sonicwall sra 5.0.0.2 virtual appliance release notes

SRA Virtual Appliance 5.0.0.2 Release Notes

P/N 232-001967-00 Rev A

Secure Remote Access SonicWALL SRA Virtual Appliance 5.0.0.2

Contents

Platform Compatibility ................................................................................................................................................... 1 Known Issues ................................................................................................................................................................ 1 Deploying the SRA Virtual Appliance ............................................................................................................................ 2 Related Technical Documentation .............................................................................................................................. 16

Platform Compatibility

The elements of basic VMware structure must be implemented prior to deploying SonicWALL SRA Virtual Appliance 5.0.0.2. The SonicWALL SRA Virtual Appliance runs on the following VMware platforms:

ESXi 4.0 Update 1 (Build 208167 and newer)

ESX 4.0 Update 1 (Build 208167 and newer)

Known Issues

The following are known issues in the SonicWALL SRA 5.0.0.2 release:

Symptom Condition / Workaround Issue

An administrator using SonicWALL GMS to manage the SRA Virtual Appliance cannot login to the Virtual Appliance. SonicWALL GMS and ViewPoint do not generate reports about the SRA Virtual Appliance.

Occurs because the SRA Virtual Appliance does not send its serial number to SonicWALL GMS or ViewPoint with its syslog messages or heartbeats.

99975

Attempting to access a Citrix bookmark causes a blank window to pop up.

Occurs when using Internet Explorer with ActiveX to access a Citrix bookmark for XenApp6 and Citrix 4.5, while Cross Site Request Forgery (CSRF) protection is set to PREVENT. Workaround: Use Firefox, or select the IE option "Always use Java in Internet Explorer", then access the Citrix bookmark.

99556

DNS requests are not handled by the correct DNS server while NetExtender is connected, preventing consistent access to external sites and causing slow response times and inability to use certain applications.

Occurs when NetExtender is used on a Mac running OS X 10.6.x. The SRA SSL-VPN appliance is configured to use one or two DNS servers, with corporate and ISP DNS servers also configured on the network. While NetExtender is running on the Mac, the remote DNS servers are not always used. This may be related to DNS resolution behavior changes in OS X 10.6.x meant to optimize DNS by allowing variable DNS server precedence.

97043


P/N 232-001967-00 Rev A

2

Deploying the SRA Virtual Appliance

The following sections provide information about deploying a SonicWALL SRA Virtual Appliance image on a VMware platform:

Definitions ...................................................................................................................................................................... 2 Introduction .................................................................................................................................................................... 2 Installing SonicWALL SRA Virtual Appliance ................................................................................................................ 3 Powering the Virtual Appliance On or Off ..................................................................................................................... 9 Configuring Interface IP and Route Settings on the Console ....................................................................................... 9 Using the Command Line Interface ............................................................................................................................. 10 Configuring Settings on the Appliance Web Interface................................................................................................. 13 Licensing the SonicWALL SRA Virtual Appliance ....................................................................................................... 14 Important Differences between the SRA Virtual Appliance and SRA 4200/1200 ....................................................... 15

Definitions ESX/ESXi VMware ESX or ESXi is an enterprise-level virtualization product offered by VMware. OVA/OVF The Open Virtualization Format (OVF) is a file format created by VMware and other leaders in the

virtualization field that describes an open, secure, portable, efficient, and flexible format for the packaging and distribution of one or more virtual machines.

vSphere VMware vSphere is VMware's first cloud operating system, able to manage large pools of

virtualized computing infrastructure, including software and hardware. VMware vSphere 4 was originally developed as VMware Infrastructure (VI) 4, then became its own product called vSphere.

VMware VMware, Inc. is a leading provider of virtualization software. An Installation of VMware ESX or

ESXi 4.0 is required to use the SonicWALL SRA Virtual Appliance.

