1. No category

WXA 1.3.2 Administration Guide for SonicOS 6.2

Dell SonicWALL™ WXA 1.3.2
Administration Guide for SonicOS 6.2
©
2015 Dell Inc.
ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a
software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the
applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written
permission of Dell Inc.
The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or
otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT
AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO
LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR
INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS
OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of
the contents of this document and reserves the right to make changes to specifications and product descriptions at any time
without notice. Dell does not make any commitment to update the information contained in this document.
If you have any questions regarding your potential use of this material, contact:
Dell Inc.
Attn: LEGAL Dept.
5 Polaris Way
Aliso Viejo, CA 92656
Refer to our website (software.dell.com) for regional and international office information.
Limited Warranty
All Dell SonicWALL appliances come with a 1-year Limited Hardware Warranty which provides delivery of critical replacement
parts for defective parts under warranty. In addition, for 90 days from the warranty start date, some Dell SonicWALL appliances
are entitled to a Limited Software Warranty which provides bug fixes, updates and any maintenance releases that occur during
the coverage term. Visit the Warranty Information page at
http://www.sonicwall.com/us/support/Services.html#tab=warranty
for details on your product’s warranty.
Patents
For information about Dell SonicWALL patents, go to http://software.dell.com/legal/patents.aspx.
Trademarks
Dell™, the Dell logo, SonicWALL™, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc.
Microsoft Windows 7, Windows Server 2010, Internet Explorer, and Active Directory are trademarks or registered trademarks
of Microsoft Corporation. eDirectory and NetWare are registered trademarks of Novell, Inc. Adobe, Acrobat, and Acrobat
Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries.
Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names
or their products. Dell disclaims any proprietary interest in the marks and names of others.
Legend
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
WXA 1.3.2 Administration Guide for SonicOS 6.2
Updated - November 2015
232-003004-00 Rev B
Software Version - 1.3.2
Contents
Part 1. Introduction
About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Organization of this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 2 WAN Acceleration on TZ Series Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . .
Part 3 WAN Acceleration on NSA and SuperMassive Series Firewalls . . . . . . . . . . . . .
Part 4 Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9
9
9
9
9
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
What is WAN Acceleration? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Transmission Control Protocol Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Windows File Sharing Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Deployment Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Deployment Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
WXA Series Appliance Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Part 2. WAN Acceleration on TZ Series Firewalls
About the WXA and Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
WXA Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Licensing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Getting a License from MySonicWALL.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Getting a License through the Firewall Management Interface . . . . . . . . . . . . . . . . . . .21
Activating a License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Configuring the WXA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
WAN Acceleration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
WAN Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Statistics and Visualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Configuring the WXA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Configuring the WXA via the WXA Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . .25
Configuring the WXA via the WAN Acceleration Pages . . . . . . . . . . . . . . . . . . . . . .26
Viewing Summary Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
WAN Acceleration > Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
WAN Acceleration Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
WXA Status Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
VPN Policies Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
SSL VPN Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Route Policies Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Monitor Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
3
Configuring the WXA Series Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Configuring Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Configuring the Network Interface on the WAN Acceleration > Summary Page . . . . . .36
Configuring the WXA Network Interface on the Network > Interfaces Page . . . . . . . .37
Configuring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Viewing the TCP Acceleration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
WAN Acceleration > TCP Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Statistics Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Statistics Breakdown Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Connections Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Configuring TCP Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
WAN Acceleration > TCP Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Configuring TCP Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Verifying the TCP Acceleration Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Viewing the WFS Acceleration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
WAN Acceleration > WFS Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Statistics Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Connections Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Signed SMB Setup Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Signed SMB Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Configuring WFS Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
WAN Acceleration > WFS Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Configuring WFS Acceleration for Unsigned SMB Traffic . . . . . . . . . . . . . . . . . . . . .69
Configuring WFS Acceleration for Signed SMB Traffic . . . . . . . . . . . . . . . . . . . . . .71
Adding File Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Verifying the WFS Acceleration Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Viewing the Web Cache Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
WAN Acceleration > Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Statistics Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Configuring the Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
WAN Acceleration > Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Configuring Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Verifying Web Cache Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Enabling WXA for a VPN and Route Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Permitting Acceleration on the VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Enable Acceleration on the Network/VPN Page . . . . . . . . . . . . . . . . . . . . . . . . . 112
Enable Acceleration on a VPN on the WAN Acceleration Summary Page . . . . . . . . . 113
Permitting Acceleration on the Route Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Permitting Acceleration on a Route Policy on the WAN Acceleration > Summary Page 114
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
4
Enable Permit Acceleration for a Route Policy for Outgoing Traffic on the Network >
Routing Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Enabling WXAC on the WXA Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
WAN Acceleration > Firmware . .
Manual Download/Upload . .
Firmware Auto-Download . .
Factory Reset . . . . . . . . . .
....
....
....
....
....
....
....
....
...
...
...
...
....
....
....
....
...
...
...
...
....
....
....
....
....
....
....
....
...
...
...
...
....
....
....
....
...
...
...
...
. 122
. 123
. 125
.127
Viewing the Log Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
WAN Acceleration > Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Viewing Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Part 3. WAN Acceleration on NSA and
SuperMassive Series Firewalls
About WXA Clustering and Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
WXA Clustering Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Supported Platforms for Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
What is WXA Clustering? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
How Does WXA Clustering Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Licensing Overview for WXA Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Getting a License from MySonicWALL.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Getting a License through the Firewall Management Interface . . . . . . . . . . . . . . . . . . 136
Activating a License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Configuring WXA Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
WXA Clustering Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
WXA Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Connection Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Statistics and Visualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Configuration for WXA Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Configuring WXA Clustering via the WXA Setup Wizard . . . . . . . . . . . . . . . . . . . . 143
Configuring WXA Clustering via the WAN
Acceleration Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Viewing Summary Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
WAN Acceleration > Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Groups Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
WXAs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
VPN Policies Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
SSL VPN Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Route Policies Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Monitor Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Configuring the WXA Series Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
5
Configuring Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Configuring the Network Interface on the WAN Acceleration > Summary Page . . . . . 160
Configuring the Network Interface on the Network > Interfaces Page . . . . . . . . . . 161
Configuring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Viewing the TCP Acceleration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
WAN Acceleration > TCP Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Statistics Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Statistics Breakdown Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Connections Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Configuring TCP Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
WAN Acceleration > TCP Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Configuring TCP Acceleration for a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Verifying the TCP Acceleration Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Viewing the WFS Acceleration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
WAN Acceleration > WFS Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
WFS Acceleration Page for Unsigned SMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
WFS Acceleration Page for Signed SMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Configuring WFS Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
WAN Acceleration > WFS Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Configuring WFS Acceleration for Unsigned SMB Traffic . . . . . . . . . . . . . . . . . . . . 197
Configuring WFS Acceleration for Signed SMB Traffic . . . . . . . . . . . . . . . . . . . . . 201
Adding File Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Verifying the WFS Acceleration Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Viewing the Web Cache Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233
WAN Acceleration > Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Statistics Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Configuring the Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
WAN Acceleration > Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Configuring the Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Verifying Web Cache Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Configuring VPNs and Route Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
Assigning Groups to VPNs and Route Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Assigning a Group to a VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Assigning a Group to a Route Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Enabling WXAC on the WXA Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
WAN Acceleration > Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Manual Download/Upload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Firmware Auto-Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Factory Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
....
....
....
....
...
...
...
...
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
. 259
. 260
. 262
.265
6
Viewing the Log Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266
WAN Acceleration > Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Viewing Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Part 4. Appendices
Appendix A: Configuring the WXA to the Domain Without Using the WXA Management
Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270
Automatically Joining the Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Configuring Custom Zones for WXA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Configuring Reverse Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Manually Adding SPN Hostnames in DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Appendix B: Configuring the NetExtender WAN Acceleration Client . . . . . . . . . . . .276
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Requirements / Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Deployment Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Enabling WXAC on the Central Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Configuring WXAC on a Remote PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
About Dell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
Contacting Dell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Technical Support Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
7
Part 1
Introduction
• About this Guide
• Introduction
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
8
1
About this Guide
Welcome to the Dell SonicWALL WXA 1.3.2 Administration Guide for SonicOS 6.2. This manual provides the
information you need to successfully activate, configure, and administer one or more WXA series
appliances. It is divided into separate parts: Part 2 dealing with firewalls that support a single WXA and
Part 3 dealing with clustering or firewalls that support using multiple WXAs.
NOTE: Check https://support.software.dell.com/sonicwall-wan-acceleration-series for the latest
version of this manual as well as other Dell SonicWALL products and services documentation.
Organization of this Guide
The Dell SonicWALL WXA 1.3.2 Administration Guide for SonicOS 6.2 is structured into the following parts that
use the WAN Acceleration Web Management Interface. Within these parts, individual chapters correspond to the
Dell SonicWALL WXA series appliance management interface layout.
Part 1 Introduction
Presents an overview of new Dell SonicWALL WXA 1.3.2 Administration Guide for SonicOS 6.2 features, guide
conventions, support information, and an overview of the WXA series appliance management interface.
Part 2 WAN Acceleration on TZ Series Firewalls
Provides all the information that is needed for activating configuring, deploying and using a single WXA
appliance.
Only one WXA appliance is connected to the TZ series appliance. Traffic is accelerated through that single WXA
appliance.
Part 3 WAN Acceleration on NSA and SuperMassive
Series Firewalls
Provides all the information that is needed for activating configuring, deploying and using WA Acceleration on
firewalls that support WXA clustering.
WXA Clustering allows multiple WXAs to be used to provide increased throughput and resilience. Clustering WXA
appliances significantly increases the number of connections that can be accelerated simultaneously.
Part 4 Appendices
Consists of two sections: Appendix A that details configuring the WXA series appliance to join the domain
without using the WAN Acceleration management interface, and Appendix B explaining how to configure the
NetExtender WAN Acceleration Client (WXAC).
