COMPREHENSIVE INTERNET SECURITY ™ SonicWALL b Content Security Manager Series SonicWALL CSM 2200 Getting Started Guide
SonicWALL Content Security Manager 2200 Getting Started Guide Thank you for purchasing a SonicWALL Content Security Manager (CSM) series appliance. The SonicWALL CSM is an Internet content and application filter that enhances security and employee productivity, optimizes network bandwidth and mitigates legal liabilities.
Before You Begin This section contains the following subsections: • “Check Package Contents” on page 3 • “What You Need to Provide” on page 4 • “Important Information You Need” on page 4 • “SonicWALL CSM 2200 Front and Back Panels Overview” on page 5 Page 2
Check Package Contents 1. 2. 3. 4. 5. 6. 7. 8. 9. One SonicWALL SonicWALL CSM appliance One SonicWALL CSM Getting Started Guide One SonicOS Release Note One Thank You card One straight-through Ethernet cable One red crossover Ethernet cable One power cord* One SonicWALL CSM Resource CD Rack mounting hardware *The power cord is for North America use only. * Das eingeschlossene Netzkabel ist für Gebrauch in Nordamerikas nur vorgehabt.
What You Need to Provide • • • A firewall or security appliance protecting your LAN PC or Macintosh computer to act as an out-of-band management station for initial configuration of the SonicWALL CSM Web browser for accessing the SonicWALL CSM’s Web-based management interface. The Web browser must support Java and HTTP uploads. Internet Explorer 5.0 or higher or Netscape Navigator 4.7 or higher are recommended.
SonicWALL CSM 2200 Front and Back Panels Overview Power Test Alarm X0 X1 X2 X3/HF-Port Console LED LED LED Port Port Port Front Panel Feature Power On/Off Switch Description Console Provides access to command-line interface. Power LED Indicates the SonicWALL CSM appliance is powered on. Test LED Indicates the SonicWALL CSM appliance is in test mode. Alarm LED Indicates a critical error or failure. X0 Port Provides a connection to your LAN.
Configuring Your SonicWALL CSM Configuring your SonicWALL CSM comprises the following steps: 1 “Applying Power to the SonicWALL CSM” on page 6 2 “Accessing the SonicWALL Management Interface” on page 7 3 “Configuring Your SonicWALL CSM Using the Setup Wizard” on page 9 4 “Connecting the SonicWALL CSM to Your Network” on page 14 5 “Registering Your SonicWALL CSM” on page 17 6 “Understanding the *Default Policy” on page 21 7 “Verifying the *Default Policy” on page 23 8 “Integrating the SonicWAL
2 Accessing the SonicWALL Management Interface To access the Web-based management interface of the SonicWALL CSM, configure your out-of-band management station (the computer you are using to manage the SonicWALL CSM) with the following static TCP/IP address properties: • IP address: Use an available IP address on the 192.168.168.0/24 subnet. For example, 192.168.168.20. • Subnet mask: 255.255.255.0 • DNS settings: You do not need to configure the default gateway or DNS settings.
3. Enter http://192.168.168.168 in the Location or Address field and press Enter on your keyboard. Note: For additional security, you may also access the appliance using HTTPS. 4. In the SonicWALL CSM authentication page, enter admin in the Name field and password in the Password field and click Login. The Setup Wizard page is displayed. 5.
3 Configuring Your SonicWALL CSM Using the Setup Wizard The SonicWALL CSM Setup Wizard page automatically displays after the CSM is properly powered on and configured for and connected to your management station. The Setup Wizard allows you to configure the following components: • Password • Time zone • Network setup To configure your SonicWALL CSM using the Setup Wizard, perform the following steps: 1. The SonicWALL Setup Wizard will automatically launch. 2.
4. In the Time Zone drop down list, select the correct time zone for your location. Check the box next to Automatically adjust clock for daylight saving time if you live in a region that observes Daylight Saving Time. Click Next> to continue. Note: For best performance, you need to configure the time zone to accurately reflect geographic location. It is important that you set the time zone correctly before you register your SonicWALL CSM appliance.