Introduction

The SonicWALL SRA Virtual Appliance is a virtual machine that runs the SonicWALL SRA series software on a VMware platform. Deploying the SonicWALL SRA as a virtual appliance allows leveraging of shared computing resources to optimize utilization, easy migration and reduced capital costs. The SonicWALL SRA Virtual Appliance provides the following benefits:

Cost savings: o Multiple virtual machines can run on a single server, reducing hardware costs, power consumption,

and maintenance costs. o Microsoft Windows Server is not required, eliminating the cost of the Windows license.

Operational ease: o In a virtual environment, it is easy to commission new servers or decommission old ones, or to

bring servers up or down. o Installation is accomplished by importing a file into the virtual environment, with no need to run an

installer.

Security: o SonicWALL SRA Virtual Appliance provides the same hardened operating system that comes with

the SonicWALL SRA 4200 appliance.


P/N 232-001967-00 Rev A

3

Installing the SonicWALL SRA Virtual Appliance

The SonicWALL SRA Virtual Appliance is installed by deploying an OVA file to your ESX/ESXi server. Each OVA file contains all the necessary software components related to SonicWALL SRA software. You can deploy the OVA files multiple times as needed for your environment.

Hardware Resource Requirements

The following hardware resources are required for SonicWALL SRA Virtual Appliance:

RAM – 2 GB

This is the minimum amount of RAM needed by the SonicWALL SRA Virtual Appliance operating system to meet the product performance and capacity specifications. A smaller amount of RAM can be configured, but is not recommended.

CPU – 1

This is the default number of CPUs provisioned in the SonicWALL SRA VirtualAppliance. The minimum required number of CPUs is 1.

Hard disk space – 2 GB

Installing with vSphere

To perform a fresh install of the SonicWALL SRA Virtual Appliance using the vSphere client, perform the following steps:

1. Download the following OVA file from MySonicWALL to a system that is accessible to your ESX/ESXi server:

sw_sslvpnsra-vm_eng_5.0.0.2_5.0.0_p_16sv_366709.signed.ova

Note: Do not rename the OVA file.

2. Launch vSphere and use it to log on to your ESX/ESXi server.


P/N 232-001967-00 Rev A

4

3. In the Home screen, navigate to a view that shows the virtual machines running on your ESX/ESXi server:

4. To begin the import process, click File and select Deploy OVF Template.

5. In the Source screen of the Deploy OVF Template window, select either Deploy from file or Deploy from URL. For Deploy from file, click Browse and then select the OVA file to import. For Deploy from URL, type in the URL of the OVA file. Click Next.


P/N 232-001967-00 Rev A

5

6. In the OVF Template Details screen, verify the information about the selected file. To make a change, click the Source link to return to the Source screen and select a different file. To continue, click Next.

7. In the End User License Agreement screen, read the agreement, click Accept, and then click Next.


P/N 232-001967-00 Rev A

6

8. In the Name and Location screen, enter a descriptive name for the virtual appliance into the Name field, and select the desired location in the Inventory Location field. Click Next.

9. In the Host / Cluster screen, click to select the host or cluster on which to run the SonicWALL SRA Virtual Appliance and then click Next.


P/N 232-001967-00 Rev A

7

10. In the Resource Pool screen, select the resource pool within which to deploy this SonicWALL SRA Virtual Appliance and then click Next.

11. In the Datastore screen, select the datastore on which to store the files for the SonicWALL SRA Virtual Appliance and then click Next.


P/N 232-001967-00 Rev A

8

12. In the Ready to Complete screen, review and verify the displayed information. To begin the deployment with these settings, click Finish. Otherwise, click Back to navigate back through the screens to make a change.

The Deploying dialog box shows the progress.

13. In the Deployment Completed Successfully dialog box, click Close.


P/N 232-001967-00 Rev A

9

The name of the new SonicWALL SRA Virtual Appliance appears in the left pane of the vSphere window.