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
9
Conventions
The following conventions used in this guide are as follows:
Convention
Use
Bold
Highlights menu items you can select on the firewall management
interface, such as click, as well as window names and other related
items.
Italic
Highlights a value to enter into a field or a word or phrase requiring
emphasis.
For example, “type 192.168.168.168 in the IP Address field.”
Menu Item > Menu Item
Indicates a multiple-step Management Interface menu choice.
For example, WAN Acceleration > WFS Acceleration meaning from WAN
Acceleration go to WFS Acceleration.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
10
2
Introduction
Topics:
•
What is WAN Acceleration? on page 11
•
Deployment Prerequisites on page 12
•
Deployment Considerations on page 13
•
Supported Platforms on page 14
•
WXA Series Appliance Management Interface on page 14
WXA 1.3.2 is the latest version of firmware for the Dell SonicWALL WXA series appliance. This chapter provides
an overview of the WAN Acceleration feature, the WAN Acceleration management interface, deployment
prerequisites and considerations, supported platforms, and details the key features in the WXA 1.3.2 and
previous releases.
What is WAN Acceleration?
The WAN Acceleration service allows network Administrators to accelerate WAN traffic between a central site
and a branch site, using Transmission Control Protocol (TCP) acceleration methods, Windows File Sharing (WFS)
acceleration, and Web caching. The Dell SonicWALL WXA series appliances are deployed in conjunction with a
Dell SonicWALL network security appliance. In this type of deployment, the Dell SonicWALL network security
appliance provides dynamic security services, such as attack prevention, Virtual Private Network (VPN), routing,
and Web Content Filtering. The WAN Acceleration service can increase application performance.
The illustration below displays the basic network topology for the Dell SonicWALL WXA series appliance and the
Dell SonicWALL network security appliances.
Internet
NSA/TZ series
appliance
NSA/TZ series
appliance
Switch
Switch
Email Web
Domain File
Controller Server Server Server
Central Site
PC
WXA series
appliance
WXA series
appliance
PC
PC
PC
File
Server
Branch Site
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
11
Transmission Control Protocol Acceleration
The TCP Acceleration service is a process that decreases the amount of data passing over the WAN by using
compression. This accelerates selected traffic passing between a central site and a branch site. The selected
traffic is stored in the Dell SonicWALL WXA series appliances’ shared databases as blocks of data and tagged
with reference indexes. This allows the WXA series appliances to only send the reference indexes (which are
smaller in size) over the WAN instead of the actual data.
Refer to Configuring TCP Acceleration on page 48, for details on how to configure TCP Acceleration.
Windows File Sharing Acceleration
WAN Acceleration refers to a wide range of technologies that are aimed at accelerating applications, improving
throughput, and reducing latency. Windows File Sharing (WFS) Acceleration is a subset of WAN Acceleration.
The use of WFS Acceleration within your network reduces the impact of high-latency and low-bandwidth links by
approximating streaming behavior through the use of read-ahead and write-behind functionality and
differential file transfer to avoid re-transferring parts of files that have not changed. WFS Acceleration allows
branch users to access and share commonly used files at near-LAN speeds over the WAN.
Distributed enterprises that deploy WFS Acceleration solutions may be able to consolidate storage to corporate
central sites, eliminating the need to back up and manage data that previously resided in their branch sites.
Where storage is not consolidated, the costs and delays of accessing local and branch storage data from other
sites is also reduced.
The WXA series appliance offers WFS Acceleration for:
•
Unsigned SMB Traffic
•
Signed SMB Traffic
In networks that support Unsigned SMB traffic, configuring WFS Acceleration is greatly simplified, because
Unsigned SMB traffic does not have a security layer. So, the WXA appliances can intercept traffic without joining
a domain, which eliminates the need to configure custom DNS zones, reverse lookup, and file shares.
In networks that require SMB signing, the WXA appliances must join a domain, as Signed SMB traffic has a
security layer. Signed SMB configuration is more complex than Unsigned SMB configuration and offers more
granularity. Signed SMB configuration also has an Advanced configuration mode with more options.
Refer to Configuring WFS Acceleration on page 68, for details on how to configure WFS Acceleration.
Web Cache
The Web Cache feature stores copies of Web pages and Youtube videos passing through the network that are
frequently and recently requested. So, when a user requests one of these Web pages, it is retrieved from the
local web cache instead of the Internet, saving bandwidth and response time. Minimal, Moderate, and
Aggressive caching strategies are available. These determine which objects are placed into the web cache and
how long they stay there.
Refer to Configuring the Web Cache on page 107, for details on configuring the web cache.
Deployment Prerequisites
The pre-requisites for deploying the WAN Acceleration service are as follows:
•
A Dell SonicWALL network security appliance is required to deploy the Dell SonicWALL WXA series
appliance.
•
Traffic passing through the Dell SonicWALL WXA series appliance requires Internet Protocol version 4
(IPv4). The WAN Acceleration service is not compatible with IPv6.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
12
Deployment Considerations
Consider the following when deploying the Dell SonicWALL WXA series appliance:
•
WXA Clustering is supported by NSA and SuperMassive 9200/9400/9600 series firewalls, where multiple
WXAs can be plugged into the firewall.
•
For WXA Clustering, the WXA series appliances are supported to work with Dell SonicWALL NSA 2600 or
above and SuperMassive 9200/9400/9600 series firewalls running SonicOS 6.2.2 or higher firmware.
•
WXA 500 can run in memory mode by booting the PC with the CD inserted. Alternatively, it can be
installed onto the hard disk. In the latter case, more features are available.
•
Typically the WXA appliances are deployed in a site-to-site VPN configuration through their respective
Dell SonicWALL network security appliances. However, you can also use routing or L2 Bridge Mode, refer
to the SonicOS Administration Guide for details.
•
If a WXA appliance is used in a high availability configuration, a switched connection to both appliances
high availability pairs is required.
•
The initial configuration of the WXA series appliance should be performed by using the WXA Setup
Wizard, which is available by clicking the Wizards button in the top-right corner of the Dell SonicWALL
network security appliance’s management interface. For more information on the WXA Setup Wizard
refer to the SonicOS Administration Guide.
•
Encrypted traffic is highly randomized and does not materially benefit from the WXA appliance’s WAN
Acceleration service. Therefore, SSL and TLS traffic types are not accelerated.
•
WFS Acceleration using Signed SMB supports Windows file services using Active Directory, Kerberos, and
NTLM for authentication and authorization.
•
WFS Acceleration using Signed SMB with NTLM clients provides credentials to the Dell SonicWALL WXA
series appliance that are valid in the domain. The Dell SonicWALL WXA series appliance obtains the
Kerberos credentials through the Domain Controller. This permits client devices which have not joined
the domain to be used by users who have valid domain credentials.
•
Create a DHCP scope on the managing Dell SonicWALL network security appliance before the WXA
appliance is physically connected.
•
If the branch offices have Domain Controllers and DNS Servers, it is recommended that you use those DNS
Server addresses and the Domain DNS name in the DHCP scope. Configure the only Domain Name and
Domain DNS server IP addresses in the configured DHCP scope. The WXA appliance will auto-discover
Kerberos, LDAP, and NTP servers based on this type of information to assist in joining the appliance to
the domain.
•
Review the LDAP, Kerberos, and NTP services. In a multi-site domain where sites and services are not
explicitly configured, the WXA appliance might not choose the closest servers.
•
Dell SonicWALL recommends that the WXA appliance retrieves NTP updates from the Domain Controller.
If an NTP server is not configured, this is done automatically.
•
Dell SonicWALL recommends that the Active Directory DNS zones that hold the WXA name or IP address
be configured to accept secure updates only.
•
Configure the zone properties of an interface to which the WXA appliance is connected as a LAN zone.
Refer to the following KB articles: for more information
•
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=10781
•
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=10738
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
13
Supported Platforms
WAN Acceleration is available for SonicOS 6.2 and above. WXA Clustering is currently only available for the NSA
and SuperMassive 9200/9400/9600 series of firewalls running SonicOS 6.2.2 and above.
SuperMassive series 9200, 9400 and 9600
TZ series TZ600, TZ500/500W, TZ400/400W, TZ300/300W
NSA series 6600/5600/4600/3600/2600
WXA Series Appliance Management
Interface
The Dell SonicWALL WXA series appliance’s Web-based management interface provides an easy-to-use graphical
interface for configuring your Dell SonicWALL WXA series appliance. All configuration procedures for the Dell
SonicWALL WXA series appliance are performed through the Dell SonicWALL network security appliance’s
management interface. The following sections provide an overview of the key management interface objects:
•
User Interface on page 14
•
Navigating the Management Interface on page 15
•
Common Icons in the Management Interface on page 15
•
Status Bar on page 16
•
Saving Changes on page 16
•
Tooltips on page 16
•
Getting Help on page 17
User Interface
Table statistics and log entries update within the user interface without requiring users to reload their
browsers. This lightweight user interface is designed to have no impact on the Web server, CPU utilization,
bandwidth or other performance factors. You can leave your browser window on an updating page indefinitely
with no impact to the performance of your Dell SonicWALL WXA series appliance.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
14
Navigating the Management Interface
Navigating the WAN Acceleration management interface includes a hierarchy of menu buttons on the navigation
bar (left side of your browser window). When you click a menu button, related management functions are
displayed as submenu items in the navigation bar.
If the navigation bar continues below the bottom of your browser, an
up-and-down arrow symbol appears in
the bottom right corner of the navigation bar. Mouse over the up or down arrow to scroll the navigation bar up
or down.
Common Icons in the Management Interface
The following describe the functions of common icons used in the WAN Acceleration management interface:
•
Clicking on the edit
button displays a window for editing the settings.
•
Clicking on the delete
button deletes a table entry.