5. The Network Setup screen will prompt you for information to configure the SonicWALL CSM’s X0 and X1 interfaces, which will enable Internet connectivity. Refer to the table below for a description of the Network Setup fields. After you have entered the required information, press Next> to continue. Alert: You must configure the network interfaces before connecting the SonicWALL CSM to your network.
6. The SonicWALL Configuration Summary displays. Click Apply to confirm the settings. After you click the Apply button, the Storing SonicWALL Configuration screen displays. It may take up to two minutes while changes are being applied to your SonicWALL CSM appliance. 7. When the configuration has been stored, you will see the Setup Wizard Complete screen. Click Close to close the Wizard. Continue to “Connecting the SonicWALL CSM to Your Network” on page 14.
8. Disconnect your crossover cable from your management station and the CSM appliance and refer to “Connecting the SonicWALL CSM to Your Network” on page 14. Note: After initial configuration using the X2 out-of-band management interface, you can now perform management from the LAN (X0) interface.
4 Connecting the SonicWALL CSM to Your Network Connect the SonicWALL CSM between your LAN and your firewall/security appliance, allowing it to filter content requests from the LAN before they pass through the firewall/ security appliance.
Connecting the Ethernet Cables 1. Connect one end of the Ethernet cable connected to your internal network (your LAN hub, switch, or router) to the X0 (Internal) port of the SonicWALL CSM. The LEDs on the X0 port light up indicating an active connection. 2. Connect one end of an Ethernet cable connected to your firewall or Internet connection to the X1 (External) port of the SonicWALL CSM. The LEDs on the X1 port light up indicating an active connection. Testing Your Connectivity 1.
Tip: The System > Diagnostics > Run Test page provides the status of your network connection and security services. The example on this page shows test results for a SonicWALL CSM appliance with multiple active network DNS server connections. The Content Filtering Server status is displayed as “not configured” in red, which accurately reflects this SonicWALL CSM appliance not having an active Content Filtering Server subscription service. Adding subscription services is discussed later in this document.
5 Registering Your SonicWALL CSM Once you have established an Internet connection for your SonicWALL CSM, you must register the SonicWALL CSM to activate: • Allowed Nodes/Users license • SonicWALL Content Filtering Service subscription • Client Anti-Virus • Gateway Anti-Virus • Anti-Spyware • Application Filter Service subscription • Multimedia Application Filters • Intrusion Prevention Service • ViewPoint Registering your SonicWALL CSM also allows you to: • Download related software: • SonicWALL ADConnect
Before You Register You need a mySonicWALL.com account to register your SonicWALL CSM. You can create a new mySonicWALL.com account directly from the SonicWALL management interface. Alert: Verify that the DNS and Time settings on your SonicWALL CSM are correct when you register the device. Your DNS and Time settings should have been configured with the Setup Wizard. You can verify the Time settings in the System > Time page.
Creating a mySonicWALL.com Account Creating a mySonicWALL.com account is fast, simple, and FREE. Simply complete an online registration form in the SonicWALL CSM management interface. You must have your SonicWALL CSM and your management station connected to the Internet to complete the online registration process. If you already have a mysonicWALL.com account, refer to “Registering Your SonicWALL CSM Using the Management Interface” on page 20. 1.
Registering Your SonicWALL CSM Using the Management Interface 1. Log in to the SonicWALL CSM management interface if you are not logged in. 2. If the System > Status page is not displayed in the management interface, click System in the left-navigation menu, and then click Status. 3. On the System > Status page, in the Security Services section, click the Register link in the sentence Click here to Register your SonicWALL. The mySonicWALL.com Login page is displayed. 4. Enter your mySonicWALL.
6 Understanding the *Default Policy The SonicWALL CSM includes a pre-configured *Default Policy with pre-defined Web Filter Category Sets. The default settings are automatically applied when you add users from the network segment protected by the SonicWALL CSM, unless you assign a custom filtering policy to them. You can use the *Default Policy and its pre-configured Web Filter Category Sets as a base-line defense, providing the highest level of content filtering to all users.