Powering the Virtual Appliance On or Off

There are multiple ways to power the SonicWALL SRA Virtual Appliance on or off. To power the virtual appliance on (or off), do one of the following:

Right-click the SonicWALL SRA Virtual Appliance in the left pane and navigate to Power > Power On (or Power > Power Off) in the right-click menu.

Select the SonicWALL SRA Virtual Appliance in the left pane and then click Power on the virtual machine (or Shut down the virtual machine) on the Getting Started tab in the right pane.

Select the SonicWALL SRA Virtual Appliance in the left pane and then click Power On (or Shut down guest) on the Summary tab in the right pane.

Configuring Interface IP and Route Settings on the Console

After powering on the SonicWALL SRA Virtual Appliance, perform the following steps to open the console and configure the IP address and default route settings:

1. In vSphere, right-click the SonicWALL SRA Virtual Appliance in the left pane and select Open Console in the right-click menu.


P/N 232-001967-00 Rev A

10

2. When the console window opens, click inside the window, type admin at the sslvpn login: prompt and then press Enter. Your mouse pointer disappears when you click in the console window. To release it, press Ctrl+Alt.

3. Type password at the Password: prompt and then press Enter. The CLI prompt is displayed.

4. Configure the IP Address, Subnet, Gateway, and DNS with appropriate values for your network.

5. Refer to the Using the Command Line Interface section for information about changing the settings.

Using the Command Line Interface

The Command Line Interface (CLI) is a text-only mechanism for interacting with a computer operating system or software by typing commands to perform specific tasks. It is a critical part of the deployment of the SRA Virtual Appliance, where basic networking needs to be configured from the console.

Note: The SonicWALL SRA 5.0 CLI allows configuration of only the X0 interface on the SonicWALL SRA 4200, SRA 1200, or SRA Virtual Appliance.

While the SonicWALL SRA 1200 and 4200 physical appliance products have a default IP address and network configuration that requires a client’s network settings to be reconfigured to connect, the network settings in the VMware virtual environment might conflict with the SonicWALL defaults. The CLI utility remedies this by allowing basic configuration of the network settings when deploying the SonicWALL SRA Virtual Appliance.

After the Virtual Appliance firmware has fully booted, the following login prompt is displayed:

,,,,,,,,,,,,,,,

,,,mmbbbbbb11111111111111111111111bbbbbmm,,,

,,,b||PPPPPPP||''''''''''''''''|PPPPPPPPP111111111111bbm,,

'''''' '''''PPPP111111111bm,

'''PP1111111bm,

'PP111111b,

|111111:

.1111P|.

Copyright (c) 2010 SonicWALL, Inc. ,b1PP|'

,,||'''

SonicWALL SRA 4200

sslvpn login:

To access the CLI, login as “admin”. The password is the same as the password for the “admin” account that is configured on the appliance. The default is password.

sslvpn login: admin

Password: <password>

Note: User input used in the examples highlighted in red indicates text entered by the user. There is no coloring of text done on the real CLI. If the incorrect password is entered, the login prompt is displayed again. If the correct password is entered, the CLI is launched.

Basic system information and network settings are displayed along with the main menu, as in the example below:

System Information

Model: SRA Virtual 4200

Serial Number: 0017C54172D4

Version: SonicOS SSL-VPN 5.0.0.0-8sv

CPU (Utilization): l.8 GHz Via C7 Processor (2%)

Total Memory: 2 GB RAM, 1 GB Flash

System Time: 2010/09/21 13:39:51

Up Time: 0 Days 00:40:51

X0 IP Address: 192.168.200.1

X0 Subnet mask: 255.255.255.0

Default Gateway: 192.168.200.2


P/N 232-001967-00 Rev A

11

Primary DNS: 10.50.128.52

Secondary DNS: n/a

Hostname: sslvpn

Main Menu

1. Setup Wizard

2. Reboot

3. Restart SSL-VPN Services

4. Logout

Press <Ctrl-c> at any time to cancel changes and logout.