•
Clicking on the refresh
icon updates the data.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
15
Status Bar
The Status bar at the bottom of the management interface window displays the status of actions executed in
the management interface.
Saving Changes
Most UI pages and dialogs have one of the following buttons:
•
OK button
•
Accept button
Clicking any of these buttons saves any configuration changes you have made on that page or in that dialog.
Mode
The Mode option is located in the upper right corner of the screen. It is accessed to enable or disable the
Control tab.
You are unable to change any settings when in Non-Config mode. Only one Administrator can configure the WXA
at a time.
Tooltips
Tooltips are small pop-up windows that are displayed when you hover your mouse over a UI element. They
provide brief information describing the element. Tooltips are displayed for many forms, buttons, table
headings and entries.
NOTE: Not all UI elements have Tooltips. If a Tooltip does not display after hovering your mouse over an
element for a couple of seconds, you can safely conclude that it does not have an associated Tooltip.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
16
Getting Help
Each Dell SonicWALL WXA series appliance includes Web-based online help available from the management
interface. Clicking the question mark button on the top-right corner of every page accesses the help for the
page.
NOTE: Accessing the Dell SonicWALL WXA series appliance online help requires an active Internet
connection.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
17
Part 2
WAN Acceleration on TZ Series Firewalls
• About the WXA and Licensing
• Configuring the WXA
• Viewing Summary Information
• Configuring the WXA Series Appliances
• Viewing the TCP Acceleration Page
• Configuring TCP Acceleration
• Viewing the WFS Acceleration Page
• Configuring WFS Acceleration
• Enabling WXA for a VPN and Route Policies
• Viewing the Web Cache Page
• Configuring the Web Cache
• Managing Firmware
• Viewing the Log Page
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
18
3
About the WXA and Licensing
Topics:
•
WXA Overview on page 19
•
Licensing Overview on page 19
•
Getting a License from MySonicWALL.com on page 20
•
Getting a License through the Firewall Management Interface on page 21
•
Activating a License on page 23
WXA Overview
The following table shows the maximum number of users and connections that are supported for each WXA
platform.
WXA 6000
WXA 4000
WXA 2000
WXA 5000
WXA 500 Live
Platform
Software
Hardware
Appliance
Hardware
Appliance
Virtual
Appliance
Software
Maximum Users
2000
240
120
360
20
Maximum
Connections
10,000
1,200
600
1,800
100
The firewall stores the following WXA configuration settings:
•
Whether Web Cache, Unsigned SMB, and TCP Acceleration are enabled
•
Web Cache mode
•
Exclusion/Inclusion list settings for TCP Acceleration, WFS Acceleration, Unsigned SMB, and Web Cache
Licensing Overview
Licensing is based on the WXA Model type. A MySonicWALL account is required for product registration and
activation.
•
If you already have an account, continue to the Activating a License section to activate your WXA
license.
•
If you do not have an account, proceed to Getting a License from MySonicWALL.com to create a
MySonicWALL account.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
19
Getting a License from MySonicWALL.com
The following example shows how to register a product and get a license from mysonicwall.com.
To register a product and get a license:
1
In your web browser, navigate to www.mysonicwall.com.
2
At the login page, enter your Username and Password.
NOTE: If you do not have a MySonicWALL account, click Register Now and follow the instructions.
The instructions also appear in the Getting Started Guide for your appliance.
3
On the mySonicWALL Home page, in the Quick Register panel, enter your Activation Key.
4
Click Next and follow the prompts on the screen. You can also get a license on the Register Product
page.
5
Go to the My Products > Register Product page.
6
In the Serial Number field, enter your Activation Key, and follow the prompts on the screen.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
20
Getting a License through the Firewall
Management Interface
You can also activate your license on the System > Licenses page on the firewall.
To activate your license on the System > Licenses page:
1
Enter the Activation Key for the product into the Enter upgrade key field.
2
Click Submit.
3
Click the Synchronize button. License information will appear in the Summary panel.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
21
This same information is also shown on the WAN Acceleration Summary page.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
22
Activating a License
Customers can enter their Activation Key on either MySonicWALL.com or directly from the firewall on the
System > Licenses page.
To enter your Activation Key from the firewall on the System > Licenses page:
1
Go to the System > Licenses page.
2
On the line that says, To Activate, Upgrade, or Renew services, click here — click on the click here
hyperlink.
The page changes to the License Management page that shows a list of licenses.
3
On the WAN Acceleration Software line, click Upgrade.
That opens a new page where we can enter the Activation Key.
4
In the New License Key 1 box, enter the Activation Key.
5
Click Submit. The License Management page appears.
6
Click the Upgrade button.
The Expiration, License, and Expiration fields are updated accordingly.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
23
4
Configuring the WXA
Topics:
•
WAN Acceleration Management on page 24
•
Configuring the WXA on page 25
WAN Acceleration Management
WAN Acceleration is managed via the SonicOS management interface on the Dell SonicWALL network security
appliance.
This section contains the following subsections:
•
WAN Acceleration on page 24
•
Statistics and Visualization on page 24
WAN Acceleration
The WXA accelerates network traffic in three different ways:
•
TCP Acceleration - accelerates TCP connections across a VPN or a particular route.
•
WFS Acceleration - accelerates windows file sharing operations (opening, editing and saving remotely
held documents).
•
Web Cache - caches locally previously downloaded/accessed web resources (HTML pages, images and
videos).
Statistics and Visualization
SonicOS discovers the WXA that is connected to the firewall via DHCP and by clicking the Probe for WXA button
on the WAN Acceleration > Summary page. The probe also occurs automatically every few seconds. The WXA
information on the Summary page is not refreshed automatically, but it can be updated by clicking the Refresh
button.
The WAN Acceleration > Summary page shows the WXA with status indicators for the WXA appliance and its
components. The visualization graph shows the instantaneous number of connections and throughput, and a
table showing the load.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
24
Configuring the WXA
To configure the WXA with a Dell SonicWALL TZ series network security appliance, you must be running SonicOS
6.2.4 or higher firmware on the TZ. Firmware can be obtained from MySonicWALL or Dell SonicWALL Sales.
This section contains the following subsections:
•
Configuring the WXA via the WXA Setup Wizard on page 25
•
Configuring the WXA via the WAN Acceleration Pages on page 26
•
Configuring the Interface for the WXA on page 26
•
Accelerating Traffic on a VPN on page 27
•
Accelerating Traffic on a Route on page 27
•
Support for WXAC on page 28
•
Monitoring Connections across the WXA on page 28
•
Viewing Statistics for Components on page 28
Configuring the WXA via the WXA Setup Wizard
To configure the WXA via the WXA Setup Wizard:
1
At the top right of the firewall UI, click the Wizards link.
2
Select the desired WXA Setup Guide from the Select a guide drop-down menu, and click Next.
3
Follow the instructions on the Wizard screens for the selected option(s), and click Next to work through
the screens.
4
Click Close upon completion.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
25
Configuring the WXA via the WAN Acceleration Pages
As an alternative configuration method to the Wizard, you can also configure the WXA appliance on the Dell
SonicWALL network security appliance via the WAN Acceleration pages.
The WAN Acceleration > Summary page shows a currently configured WXA 5000.
Configuring the Interface for the WXA
To configure the interface on the firewall for the WXA:
1
Go to the WAN Acceleration > Summary page.
2
Select the Enable WAN Acceleration option.
3
Click the Interface button.
4
In the Interface for the WXA dialog box, select the Interface and Zone that you want and enter the IP
Address and Netmask. A DHCP range will be created.
5
Select the Keep existing interface configuration option if the interface is already configured and you
wish to keep the existing settings.
6
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
26
Accelerating Traffic on a VPN
To accelerate traffic on a VPN:
1
Go to the WAN Acceleration > Summary page.
2
Click the VPN Policies tab.
3
Click the Edit button.
The Edit VPN dialog box appears.
4
Select the Permit Acceleration check box.
5
Click OK.
To disable acceleration on a VPN:
1
Go to the WAN Acceleration > Summary page.
2
Click the VPN Policies tab.
3
Click the Edit button.
The Edit VPN dialog box appears.
4
De-select the Permit Acceleration check box.
5
Click OK.
Accelerating Traffic on a Route
To accelerate traffic on a Route:
1
Go to the WAN Acceleration > Summary page.
2
Click the Route Policies tab.
3
Click the Edit button.
The Edit Route dialog box appears.
4
Select the check box.
5
Click OK.
To disable acceleration on a Route:
1
Go to the WAN Acceleration > Summary page.
2
Click the Route Policies tab.
3
Click the Edit button.
The Edit Route Policy dialog appears.
4
Select the check box.
5
Click OK.
NOTE: You can also Permit Acceleration on a Route from the Edit Route dialog box that is
launched from the Network > Routing page, and you can also Permit Acceleration on VPNs using
the Edit VPN dialog that is launched from the VPN > Settings page.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
27
Support for WXAC
You can enable acceleration for the SSL VPN in order to support connections from NetExtender WAN
Acceleration Clients (WXAC).
NOTE: The NetExtender WAN Acceleration Client (WXAC) must be licensed to assign it to a WXA.
To enable WXAC:
1
Go to the WAN Acceleration > Summary page.
2
Click the SSL VPN tab.
3
Select the Enable WXAC check box.
4
Click the Accept button.
NOTE: If WXAC is not licensed, you will see the following message: NetExtender WAN Acceleration
Client (WXAC) is not licensed.
Active Licenses currently in Use: Will show the number of licenses.
Monitoring Connections across the WXA
To monitor connections across the WXA:
1
Go to the WAN Acceleration > Summary page.
2
Click the Monitor tab.
3
The Connections page displays a graph showing the connections handled by the WXA.
