down the virtual machine) on the
Getting Started tab in the right pane.
• Select the SonicWALL SRA Virtual Appliance in the left pane and then click
Power On (or Shut down guest) on the Summary tab in the right pane.
Configuring Interface IP and Route Settings on the Console
After powering on the SonicWALL SRA Virtual Appliance, perform the following steps to
open the console and configure the IP address and default route settings:
1. In vSphere, right-click the SonicWALL SRA Virtual Appliance in the left pane and
select Open Console in the right-click menu.
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 17
2. When the console window opens, click inside the window, type admin at the Login:
prompt and press Enter, and then type password at the Password: prompt and
press Enter. The SNWLCLI> prompt is displayed.
Note: The mouse pointer disappears when you click in the console window. To release
it, press Ctrl+Alt.
3. Configure the local IP address for the virtual appliance with the command:
interface eth0 <IP Address> <Subnet Mask>
4. Configure the DNS with the command:
dns --nameserver <DNS IP>
5. Configure the default route for the virtual appliance with the command:
route --add default --destination <gateway IP>
You can test connectivity by pinging another server or your main gateway, for
example:
ping <gateway IP>
Press Ctrl+c to stop pinging.
6. Type exit to exit the CLI. Close the console window by clicking the X.
Note: Refer to the Using the Command Line Interface section, on page 19 for more
information about changing the settings.
Page 18
Using the Command Line Interface
The Command Line Interface (CLI) is a text-only mechanism for interacting with a
computer operating system or software by typing commands to perform specific tasks. It
is a critical part of the deployment of the SRA Virtual Appliance, where basic networking
needs to be configured from the console.
While the SonicWALL SRA 1200 and 4200 physical appliance products have a default IP
address and network configuration that requires a client’s network settings to be
reconfigured to connect, the network settings in the VMware virtual environment might
conflict with the SonicWALL defaults. The CLI utility remedies this by allowing basic
configuration of the network settings when deploying the SonicWALL SRA Virtual
Appliance.
After the Virtual Appliance firmware has fully booted, the following login prompt is
displayed:
To access the CLI, login as admin. The password is the same as the password for the
“admin” account configured on the appliance. The default is password.
Note: User input used in the examples highlighted in red indicates text entered by the
user; there is no coloring of text done on the actual CLI.
If the incorrect password is entered, the login prompt is displayed again. If the correct
password is entered, the CLI is launched.
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 19
Basic system information and network settings are displayed along with the main menu,
as shown in the example below:
Note: You can press Ctrl-C at any time to log out and exit the CLI, returning to the
Login prompt.
The Main Menu has four selections:
1. Setup Wizard
This option launches a simple wizard to change the basic network settings, starting
with the X0 IP Address, X0 subnet mask, default gateway, primary and secondary
DNS, and the hostname. The following CLI output illustrates an example where each
field is changed:
Page 20
If a field is not filled out, the prior value is retained, allowing you to change only a
single field. After each field has been prompted, the new network settings are shown
and a confirmation message is given for the user to review and verify the changes
before applying them. The following shows the result when you save the changes:
After saving the changes, press Enter to return to the original display of the System
Information and Network Settings. Verify that the changes have taken effect:
If no changes are saved, a message displays. Pressing Enter returns to the initial
display of the System Information and Network settings.
Note: When applying settings that change the IP address, there may be a delay of up
to 5 seconds as the interface settings are updated.
2. Reboot
Selecting this option displays a confirmation prompt, and then reboots:
3. Restart SSL-VPN Services
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 21
This option is a confirmation prompt, and then restarts the Web server and the
related SSL-VPN daemon services. This command is equivalent to issuing the Easy
AccessCtrl restart command.
4. Logout
The logout option ends the CLI session and returns to the login prompt.
Note: The X0 interface is the only interface configurable through the CLI. Currently,
configuring any other interfaces using the CLI on SonicWALL SRA 4200/
SRA 1200/ SRA VM is not supported.
Page 22
Configuring Settings on the Appliance Web Interface
After configuring the IP address and default route settings on the
SonicWALL SRA Virtual Appliance console, the next steps are to configure the rest of the
appliance settings as you would for the SonicWALL SRA 4200 or SRA 1200 appliance.
Perform the following steps to complete host configuration for the virtual appliance:
1. Launch a browser and enter the URL of the virtual appliance.
2. On the appliance interface login page, type in the default credentials and then click
Login.