Viewing the *Default Policy Settings 1. In the management interface, click the Policies tab, then select Policy List. 2. Click the Configure icon next to *Default. 3. To view the default Web filters, click the Web Filters tab. The *Default Web filters are Adult Content, Drugs/Alcohol/Tobacco, and Racism/Hate/Violence/Weapons and Safe Search Enforcement. These Web filters will be checked by default. 4. To view application filters, click the App Filters tab.
7 Verifying the *Default Policy You can verify that the *Default Policy is active by testing the each default Web filter category using a computer with an IP address that is within the assigned IP address range you specified in Users and Hosts > Hosts and that is on the same LAN as the SonicWALL CSM. For each *Default Policy Web filter category, visit a well-known Web site in that category.
8 Integrating the SonicWALL CSM with Microsoft Active Directory To provide direct, single-sign-on integration with Microsoft’s Active Directory for applying filtering properties, the SonicWALL CSM includes the SonicWALL ADConnector application to provide an interface between the SonicWALL CSM filtering policies and Active Directory.
SonicWALL ADConnector Requirements The Windows PC on which you install the SonicWALL ADConnector must meet the following requirements: • A direct or routable access to both the Active Directory Domain Controller and the SonicWALL CSM • An always on computer, so that the SonicWALL CSM can communicate with the Windows computer as needed • A computer that belongs to the domain against which the authentication occurs Information You Need to Install and Configure Your SonicWALL ADConnector Use the following inf
Download SonicWALL ADConnector Software Note: You must register your SonicWALL CSM before you can download the SonicWALL ADConnector Software. For instructions registering, refer to “Registering Your SonicWALL CSM” on page 17. 1. 2. 3. 4. Page 26 Go to https://www.mySonicWALL.com and log in. Click Download Center under Download in the left-hand column. In the Type drop-down list, select Content Security Manager. In the Available Software list, download the SonicWALL ADConnector.
Install the SonicWALL ADConnector The SonicWALL ADConnector installation wizard installs both the SonicWALL ADConnector Configuration Tool and the SonicWALL Agent Service. Note: You must have administrative privileges on the computer where you are installing the SonicWALL ADConnector. 1. Launch the SonicWALL ADConnector setup program you downloaded from https://mySonicWALL.com. 2. You may be prompted to install the Microsoft.NET 1.1 Framework. Click Yes. 3.
Starting the SonicWALL ADConnector After installing the SonicWALL ADConnector, start the service. The agent service must be running at all times for the SonicWALL CSM to communicate with Active Directory. 1. On your Windows desktop, double click the ADConnector Configuration Tool icon, or from the Windows Start menu, select Programs > SonicWALL > SonicWALL ADConnector > ADConnector Configuration Tool. The ADConnector Configuration Tool launches. This is part of the Microsoft Management Console (MMC). 2.
Preparing the SonicWALL ADConnector Configuration Tool for First Use 1. Expand the Users list to view the users. 2. The first time you click on a user, the SonicWALL ADConnector prompts you for the Active Directory attributes for the SonicWALL ADConnector. Click OK in the Warning dialog box. 3. In the Attribute Selection dialog box, select attributes that are otherwise unused in on the system, for example, IP Phone. Select different attributes for the Category Set.
8. Click Check. The Active Directory Agent Status window is displayed. If the Directory Services Connector is detected, the message Directory Services Connector is ready is displayed. 9. Click OK twice to exit. At the end of step 8, if you see the message, Directory Services Connector is not responding, test connectivity from the SonicWALL CSM to the SonicWALL ADConnector: 1. In the management interface, click System and then click Diagnostics. 2.
Adding a Static Route to the SonicWALL ADConnector If the SonicWALL ADConnector is installed on a computer in a different subnet than the SonicWALL CSM, you need to add a static route in the SonicWALL CSM to the SonicWALL ADConnector station: 1. In the SonicWALL CSM management interface, in the left-navigation menu, click Network and then click Interfaces. 2. In the Network > Interfaces page, click Add below the Route table. 3. Click Add in the Routing Table section. The Add Route window is displayed. 4.