Viewing Statistics for Components
On the TCP Acceleration page, TCP Acceleration Statistics Breakdown tab, Connection tab, and the WFS
Acceleration and Web Cache pages, the statistics are collected from the WXA.
The following example is for TCP Acceleration, but the steps are the same for those other UI pages as well.
To view the statistics for TCP Acceleration components:
1
Go to the WAN Acceleration > TCP Acceleration > Statistics page.
2
From the Covering Period menu, select the time period over which you want to collect the data to be
displayed.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
28
3
Click the Refresh button.
The WFS Acceleration > Statistics page differs from the TCP Acceleration > Statistics page only in that you can
specify whether to show data for Signed SMB or Unsigned SMB or both.
Both the WFS Acceleration > Statistics page and the Web Cache > Statistics page display slightly different
charts.
The TCP Acceleration Breakdown Statistics page and the TCP Acceleration Connections page both provide
selection criteria for what is displayed and a WXA loading table.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
29
5
Viewing Summary Information
Topics:
•
WAN Acceleration > Summary on page 30
•
WAN Acceleration Panel on page 31
•
WXA Status Panel on page 31
•
VPN Policies Tab on page 33
•
VPN Policies Tab on page 33
•
SSL VPN Tab on page 33
•
Route Policies Tab on page 34
•
Monitor Tab on page 34
WAN Acceleration > Summary
The Summary page is divided into three panels. The WAN Acceleration panel, a WXA Status panel, and a third
panel providing access to VPN Policies, SSL VPN, Route Policies, and Monitor.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
30
WAN Acceleration Panel
The Summary page displays the WAN Acceleration panel that shows the WAN Acceleration status, License
Information, and Activity displayed in the form of a graph showing the activity of the active connections.
Selecting the icon to the left of WAN Acceleration (below Summary) will expand or collapse the panel.
WXA Status Panel
The WXA Status panel is divided into two sections. The first section consists of a Probe WXA button and a
Control button accessed to maintain, monitor and control the WXA in addition to an Edit button and a Refresh
button. The second section consists of four tabs: VPN Policies, SSL VPN, Route Policies and Monitor.
Probe Button
Selecting the Probe WXA button probes for the status and presence of the WXA and also pushes the latest
settings to the WXA.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
31
Control Button
Clicking the Control button brings up the WXA Control window containing six buttons: Firmware, Renew DHCP,
Create Static Lease, Diagnostics Report, Power Off or Reboot. This window is accessed to maintain, monitor
and control the WXA.
Firmware Button
Clicking the Firmware button takes you to the Firmware Management page where you can upgrade the
firmware on the WXA. For information about managing the firmware, refer to Managing Firmware on page 122.
Renew Button
Clicking the Renew DHCP button refreshes the DHCP connection and also displays a message alert where you
can select either Yes to continue the renewal or No to abort the process.
Create Static Lease Button
Clicking the Create Static Lease button creates a static lease for the WXA series appliance.
Diagnostics Report Button
Clicking the Diagnostics Report button downloads a diagnostics report file, which can then be sent to Technical
Support and reviewed for diagnostic help.
Power Off and Reboot Button
Clicking Power Off turns off the WXA and clicking Reboot, restarts the WXA appliance.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
32
Edit Button
The Edit button in the WXA toolbar brings up the Configure Acceleration dialog where you can configure TCP
Acceleration, WFS (Unsigned SMB) and Web Cache.
Refresh Button
The Refresh button refreshes the status of the WXA shown in the table.
Save Button
The Save buttons allow you to save the time setting on the WXA and the NTP server.
VPN Policies Tab
The VPN Policies tab has a list of all the VPN policies. The WXA accelerates traffic on a VPN. The Edit button
allows you to 'Permit Acceleration' on the particular VPN.
The Edit button brings up the Edit VPN popup where you go to Permit Acceleration.
SSL VPN Tab
The SSL VPN tab allows you to enable/disable acceleration of SSL VPN traffic from WXAC Clients. It shows the
total number of WXAC Clients whose connections are being accelerated by the WXA.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
33
Route Policies Tab
The Route Policies tab displays the configured Route Policies.
Monitor Tab
The Monitor tab shows the total number of connections passing through the WXA and displays it as a graph.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
34
6
Configuring the WXA Series Appliances
Topics:
•
Configuring Network Interfaces on page 35
•
Configuring the Network Interface on the WAN Acceleration > Summary Page on page 36
•
Configuring the WXA Network Interface on the Network > Interfaces Page on page 37
•
Configuring DNS on page 40
Configuring Network Interfaces
The initial configuration of the WXA series appliance should be performed using the WXA Setup Wizard, which is
available by clicking the Wizards button in the top-right corner of the UI page on Dell SonicWALL network
security appliances. For more information on the WXA Setup Wizard, refer to the SonicOS Administration Guide.
The initial setup includes configuring the network interface for the WXA appliance, enabling the WAN
Acceleration service, and creating a static DHCP lease for the WXA appliance.
After completing the initial configuration steps in this chapter, refer to Configuring TCP Acceleration on
page 48 and Configuring WFS Acceleration on page 68 to configure the TCP and WFS Acceleration services.
The preferred way to configure the firewall to connect to the WXA is by using the WXA Setup Wizard. However,
you can also configure the firewall to connect to WXAs by configuring the interface on the WAN Acceleration >
Summary page or on the Network > Interfaces page. The following example configurations show you how to do
this. The Network > Interfaces page configuration also includes setting up DHCP.
NOTE: The configuration examples in this document use the X2 interface, but you can use any spare
interface on the Dell SonicWALL network security appliance.
Configuring the network interfaces on your Dell SonicWALL network security appliance so that it can be used
with a WXA appliance is described in the following sections:
•
Configuring the Network Interface on the WAN Acceleration > Summary Page on page 36
•
Configuring the WXA Network Interface on the Network > Interfaces Page on page 37
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
35
Configuring the Network Interface on the WAN
Acceleration > Summary Page
To configure your Dell SonicWALL network security appliance to be used with a WXA appliance
on the WAN Acceleration > Summary page:
1
Navigate to the WAN Acceleration > Summary page.
2
Select the Enable WAN Acceleration check box.
3
If you need to make changes to the WXA, click the edit button. The Interface for the WXA popup
appears.
4
Select the Interface and Zone from the drop-down lists (the IP Address Netmask fields auto-populate).
You can also select the check box to Keep the existing interface configuration or deselect it to add a
new configuration.
5
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
36
Configuring the WXA Network Interface on the
Network > Interfaces Page
Using the Network > Interfaces page to configure the interface for the WXA is an alternative method to using
the WXA Wizard or the WAN Acceleration > Summary page, which are the preferred methods. However, using
the Network > Interfaces page also provides the steps to configure DHCP.
To configure your Dell SonicWALL network security appliance to be used with the WXA
appliance on the Network > Interfaces page:
1
Navigate to the Network > Interfaces page.
2
Click the Edit button in the row for the interface you want to connect the WXA appliance to.
The Interface Settings > General tab is displayed.
3
Configure the interface settings as follows:
•
From the Zone menu, select LAN.
•
From the Mode/IP Assignment menu, select Static IP Mode.
•
In the IP Address box, enter the IP Address for the port.
•
In the Subnet Mask text field, enter the subnet mask for the port. This should be a subnet not
already used on the network, and private to the WXA series appliance.
•
(Optional) Default Gateway.
•
(Optional) In the Comment text field, enter text that describes the device.
For example, WXA connection.
•
(Optional) For the Management check boxes, select the management methods you want.
•
(Optional) For the User Login check boxes, select the management methods you want.
•
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
37
4
Navigate to the Network > DHCP Server page.
5
Under DCHP Server Lease Scopes, click Add Dynamic.
The Dynamic Range Configuration dialog appears.
NOTE: DNS configuration cannot be done in the WXA Setup Wizard or on the WAN Acceleration >
Summary page. DNS configuration can only be done on the Network page. See Configuring DNS on
page 40.
6
Select the Enable this DHCP Scope check box.
7
Select the Interface Pre-Populate check box.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
38
8
From the Interface Pre-Populate menu, select port X2.
The information will be auto populated.
9
Click the OK button.
10 Connect an Ethernet cable from the WXA appliance to the X2 port on the Dell SonicWALL network
security appliance.
11 Navigate to the Network > DHCP Server page.
12 Under Current DHCPv4 Leases, verify that your firewall has a DCHP lease for the WXA appliance.
13 Under DHCP Server Lease Scopes, verify that the lease was created with a dynamic range for X2
(the WXA appliance).
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
39
Configuring DNS
Configuring DNS is required only if you plan to use WFS Acceleration for Signed SMB.
The following example assumes that the correct DNS server has already been entered on the Network > DNS
page, but you can overwrite the DNS server that is specified on that page.
To configure DNS:
1
Navigate to the Network > DHCP Server page.
2
Under DHCP Server Lease Scopes, click the Edit button for the lease you want to change.
The Dynamic Range Configuration dialog appears.
3
Select the DNS/WINS tab.
4
Select Specify Manually.
5
In the DNS Server fields, enter the DNS IP Addresses that you want.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
40
6
In the Domain Name text field, enter the Domain Name.
(This speeds up auto-detection of the DNS server in cases where Reverse DNS is not configured.)
7
Click OK.
NOTE: The correct DNS server is a domain controller. When Signed WFS is used, only DNS servers that
belong to the active directory domain should be specified. It is never appropriate to use public name
servers when signed WFS is used. However, the domain DNS server may forward requests to public name
servers.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
41
7
Viewing the TCP Acceleration Page
Topics:
•
WAN Acceleration > TCP Acceleration on page 42
•
Configuration Tab on page 43
•
Statistics Tab on page 44
•
Statistics Breakdown Tab on page 45
•
Connections Tab on page 46
WAN Acceleration > TCP Acceleration
The WAN Acceleration > TCP Acceleration page provides options to configure and monitor the TCP Acceleration
service. This chapter details the management interface functions of the Configuration, Statistics, Statistics
Breakdown and Connections tabs.