Select a number (1-4):

You can press Ctrl-C at any time to log out and exit the CLI, returning to the login prompt.

The main menu has four selections:

1. Setup Wizard – This option launches a simple wizard to change the basic network settings, starting with the X0 IP Address, X0 subnet mask, default gateway, primary and secondary DNS, and the hostname. The following CLI output illustrates an example where each field is changed:

X0 IP Address (default 192.168.200.1): 192.168.200.201

X0 Subnet Mask (default 255.255.255.0): 255.255.0.0

Default Gateway (default 192.168.200.2): 192.168.200.1


Secondary DNS (optional, enter "none" to disable): 4.2.2.2

Hostname (default sslvpn): sra4200

New Network Settings:

X0 IP Address: 192.168.200.201

X0 Subnet mask: 255.255.0.0



Secondary DNS: 4.2.2.2

Hostname: sra4200

Would you like to save these changes (y/n)?

If a field is not filled out, the prior value is retained, allowing you to change only a single field. After each field has been prompted, the new network settings are shown and a confirmation message is given for the user to review and verify the changes before applying them. The following shows the result when you save the changes:

Would you like to save these changes (y/n)? y

Saving changes...please wait....

Changes saved!

Press <Enter> to continue...

After saving the changes, press Enter to return to the original display of the System Information and Network Settings and verify that the changes have taken effect:

System Information

Model: SRA 4200

Serial Number: 0017C54172D4

Version: SonicOS SSL-VPN 5.0.0.0-8sv

CPU (Utilization): l.8 GHz Via C7 Processor (2%)

Total Memory: 2 GB RAM, 1 GB Flash

System Time: 2010/09/21 13:39:51

Up Time: 0 Days 00:40:51

X0 IP Address: 192.168.200.201

X0 Subnet mask: 255.255.0.0



Secondary DNS: 4.2.2.2

Hostname: sra4200

Main Menu

1. Setup Wizard

2. Reboot

3. Restart SSL-VPN Services

4. Logout


P/N 232-001967-00 Rev A

12

Press <Ctrl-c> at any time to cancel changes and logout.

Select a number (1-4):

If no changes are saved, the following message is displayed and pressing Enter returns to the initial display of the System Information and Network Settings:

No changes have been made.

Press <Enter> to continue...

Note: When applying settings that change the IP address, there may be a delay of up to 5 seconds as the interface settings are updated.

2. Reboot – Selecting this option displays a confirmation prompt and then reboots:

Reboot

Are you sure you want to reboot (y/n)?

3. Restart SSL-VPN Services – This option displays a confirmation prompt and then restarts the Web server and the related SSL-VPN daemon services. This command is equivalent to issuing the EasyAccessCtrl restart command.

Restart SSL-VPN Services

Are you sure you want to restart the SSL-VPN services (y/n)? y

Restarting SSL-VPN services...please wait.

Stopping SMM: [ OK ]

Stopping Firebase :[ OK ]

Stopping FTP Session:[ OK ]

Stopping HTTPD: [ OK ]

Cleaning Apache State: [ OK ]

Stopping Graphd :[ OK ]

Cleaning Temporary files........

Starting SMM: [ OK ]

Starting firebase: [ OK ]

Starting httpd: [ OK ]

Starting ftpsession: [ OK ]

Starting graphd: [ OK ]

Restart completed...returning to main menu...

4. Logout – The logout option ends the CLI session and returns to the login prompt.


P/N 232-001967-00 Rev A

13

Configuring Settings on the Appliance Web Interface

After configuring the IP address and default route settings on the SonicWALL SRA Virtual Appliance console, the next steps are to configure the rest of the appliance settings as you would for the SonicWALL SRA 4200 or SRA 1200 appliance.