Advanced Configuration After you initially set up and configure your SonicWALL CSM, these are the key steps you take to provide content filtering to your LAN: 1. Organize your Web Filters and determine the content filtering needs for each Category Set. These can be local users, RADIUS users, or Active Directory users. 2. Create content filtering policies using the default categories, custom categories and web risks. You can create new policies or modify the twelve default policies. 3.
Configuring Static IP To configure the static IP address and subnet mask on your management station, follow the steps below: Windows XP 1. Right click the Local Area Connection icon and select Properties. 2. Double-click Internet Protocol (TCP/IP). 3. In the Internet Protocol (TCP/IP) Properties window, select Use the following IP address and type an available IP address, for example, 192.168.168.20. 4. Type 255.255.255.0 in the Subnet Mask field. 5. Click OK for the settings to take effect. Windows 2000 1.
Glossary of Networking Terms SonicWALL ADConnector - A SonicWALL application for integrating SonicWALL Content Security Manager filtering policies with Microsoft Active Directory groups and users. application filtering - A signature-based deep packet inspection mechanism for controlling peer-to-peer (P2P), Instant Messaging (IM), and Multimedia applications usage.
router - A device that routes data between networks through IP address information in the header of the IP packet. A router forwards packets to other routers until the packets reach their destination. The Internet is the largest example of a routed network. subnet - A portion of a network. Each subnet within a network shares a common network address and is uniquely identified by a subnetwork number. subnet mask - A 32-bit number used to separate the network and host sections of an IP address.
SonicWALL CSM Appliance Regulatory Statement and Safety Instructions Regulatory Model/Type Product Name 1RK0A-02A CSM 2200 FCC Part 15 Class A Notice Note: This equipment was tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
EU Declaration of Conformity Application of council Directives 89/336/EEC (EMC) and72/23/EEC (LVD) Standards to which conformity is declared: EN 55022 (1998) +A2 Class A EN 55024 (1998) +A2 EN 61000-3-2 (2000) EN 61000-3-3 (1995) +A1 EN 60950-1 (2001) + A11 National Deviations: AT, AU, BE, CH, CN, CZ, DE, DK, FI, FR, GB, GR, HU, IE, IL, IN, IT, JP, KR, NL, NO, PL, SE, SG, SI BMSI Statement VCCI Statement SonicWALL CSM Series Appliance Getting Started Guide Page 37
Regulatory Information for Korea Ministry of Information and Telecommunication All products with country code “” (blank) and “A” are made in the USA. All products with country code “B” are made in China. All products with country code "C" "D" or "F" are made in Taiwan R.O.C. All certificates held by NetSonic, Inc. Lithium Battery Warning The Lithium Battery used in the SonicWALL Internet security appliance may not be replaced by the user. Call SonicWALL technical support in U.S.
Mounting the SonicWALL CSM The above SonicWALL appliances are designed to be mounted in a standard 19-inch rack mount cabinet. The following conditions are required for proper installation: • Use the mounting hardware recommended by the rack manufacturer and ensure that the rack is adequate for the application. SonicWALL includes a rack mounting kit with the SonicWALL CSM that is compatible with most computer equipment racks.
Kabelverbindungen Alle Ethernet- und RJ45 Konsole-Kabel eignen sich für die Verbindung von Geräten in Innenräumen. Schließen Sie an die Anschlüsse der SonicWALL keine Kabel an, die aus dem Gebäude herausgeführt werden, in dem sich das Gerät befindet. Weitere Hinweise zur Montage der Modell Die oben genannten SonicWALL-Modelle sind für eine Montage in einem standardmäßigen 19-Zoll-Rack konzipiert.
Copyright Notice © 2006 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, cannot be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original.
Notes Page 42
SonicWALL,Inc. 1143 Borregas Avenue Sunnyvale,CA 94089-1306 T: 408.745.9600 F: 408.745.9300 www.sonicwall.com © 2006 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.