Name
Description
Configuration tab
Enables the TCP Acceleration service and selects the mode, service object, and
exclude objects. The WAN Acceleration feature must be enabled before you can
enable or configure the TCP Acceleration service. Enable WAN Acceleration in
the WAN Acceleration > Status page. See Configuration Tab on page 43 for
details.
Statistics tab
Displays statistics on bandwidth savings due to TCP Acceleration. See Statistics
Tab on page 44 for details.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
42
Name
Description
Statistics Breakdown
tab
Graphs TCP Acceleration data by port, IP address and data reduction. See
Statistics Breakdown Tab on page 45 for details.
Connections tab
Displays a detailed list of the TCP Acceleration connection results, such as start
and end time stamps, source IP address and port, and destination IP address
and port. Use these results to monitor the performance of your TCP
Acceleration service. See Connections Tab on page 46 for details.
Configuration Tab
The Configuration tab is accessed to configure acceleration of TCP traffic.
The options for editing the WXA are described in the table below.
Name
Description
Accept button
Saves the changes to the configuration.
Enable TCP Acceleration check box
Enables or disables the TCP Acceleration service. This is selected
by default.
TCP Acceleration Mode drop-down
menu
Selects how the service object is used by the group. Either as services to be accelerated or as services to be excluded from acceleration.
Service Object drop-down menu
Selects the TCP Acceleration service objects for the group. To add
new service objects to the drop-down list, navigate to Network >
Address Objects and create new service objects.
The option for choosing a TCP Acceleration service object is
greyed out if the TCP Acceleration mode does not support it.
Address object always excluded
drop-down menu
Selects address objects to always exclude from the TCP Acceleration service. To add an address object to the drop-down list, navigate to Network > Address Objects and create new address
objects.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
43
Statistics Tab
Name
Description
Covering Period
drop-down menu
Selects the period of time the data displays on the Statistics tab.
Refresh button
Refreshes the current page.
Data and Graphs
Displays read-only data for the following:
Total Data Reduction percentage
WAN Capacity Increase Factor
New Connections
Closed Connections
Peak Connections
Egress/Ingress data illustrated with bar graphs and time series
(corresponding to the site you are viewing from)
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
44
Statistics Breakdown Tab
Name
Description
Display drop-down menu
From the Display menu, you select the destination ports and source addresses to
plot in the graph. Then, you select other criteria from the other menus, such as
the top 5 destination ports as determined by the most data sent. The Display
menu options are:
• Dest. Port - Displays the volume of data (or “Detemined By” value) compared
to the destination port numbers of the accelerated connections.
• Dest. Address - Displays the volume of data compared to the destination IP
address of the accelerated TCP connections.
• Src. Address - Displays the volume of data compared to the source IP address
of the accelerated TCP connections.
• Address on WAN - Displays the volume of data compared to the destination
address on the WAN of the accelerated TCP connections.
• Address on LAN - Displays the volume of data compared to the destination
address on the LAN of the accelerated TCP connections. Connections can be
initiated by a machine on the LAN or WAN.
Show Top drop-down
menu
Selects how many ports or IP addresses to display in the graph.
Determined By drop-down Selects the criteria that displays in the graph.
menu
Brings up the Advanced Options pop-up.
Edit button
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
45
Name
Description
Plot Graph
Displays a graphical representation of the selected criteria in a graph.
Quick Report pop-up
Allows selection of options to be used in the generation of a report that can be
viewed on the screen and sent to a printer.
Connections Tab
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
46
Name
Description
Max Entries per WXA
Selects the number of entries to display in the Connections table.
Include NonIntercepted
Enables or disables the inclusion of non-intercepted traffic to display in the
Connections table. The definition of “Non-intercepted” is traffic that is diverted
from the firewall to the WXA appliance, but is not accelerated.
Refresh button
Updates the displayed data whenever you change the criteria.
Bypassed button
Opens a window that displays a list of the connections that are not accelerated,
either because their dates would not compress or the remote node WXA would
not respond.
Column/Field Headings
Name
Description
Start Time
Indicates the starting time of a connection.
End Time
Indicates the ending time of a connection.
Initiator
Displays which end of the network initiated the connection. LAN for connections
started locally, and WAN for connections started from a remote site.
Remote Node
Displays the WXA series appliance at the far end of the connection.
Src IP
Displays the IP address where the connection started.
Src Port
Displays the port number that the connection request was sent from.
Dest IP
Displays the destination IP address.
Dest Port
Displays the destination port number.
Egress
Displays a bar graph that represents outgoing traffic on the network. The blue
colored bar is sent traffic and the grey bar is conveyed traffic.
Ingress
Displays a bar graph that represents incoming traffic on the network. The blue
colored bar is sent traffic and the grey bar is conveyed traffic
Filter by
Filter the results by entering text into the appropriate input box. A combination
of fields can be filtered.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
47
8
Configuring TCP Acceleration
Topics:
•
WAN Acceleration > TCP Acceleration on page 48
•
Configuring TCP Acceleration on page 48
•
Verifying the TCP Acceleration Configuration on page 53
WAN Acceleration > TCP Acceleration
The initial configuration of TCP Acceleration should be done using the WXA Setup Wizard. Using the Wizard, you
can enable TCP Acceleration on groups and assign those groups to selected VPNs. The TCP Acceleration service
can be used in three different deployment scenarios including: VPN, routed mode, and Layer 2 bridge mode.
This chapter explains how to configure these deployment scenarios.
Configuring TCP Acceleration
Configuration of TCP Acceleration is done primarily on the WAN Acceleration > Summary page or on the WAN
Acceleration > TCP Acceleration page.
The Configuration tab on the WAN Acceleration > TCP Acceleration page gives you the option to change the
configuration of the WXA for TCP Acceleration.
NOTE: You are actually configuring which traffic going through the firewall gets sent to the WXA in order
to be accelerated.
From the drop-down fields, you can select the TCP acceleration modes, service objects, and address objects to
include or exclude from the TCP Acceleration service.
NOTE: To view, create, or edit service objects, go to the Network > Address Objects page.
The following examples describe how to configure TCP Acceleration with various options:
•
Configuring TCP Acceleration on the WAN Acceleration > Summary Page on page 49
•
Configuring TCP Acceleration on the WAN Acceleration > TCP Acceleration Page on page 50
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
48
Configuring TCP Acceleration on the WAN Acceleration >
Summary Page
To configure TCP Acceleration on the WAN Acceleration > Summary page:
1
Navigate to the WAN Acceleration > Summary page.
2
At the WAN Acceleration panel, select the Enable WAN Acceleration check box.
3
Click the Edit button in the WXA Status panel and the Configure Acceleration popup appears.
4
Verify the fields and then click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
49
Configuring TCP Acceleration on the WAN Acceleration >
TCP Acceleration Page
This section gives three examples with different options:
•
EXAMPLE: Configuring TCP Acceleration with all TCP Services on page 50
•
EXAMPLE: Configuring TCP Acceleration for HTTP Web Traffic Only on page 51
•
EXAMPLE: Excluding Microsoft SQL database traffic or traffic to the Guest Authentication Servers on
page 52
EXAMPLE: Configuring TCP Acceleration with all TCP Services
To configure TCP Acceleration on the WAN Acceleration > TCP Acceleration page with all TCP
services:
1
Navigate to WAN Acceleration > TCP Acceleration.
2
Select the Configuration tab.
3
Select the Enable TCP Acceleration check box.
4
From the TCP Acceleration Mode drop-down menu, select All TCP services except those excluded by
default.
NOTE: By default, WXA does not accelerate some TCP features. If you hover the mouse over this
option, you can see the TCP servers not accelerated by default.
NOTE: By default, the following ports are excluded from TCP Acceleration:
7, 22, 23, 37, 44, 49, 88, 107, 135, 136, 137, 138, 139, 179, 261, 443, 445, 448, 465, 513,
563, 585, 614, 636, 684, 695, 989, 990, 992, 993, 994, 995, 1494, 1701, 1718, 1719, 1720,
1723, 2000, 2001, 2002, 2003, 2252, 2427, 2478, 2479, 2482, 2484, 2492, 2598, 2679, 2727,
2762, 2998, 3077, 3078, 3183, 3191, 3220, 3269, 3389, 3410, 3424, 3471, 3496, 3509, 3529,
3539, 3660, 3661, 3713, 3747, 3864, 3885, 3896, 3897, 3995, 4031, 5007, 5060, 5061, 5631,
5900, 5901, 5902, 5903, 6000, 7674, 8443, 9802, 11751, 12109.
NOTE: The option to choose a TCP Acceleration Service Object is read-only in this mode.
Other TCP Acceleration Mode options include: All TCP services except those specified in the Service
Object (this option allows you to stop acceleration for services that you do not want to accelerate), All
TCP services except those specified in the Service Object and those excluded by default (this option
allows you to accelerate all the TCP services except the defaults and the ones you have chosen in the
service object), and Only TCP services specified in the Service Object (this option allows you to allow
only one service that you would like to accelerate).
5
From the Address Object always excluded from TCP Acceleration menu, select None.
6
Click Accept.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
50
EXAMPLE: Configuring TCP Acceleration for HTTP Web Traffic Only
To configure TCP Acceleration on the WAN Acceleration > TCP Acceleration page for HTTP web
traffic only:
1
Navigate to WAN Acceleration > TCP Acceleration.
2
Select the Configuration tab.
3
Select the Enable TCP Acceleration check box.