The default credentials are:
User – admin
Password – password
After login, you will see the SRA management interface:
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 23
4
Registration Process
The SonicWALL SRA Virtual Appliance must be registered before use.
This section contains the following subsections:
• “Creating a MySonicWALL Account” on page 24
• “Registering Your SonicWALL SRA Virtual Appliance” on page 25
Creating a MySonicWALL Account
A MySonicWALL account is required for product registration. If you already have an
account, continue to the Registering Your SonicWALL SRA Virtual Appliance section.
Perform the following steps to create a MySonicWALL account:
1. In your browser, navigate to http://www.mysonicwall.com.
2. In the login screen, click the Not a registered user? link.
3. Complete the Registration form, then click Register.
4. Verify that the information is correct and click Submit.
5. In the screen confirming that your account was created, click Continue.
Note: MySonicWALL registration information is not sold or shared with any other
company.
Page 24
Registering Your SonicWALL SRA Virtual Appliance
You must register your SonicWALL SRA Virtual Appliance before first use. Registration is
performed using the appliance management interface. When registration is completed,
SonicWALL SRA Virtual Appliance will be licensed on your virtual appliance.
SonicWALL SRA SSL VPN Virtual Appliance 5.0 provides for user based licensing. By
default, the virtual appliance comes with a 5-user license. Extra licenses can be added in
5, 10, and 25 user denominations, up to a maximum that allows for 50 concurrent user
sessions.
Licensing is controlled by SonicWALL’s license manager service, and customers can add
licenses through their MySonicWALL accounts. Unregistered units support the default
license allotment for their model, but the unit must be registered in order to activate
additional licensing from MySonicWALL.
License status is displayed in the SSL VPN management interface, on the Licenses &
Registration section of the 'System > Status' page.
If a user attempts to log in to the Virtual Office portal and there are no more available
user licenses, the login page will display the error, “No more User Licenses available.
Please contact your administrator.” The same error is displayed if a user launches the
NetExtender client when all user licenses are in use. These login attempts are logged
with a similar message in the log entries, displayed in the 'Log > View' page.
To register your SonicWALL SRA Virtual Appliance, perform the following steps:
1. Log in to your SonicWALL Email Security Virtual Appliance. The System > License
Management page displays.
2. Enter your mySonicWALL.com account Username and Password in the appropriate
fields. Click Submit.
3. The Administration section displays. Enter the Serial Number, Authentication
Code, and Friendly Name for your SonicWALL appliance. Click Submit to finish the
registration process.
4. You have successfully registered your SonicWALL SSL-VPN Virtual Appliance. Click
Continue to view the Manage Licenses screen or continue configuring other settings
within the appliance.
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 25
5
Related Documentation
The SonicWALL SRA Virtual Appliance 5.0 documentation set includes the following
user guides:
• SonicWALL SSL VPN 5.0 Administrator’s Guide
• SonicWALL SSL VPN 5.0 User’s Guide
• SonicWALL SSL VPN 5.0 NetExtender Feature Module
• SonicWALL SSL VPN 5.0 Citrix Access Feature Module
• SonicWALL SSL VPN 5.0 Web Application Firewall Feature Module
• SonicWALL SSL VPN 5.0 Application Offloading and HTTP(S) Bookmarks Feature
Module
• SonicWALL SSL VPN 5.0 Release Notes
For basic and advanced deployment examples, refer to the available user guides,
feature modules, and deployment technotes.
Page 26
SonicWALL Live Product Demos
Get the most out of your SonicWALL SRA Virtual Appliance with the complete line of
SonicWALL products. The SonicWALL Live Demo Site provides free test drives of
SonicWALL security products and services through interactive live product installations:
•
•
•
•
•
•
•
•
Unified Threat Management Platform
Secure Cellular Wireless
Continuous Data Protection
SSL VPN Secure Remote Access
Content Filtering
Secure Wireless Solutions
Email Security
GMS and ViewPoint
For further information, visit:
<http://livedemo.sonicwall.com/>
SonicWALL SRA Virtual Appliance 5.0 Getting Started Guide
Page 27
Notes
Page 28
SonicWALL, Inc.
2001 Logic Drive
T +1 408.745.9600
San Jose, CA 95124-3452
F +1 408.745.9300
www.sonicwall.com
PN: 232-001968-00
Rev A 3/11
©2011 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/o r registered trademarks of their respective companies.
Specifications and descriptions subject to change without notice.
Download PDF