Perform the following steps to complete host configuration for the virtual appliance:

1. Launch a browser and enter the URL of the virtual appliance as configured in the steps above, such as: http://192.168.200.1

2. On the appliance login page, type in the default credentials and then click Login to log in. The default credentials are: User: admin Password: password

After login, you will see the familiar SRA management interface:

http://192.168.200.1/


P/N 232-001967-00 Rev A

14

Licensing the SonicWALL SRA Virtual Appliance

SonicWALL SRA Virtual Appliance 5.0.0.2 provides for user based licensing. By default, the virtual appliance comes with a 5-user license. Extra licenses can be added in 5, 10, and 25 user denominations, up to a maximum that allows for 50 concurrent user sessions.

Licensing is controlled by SonicWALL’s license manager service, and customers can add licenses through their MySonicWALL accounts. Unregistered units support the default license allotment for their model, but the unit must be registered in order to activate additional licensing from MySonicWALL.

License status is displayed in the SSL VPN management interface, on the Licenses & Registration section of the 'System > Status' page.

If a user attempts to log in to the Virtual Office portal and there are no more available user licenses, the login page will display the error, “No more User Licenses available. Please contact your administrator.” The same error is displayed if a user launches the NetExtender client when all user licenses are in use. These login attempts are logged with a similar message in the log entries, displayed in the 'Log > View' page.

To activate licensing for your virtual appliance, perform the following steps:

1. Login as admin, and navigate to the System > Licenses page.

2. Click the Activate, Upgrade or Renew services link. The MySonicWALL login page is displayed.

3. Type your MySonicWALL account credentials into the fields to login to MySonicWALL. This must be the account to which the virtual appliance is, or will be, registered.

If the serial number is already registered through the MySonicWALL web interface, you will still need to login to get the license information updated on the virtual appliance itself.

4. Type the serial number of the virtual appliance into the Serial Number field. The serial number and authentication code are provided when the software is purchased.

5. Type the authentication code into the Authentication Code field.

6. Type a descriptive name for the virtual appliance into the Friendly Name field, and then click Submit.

7. Click Continue after the registration confirmation is displayed.

8. Optionally upgrade or activate licenses to other services displayed on the System > Licenses page.

9. After activation, view the System > Licenses page to see a cached version of the active licenses.


P/N 232-001967-00 Rev A

15

Important Differences between the SRA Virtual Appliance and SRA 4200/1200

All of the major features of the SonicWALL SRA 4200 and SRA 1200 appliances are supported, including the Virtual Office, NetExtender, Virtual Assist, Virtual Access, Application Offloading, and Web Application Firewall.

Important differences are:

System > Status

The SRA Virtual Appliance by default does not have a serial number. The serial number must be imported.

System > Settings

The SRA Virtual Appliance does not have a ROM image or any of the SafeMode features found on the SRA 4200/1200. The System > Settings page therefore has no Firmware Management section. Currently, the SRA Virtual Appliance does not support any upgrade mechanism other than to deploy a new version of the SRA Virtual Appliance OVA file via vSphere. The export/import of settings paths works as expected, and the importing of settings from SRA 4200/1200 appliances into the SRA Virtual Appliance is supported.


P/N 232-001967-00 Rev A

16

Related Technical Documentation

Related technical documentation is available on the SonicWALL Technical Documentation Online Library, located at:

http://www.sonicwall.com/us/Support.html

Information about SonicWALL SRA SSL VPN can be found in the many reference guides available on the Web site, including the following:

SSL VPN 5.0 Administrator’s Guide

SSL VPN 5.0 User’s Guide

SSL VPN 5.0 NetExtender Feature Module

SSL VPN 5.0 Citrix Access Feature Module

SSL VPN 5.0 Web Application Firewall Feature Module

SSL VPN 5.0 Application Offloading and HTTP(S) Bookmarks Feature Module Last updated: 3/25/2011

http://www.sonicwall.com/us/Support.html

sonicwall sra 5.0.0.2 virtual appliance release notes

Documents