4
From the TCP Acceleration Mode menu, select Only TCP Services Specified in the Service Object.
NOTE: This option allows you to accelerate only one service.
Other TCP Acceleration Mode options include: All TCP services except those excluded by default (By
default, WXA does not accelerate some TCP features. If you hover the mouse over this option, you can
see the TCP servers not accelerated by default), All TCP services except those specified in the Service
Object (this option allows you to stop acceleration for services that you do not want to accelerate), All
TCP services except those specified in the Service Object and those excluded by default (this option
allows you to accelerate all the TCP services except the defaults and the ones you have chosen in the
service object
5
From the Service Object menu, the select HTTP.
6
From the Address Object always excluded from TCP Acceleration menu, select None.
7
Click Accept.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
51
EXAMPLE: Excluding Microsoft SQL database traffic or traffic to the Guest
Authentication Servers
To configure TCP Acceleration on the WAN Acceleration > TCP Acceleration page for everything
except Microsoft SQL database traffic or traffic to the Guest Authentication Servers:
1
Navigate to WAN Acceleration > TCP Acceleration.
2
Select the Configuration tab.
3
Select the Enable TCP Acceleration check box.
4
From the TCP Acceleration Mode menu, select All TCP services except those specified in the Service
Object and those excluded by default.
NOTE: This option allows you to accelerate all the TCP services except the defaults and the ones
you have chosen in Service Object.
Other TCP Acceleration Mode options include: All TCP services except those excluded by default (By
default, WXA does not accelerate some TCP features. If you hover the mouse over this option, you can
see the TCP servers not accelerated by default), All TCP services except those specified in the Service
Object (this option allows you to stop acceleration for services that you do not want to accelerate), and
Only TCP services specified in the Service Object. This option allows you to accelerate only one
service.
5
From the Service Object menu, select Microsoft Structured Query Language (MS SQL).
6
From the Address Object always excluded from TCP Acceleration menu, select Guest Authentication
Servers.
7
Click Accept.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
52
Verifying the TCP Acceleration Configuration
After you complete the TCP Acceleration configuration procedures, verify TCP Acceleration is working by
checking the TCP Acceleration > Statistics tab.
1
Navigate to the TCP Acceleration > Statistics tab.
2
Select the arrow tip along side Summary, Time Series or Connections to view the statistics data and
graphs to verify TCP Acceleration.
This indicates if the WXA appliance is using TCP Acceleration for data transfer.
If the Statistics tab data and graphs do not display any information, TCP traffic is not being accelerated.
The TCP Acceleration feature is not configured correctly or is disabled.
Refer to the Configuring TCP Acceleration on page 48 and check the TCP Acceleration configuration.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
53
9
Viewing the WFS Acceleration Page
Topics:
•
WAN Acceleration > WFS Acceleration on page 54
•
WFS Acceleration Page for Unsigned SMB on page 60
•
WFS Acceleration Page Using Signed SMB on page 60
This chapter describes the management interface features and options that are available on the WAN
Acceleration > WFS Acceleration page and is divided into two sections, Unsigned SMB (Server Message Block) and
Signed SMB. Some of the tabs and options on this page might be hidden depending on which type of SMB signing
and configuration mode is selected.
WAN Acceleration > WFS Acceleration
There are different ways to configure WFS Acceleration, depending on the user requirements and type of
network environment used. If the Client PC is already joined to a domain, it is recommended to use Signed SMB.
If you are not sure of the Client PC’s domain joining status, it is recommended to start with the Unsigned SMB.
Unsigned SMB
In a network that supports Unsigned SMB traffic, configuring WFS Acceleration is greatly simplified, because
Unsigned SMB traffic has no security layer. Thus, the WXA can intercept and modify traffic, eliminating the need
to join a domain, configure custom zones, configure reverse lookup, or add file shares. Unsigned SMB is enabled
by default (see WFS Acceleration Page for Unsigned SMB on page 60).
Signed SMB
In a network that requires SMB signing, the WXA must join a domain and be accessed as a server, due to the
security layer in Signed SMB traffic. Although this type of configuration is more complex than Unsigned SMB, it
offers a more granular configuration of the WFS Acceleration service.
Supporting SMB signing provides the option to configure WFS Acceleration in a Basic or Advanced configuration
mode (seeWFS Acceleration Page Using Signed SMB on page 60).
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
54
NOTE: To activate the Accept button, you must be in Configuration mode.
The WFS Acceleration page has five tabs:
Name
Description
Configuration tab
Allows you to enable/disable WFS for Unsigned SMB.
Statistics tab
Allows you to view statistical data from the WXA for WFS Acceleration.
Connections tab
Displays each connection. Unsigned SMB only.
Signed SMB setup
Not used for Unsigned SMB.
Signed SMB tools
Not used for Unsigned SMB.
Configuration Tab
The Configuration tab provides the option to Enable WFS Acceleration for Unsigned SMB traffic.
Name
Description
Enable WFS Acceleration
(Unsigned SMB) check box
Select this check box to enable WFS Acceleration.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
55
Statistics Tab
The Statistics tab displays performance statistics for the WFS Acceleration service.
Name
Description
Covering Period drop-down
menu
Click the Covering Period drop-down list and select the period of time the
data displays on the Statistics tab.
Show drop-down menus
From the drop-down menu, select the traffic whose stats you want to show:
Unsigned SMB, Signed SMB or All WFS.
Refresh button
Refreshes the statistics on the page. You must click the Refresh button to
update the chart and table whenever any changes are made.
Bypassed button
Displays a pop-up window with a list of connections that have either been
excluded from the acceleration process or failed (either the server is not
reachable or traffic to a particular server doesn't compress well). This
button is greyed out if these condition are not present or in Non-Config
Mode.
Overview table
Displays statistics for the following items:
Total Data Reduction percentage
WAN Capacity Increase Factor
Signed SMB Only
Cache Size
Cache Free Space
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
56
Summary Panel
Displays two bar graphs that represent Sent or outgoing traffic and Conveyed or incoming traffic on the
network over an actual period of time. The blue colored bar (Egress) is outgoing or sent data and the grey bar
(Ingress) is incoming data. Sent refers to the actual amount of data that is physically sent across the
connection. Conveyed refers to all of the data or information that is sent across the connection.
Time Series Panel
Displays two bar graphs that represents incoming and outgoing traffic on the network over a period of time. The
blue colored bar is sent (Egress) traffic and the grey bar is incoming (Ingress) traffic.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
57
Connections Tab
Name
Description
Max Entries drop-down list
Selects the maximum number of entries (100 5000) to retrieve from the WXA.
Include Non-Intercepted
check box
Enables or disables the inclusion of non-intercepted traffic to display in the
Connections table. The definition of “Non-intercepted” is traffic that is
diverted from the NSA/TZ series appliance to the WXA series appliance, but is
not accelerated.
Refresh button
Refreshes the list of connections.
Start Time
Indicates the starting time of a connection.
End Time
Indicates the ending time of a connection.
Initiated
Displays which end of the network initiated the connection. LAN for
connections started locally, and WAN for connections started from a remote
site.
Remote Node
Filters the table of connections based on the remote node (the WXA series
appliance at the far end of the connection).
Src IP
Displays the IP address where the connection started.
Src Port
Displays the port number that the connection request was sent from.
Dest IP
Displays the destination IP address.
Dest Port
Displays the destination port number.
Egress
Displays a bar graph that represents outgoing traffic on the network. The blue
colored bar is data actually sent and the grey bar is conveyed data.
Ingress
Displays a bar graph that represents incoming traffic on the network. The blue
colored bar is data actually sent and the grey bar is conveyed data.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
58
Name
Description
Metacache drop-down list
Displays whether the Metacache is On or OFF for each connection. Metacache is used for dictionary caching and substitution. If dictionary caching and substitution was used for the connection, this column displays On. Most connections will display On. The only connections that report Metacache as Off are those in which the SMB traffic is signed. If WFS for Signed SMB is disabled, or if the traffic is too far from a server that is not included in the configuration, the traffic will still pass through the WXA and be accelerated by Unsigned WFS. These connections are made without the use of the Metacache, and will display Off in this column, which indicates that this connection uses Signed SMB.
Filter by
Filter the results by entering text in to the appropriate input box. A
combination of fields can be filtered.
Signed SMB Setup Tab
The Signed SMB Setup tab is used only when Support SMB Signing is enabled. The Signed SMB Setup tab is not
used if only Unsigned SMB is enabled under the Configuration tab.
Signed SMB Tools
The Signed SMB Setup Tools tab is used only when diagnosing the Support SMB Signing configuration.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
59
WFS Acceleration Page for Unsigned SMB
The WAN Acceleration > WFS Acceleration page provides the options to configure and monitor the WFS
Acceleration service.
The WAN Acceleration > WFS Acceleration page should be used to configure the acceleration of Unsigned SMB
traffic by enabling or disabling the WFS Acceleration service.
NOTE: Signed SMB is accomplished using a single WXA for each firewall and is configured under the Signed
SMB Setup tab.
WFS Acceleration Page Using Signed SMB
The WFS Acceleration Page Using Signed SMB is where you configure acceleration of Signed SMB traffic.
To accelerate WFS operations with Signed SMB traffic, the WXA appliance must belong to a Windows domain,
and the Administrator must configure the WXA appliance so that users can access the shared files.
On the Central Site WXA, the Administrator configures the names of the local file servers that are available. On
the Branch Site WXAs, the Administrator also configures the names of the file servers that are listed on the
Central Site WXA, and then maps them to the Central Site WXA, so that remote users can access them. The
names of the file servers on the Branch Site WXAs must be mapped to the names of the file servers on the
Central Site WXA.
The Signed SMB Setup Wizard is accessible from the WXA Setup Wizard. The Signed SMB Setup Wizard walks the
Administrator through the steps of joining a WXA to a domain and configuring the servers at the Central Site and
the Branch Site.
Signed SMB Setup Tab
The Signed SMB Setup tab provides the options to join the WXA appliance to a domain, add file servers to the
WXA configuration, and create the necessary records on the domain.
The WXA series appliance should automatically discover the domain details if either of these conditions is
present:
•
The DNS server can reverse resolve its own address into a hostname within the domain.
•
The domain is specified using DHCP, and the DNS server resolves the domain to the address of a Domain
Controller.
NOTE: Specifying the domain using DHCP is not directly considered auto-detecting and it is not a
requirement for the DNS server to be a Domain Controller, although it is most common. However, it
is required for the DNS server to be a domain DNS server, as problems can occur if any non-domain
DNS server is used. Also, some types of independent DNS caches and servers might cause issues.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
60
TIP: The WFS Setup Wizard is available for deployments running SonicOS 6.2 and higher. You must run the
WXA Setup Wizard first. The WFS Setup Wizard is accessible only at the end of the WXA Setup Wizard. This
is the preferred way to configure Signed SMB. You can access the wizard by clicking the Wizards link in the
top-right corner of the firewall. For more information, refer to the “Wizards” section of the appropriate
SonicOS Administration Guide.
When the Advanced Mode option is not selected, the WFS Acceleration > Signed SMB Setup page displays the
basic configuration options.
When the Advanced Mode option is selected as shown, the WFS Acceleration > Signed SMB Setup page displays
three additional configuration buttons: Advanced Options, Restart, and Flush Cache. There are more options
when configuring servers and shares. You can also override the selection of the Domain Controller. Under
Domain Details, a designation for Domain Controller appears.
NOTE: If the WXA series appliance has not joined a domain, the Signed SMB Setup tab displays a Join
Domain button and a message that the WXA appliance has not yet joined the domain.
NOTE: The WFS Cache statistics displayed in this page only represent Signed SMB traffic. If you are using
only Unsigned SMB, the WFS Cache statistics do not apply. If you are using both, only Signed SMB statistics
will be shown.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
61
Name
Description
Accelerate Signed SMB check box Select this option to use WAN Acceleration for Signed SMB.
Signing Test button
The Signing Test button enables you to perform a signing test on one or
more file servers to see which servers are required to sign their SMB
packets.
Enter the fully qualified name or the IP address of the server to test
whether it is required to sign its SMB packets. Alternatively, select one or
more servers from the list if that option is available.
Test Config button
Tests the configuration of WFS for Signed SMB.
Update Domain Records button
Updates missing SPN aliases to the Domain Controller, remote servers in the
Specific Trusted Host List on the computer account, and missing DNS
records. It also removes unwanted or outdated records.
The management interface prompts you to Update Domain Records whenever you make any configuration changes, such as adding file servers or
shares. You can cancel this prompt and Update Domain Records after all
configuration changes have been made.
Config button
Opens a dialog where you can select the Store and Forward option and
enter the extensions for file types to be included in Store and Forward.
View button
Displays the ongoing Store and Forward operations.
Advanced Mode check box
When this option is selected, additional options are displayed on the UI
page and more options are available for configuring file servers, including
the option to specify individual shares instead of all shares.
Domain Details panel
Displays the Domain that the WXA has joined, the WXA Hostname, and the
WFS Acceleration Address.
Edit icon
Opens dialog to select the WFS Acceleration Address.
Advanced Options button
Opens a dialog to configure the WFS Acceleration service in more detail
with Client Signing, Server Signing, and Max Transmit packet size for Common Internet File System (CIFS) packets.
Restart button
Restarts the WFS Acceleration service for Signed SMB.
Flush Cache button
Clears the WFS Signed SMB data that is currently in the cache.
Local Servers tab
Displays a list of the local servers that are available for file sharing and a
button to add additional local servers. Local servers are servers that are on
the same site as the WXA appliance.
Remote Servers tab
Displays a list of the remote servers that are available for file sharing and a
button to add additional remote servers. Remote servers are servers that
are not on the same site as the WXA appliance.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
62
Advanced Mode
Advanced Mode is an option on the Signed SMB Setup page. In Advanced Mode, additional options are
displayed. The advanced dialogs allow the user to move away from the naming convention, specify individual
shares and configure different caching settings.
In Advanced Mode, the Administrator can configure advanced options, restart the WFS appliance, flush the
cache, and select a different domain controller.
Advanced Mode After Joining Domain
Naming Convention
The Naming Convention is intended to facilitate configuration of a file server on the WXA by eliminating
multiple steps by the each Administrator (Head and Branch).
•
The head office WXA Administrator selects the file servers to add to the configuration.
•
The branch office Administrator also selects those file servers (at the head office), however, they are
given a name that will be referred to locally by the branch office workers.
•
The branch office Administrator no longer needs to do the mapping of names on their WXA to the names
on the "next hop WXA" at the head office.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
63
Signed SMB Tools Tab
The Tools tab provides diagnostic tools for the WFS Acceleration service.
The Diagnostic Tools drop-down menu provides the following panels:
•
DNS Name Lookup — Performs a search on a specific Name or IP address.
NOTE: It is important that the DNS servers, configured for the firewall and inherited by the WXA,
are able to resolve addresses on the domain.
•
Available Shares — Displays information about available shares on a specific host.
•
List Kerberos Servers — Displays a list of Kerberos servers that are available to use.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
64
DNS Name Lookup
The DNS Name Lookup panel displays the following information:
Name
Description
Primary DNS: (read-only)
Displays the primary DNS which was configured on Dell SonicWALL network security appliance using the Network > DNS page or Network >
DHCP Server > Edit > DNS/WINS tab.
Secondary DNS: (read-only)
Displays the secondary DNS which was configured on Dell SonicWALL
network security appliance using the Network > DNS page or Network
> DHCP Server > Edit > DNS/WINS tab.
Lookup Name or IP text field
Allows you to search for available DNS names or IP addresses. Click Go
to initiate the search. A response will be received from the DNS server.
It is used to verify whether the WXA series appliance can reach the DNS
server.
Note: Lookup of IP addresses only works if the DNS server has reverse
look-up zones configured.
NOTE: The DNS servers in the DNS Name Lookup should all be domain DNS servers. Non-domain DNS
servers will cause problems authenticating and connecting to shares.
The DNS Name Lookup tool is specifically aimed at determining whether computer names can be resolved on
the domain. If they are resolved, the WFS configuration can proceed and acceleration should be successful.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
65
Available Shares
The Available Shares panel provides the following configuration options:
NOTE: If the WXA appliance has already joined the domain, you can select the Use Machine Account
Credentials option. Then you do not need to enter a username or password.
Name
Description
Host: text tield
The name of the server to query for the share list.
Username: text Ffield
The username for the user’s account.
Password: text field
The password for the user’s account.
Go button
Initiates the search. This displays a list of shares available on the
server that the system Administrator specified. It is used to verify the
connection between the WXA series appliance and the server and that
a list of shares can successfully be obtain from that server.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
66
List Kerberos Servers Panel
The List Kerberos Servers panel provides the following configuration options:
Name
Description
Basic List
Displays a list of available Kerberos servers.
Including Accessibility Test Displays a list of available Kerberos servers that are tested for accessibility.
Domain: text field
Displays the domain for the Kerberos server if discovered. The Administrator
can also enter a name here.
Go button
Initiates the search and displays a list of the Kerberos servers.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
67
10
Configuring WFS Acceleration
Topics:
•
WAN Acceleration > WFS Acceleration on page 68
•
Configuring WFS Acceleration for Unsigned SMB Traffic on page 69
•
Configuring WFS Acceleration for Signed SMB Traffic on page 71
•
Adding File Servers on page 86
•
Verifying the WFS Acceleration Configuration on page 99
WAN Acceleration > WFS Acceleration
This chapter provides details on configuring the WFS Acceleration service. There are different ways to configure
WFS Acceleration, depending on the user requirements and type of network environment used. If the Client PC
is already joined to a domain, it is recommended to use Signed SMB. If you are not sure of the Client PC’s
domain joining status, it is recommended to use Unsigned SMB to begin with.
Configuration of WFS Acceleration is done through groups, primarily on the WAN Acceleration > Summary page
or on the WAN Acceleration > WFS Acceleration page. See Enabling WXA for a VPN and Route Policies on
page 112 for instructions to Permit Acceleration on a VPN or Route Policy.
Unsigned SMB
In a network that supports Unsigned SMB traffic, the WFS Acceleration service configuration is greatly
simplified. The reason for this is Unsigned SMB traffic does not have a security layer, so the WXA appliance can
intercept the traffic without joining the domain, eliminating the need to configure custom zones, configuring
reverse lookup, and add file shares. Unsigned SMB is enabled by default.
Signed SMB
In a network that requires SMB signing, it is required that the WXA appliance join the domain, due to the
presence of a security layer in Signed SMB traffic. Although this type of configuration is more complex than
Unsigned SMB, it offers a more granular configuration of the WFS Acceleration service. The WAN Acceleration >
WFS Acceleration page displays a warning when Signed SMB traffic is detected on the network. If this warning is
present, please enable the Support SMB Signing check box, join the WXA appliance to the domain, and access
the signed shares through the WXA appliance’s shares.
Supporting SMB signing provides the option to configure WFS Acceleration in a Basic or Advanced configuration
mode. The Basic configuration mode (recommended) is a simplified WFS Acceleration configuration that
concentrates on selecting the Windows File Servers that are hosting shares, and distinguishing remote and local
file server configurations in the management interface. The Signed SMB Setup tab is displayed, providing
options to easily add file servers and domain records. The Advanced configuration mode offers manual
configuration of the domain details, file servers, and file shares on the Domain Details and Shares tabs.
CAUTION: Advanced configuration mode should only be used if you need to specifically define server
or share names.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
68
Configuring WFS Acceleration for Unsigned SMB
Traffic
WFS Acceleration for Unsigned SMB Traffic can be configured using any of the following methods:
•
Configuring WFS Acceleration for Unsigned SMB Traffic on the WAN Acceleration > Summary Page on
page 69
•
Configuring WFS Acceleration for Unsigned SMB Traffic on the WAN Acceleration > WFS Acceleration
Page on page 70
Configuring WFS Acceleration for Unsigned SMB Traffic on
the WAN Acceleration > Summary Page
To configure WFS Acceleration for Unsigned SMB traffic on the WAN Acceleration > Summary
page:
1
Navigate to the WAN Acceleration > Summary page.
2
Under WXA Status, click the Edit button. The Configure Acceleration popup appears.
3
Select the Enable WFS Acceleration (Unsigned SMB) check box.
4
Click OK or No to cancel.
Refer to Enabling WXA for a VPN and Route Policies on page 112 for instructions to Permit Acceleration
on a VPN or Route Policy.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
69
Configuring WFS Acceleration for Unsigned SMB Traffic on
the WAN Acceleration > WFS Acceleration Page
To configure WFS Acceleration for Unsigned SMB traffic on the WAN Acceleration > WFS
Acceleration page:
1
Navigate to the WAN Acceleration > WFS Acceleration page.
2
Select the Configuration tab.
3
Select the Enable WFS Acceleration (Unsigned SMB) check box.
4
Click Accept.
Refer to Enabling WXA for a VPN and Route Policies on page 112 for instructions to Permit Acceleration
on a VPN or Route Policy.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
70
Configuring WFS Acceleration for Signed SMB Traffic
The preferred way to configure WFS Acceleration for Signed SMB is to use the WFS for Signed SMB wizard.
The descriptions and configuration steps for the options and buttons under the Signed SMB Setup tab provided in
the following sections:
•
Configuring WFS Acceleration for Signed SMB on page 72
•
Accelerate Signed SMB on page 76
•
Signing Test on page 76
•
Test Config on page 77
•
Update Domain Records on page 78
•
Configure Store and Forward on page 79
•
View on page 80
•
Advanced Options (Advanced Mode Only) on page 80
•
Restart (Advanced Mode Only) on page 81
•
Flush Cache (Advanced Mode Only) on page 81
•
Domain Details on page 82
•
Local Servers Tab on page 84
•
Remote Servers Tab on page 85
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
71
Configuring WFS Acceleration for Signed SMB
To configure the WFS Acceleration service for Signed SMB:
1
Configure a network interface on the Dell SonicWALL network security appliance for the port you want to
connect the WXA appliance to. The WXA appliance must be connected to a Dell SonicWALL network
security appliance on a port other than X0 and X1. See Topics: on page 35 for details.
2
Navigate to the WAN Acceleration > WFS Acceleration page.
3
Select the Signed SMB Setup tab.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
72
4
Select the Accelerate Signed SMB check box.
NOTE: If you have previously joined the domain the Rejoin button is shown. If you have not
previously joined the domain, the Join button is shown. You must join a domain to use Signed SMB.
5
Click the Join or Rejoin button.
The Join Domain dialog appears.
6
Enter the username and password for the Administrator of the domain or an account that can join the
WXA appliance to the domain.
7
Click Join Domain.
A dialog appears asking you if you wish to continue.
8
Click Yes if you want to continue.
NOTE: The domain may not always be discovered. If the domain cannot be discovered, it usually
indicates that the WXA cannot reach the network. The Administrator should check the DNS settings
and verify them using the DNS Lookup Tool under the Signed SMB Tools page. If the connectivity is
ok and the domain is still not discovered by the WXA, the Administrator can manually type the
domain name by clicking the Edit Domain button that is visible when the WXA has not joined the
domain.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
73
While processing, the Joining the Domian dialog appears. When it is finished joining the domain, the
Join Domain Results window appears showing the results. If it was successful, it displays, “Successfully
joined the Domain” with a list of the details.
9
Click the Close button.
The Domain Details panel is populated with the current domain information.
Domain Details panel in Basic Mode (Advanced Mode check box is not checked)
Domain Details panel in Advanced Mode (Advanced Mode check box is checked)
When the Advanced Mode option is not selected, the WFS Acceleration > Signed SMB Setup page displays the
basic configuration options. When the Advanced Mode option is selected, the WFS Acceleration > Signed SMB
Setup page displays three additional configuration buttons: Advanced Options, Restart and Flush Cache.
This screen shot represents a WXA located in a head-office. The file server name was auto-created by the WXA
in basic mode and is automatically added when accounts-dsg-DC.accounts-dsg.com is selected in the branch
office in basic mode.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
74
Name
Description
Accelerate Signed SMB check box
Select this option to use WAN Acceleration in Signed SMB mode.
Signing Test button
Opens a dialog box where the name or IP address of the test server is
entered.
Test Config button
Tests the configuration of WFS for Signed SMB.
Update Domain Records button
Updates missing SPN aliases to the Domain Controller, remote servers
in the Specific Trusted Host List on the computer account, and missing DNS records. It also removes unwanted or outdated records.
Config button
Opens a dialog box where you can select the Store and Forward
option and enter the extensions for file types to be included in Store
and Forward.
View button
Displays the ongoing Store and Forward operations.
Advanced Mode check box
When this option is selected, additional options are displayed on the
page.
Advanced Options button
Opens a dialog to configure the WFS Acceleration service in more
detail with Client Signing, Server Signing, and Max Transmit packet
size for Common Internet File System (CIFS) packets.
Restart button
Restarts the WFS Acceleration service for Signed SMB.
Flush Cache button
Clears the WFS Signed SMB data that is currently in the cache.
Domain Details panel
Displays the Domain that the WXA has joined, the WXA Hostname,
and the WFS Acceleration Address. This panel also provides the buttons to Rejoin or Unjoin the Domain and the configuration button to
select the WFS Acceleration Address.
Local Servers tab
Displays a list of the local servers that are configured on the WXA and
a button to add additional local servers.
Remote Servers tab
Displays a list of the remote servers that are configured on the WXA
and a button to add additional remote servers.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
75
Accelerate Signed SMB
The Accelerate Signed SMB option enables support for SMB signing during WAN Acceleration. The WXA appliance
must be joined to a Domain for SMB signing to function. To enable Signed SMB for WFS Acceleration: Make sure
the Support SMB Signing option under the Configuration tab is selected. This automatically selects the
Accelerate Signed SMB option under the Signed SMB Setup tab. This option is the same function as the Enable
Support for Signed SMB option under the Configuration tab and must be selected before the domain can be
joined.
Signing Test
The Signing Test button enables you to perform a signing test on one or more file servers to see which servers
are required to sign their SMB packets. When a server is required to sign its SMB packets, the WXAs on the client
and server sides must both join the domain of that server and add that server to their Signed SMB
configurations.
To use the Signing Test, Signed SMB must be enabled, but it is not necessary for the WXA to have joined the
domain. Signed SMB must be enabled on the WXA so that the NAT rules are created on the firewall which allow
the WXA to connect to the network.
To run the Signing Test:
1
1 Click the Signing Test button. The Signing Test dialog box appears.
2
Enter the fully qualified domain name or the IP address of the file server you want to test or click the
ellipses to select a file server from the list of servers discovered by the WXA.
3
Click OK as needed.
After you click OK, the test runs and the latency of the connections to the server are recorded. While
the test is running, this message appears, “Testing Signing. Please wait...”
When the test is completed a new window with the results appears.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
76
If signing is required and the WXA has already joined the domain, the Signing Test Results screen displays the
option to quickly add the file server to the WXA configuration. The Signing Test Results screen also informs the
Administrator that if the server is remote, it must be added to the local WXA configuration before it can be
added to the configuration of this WXA. The user-specified threshold for the latency is used to determine
whether the file server is local or remote to the WXA.
Test Config
When you click the Test Config button, the Test Configuration dialog box appears. Run the tests by entering the
username and password of the Domain Administrator.
To run the configuration tests:
1
Enter the Username and Password of the Domain Administrator.
2
Click the Run Tests button.
When you click Run Tests, the tests run for a few seconds and then a window appears with the test
results as shown below.
For descriptions of the column headings see Verifying the WFS Acceleration Configuration on page 99.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
77
Update Domain Records
The Update Domain Records button updates missing SPN aliases to the Domain Controller, remote servers in the
Specific Trusted Host List, and missing DNS records. It also removes unwanted or outdated records. This button
can be used whenever you add or delete servers.
To update the domain records:
1
Click the Update Domain Records button.
The Update Domain Records dialog box appears, where you are prompted to enter your Administrator
credentials.
2
In the Username text field, enter the Administrator username.
3
In the Password text field, enter the Administrator password.
4
Click the Update Records button.
The Update Domain Records window appears while it is processing the request. When it is finished
updating the domain records, if it was successful, it displays, “Successfully updated the domain records”
with a list of the details.
5
Click the Close button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
78
Configure Store and Forward
The Config button provides the Administrator with the ability to set up the Store and Forward feature for WFS.
The Store and Forward feature is useful in cases where a user wants to transfer large files to an off-site file
server, and then disconnect their PC without having to wait for a lengthy transfer to complete.
The Store and Forward feature makes this possible. Users can transfer large files quickly from a PC to an on-site
WXA appliance at LAN speeds, and then disconnect the PC while the WXA continues to transfer the files to the
off-site file server via the next hop WXA.
The Store and Forward feature functions so that all write requests and close requests are acknowledged
immediately. So the client can complete transfers quickly and disconnect from the network, while the transfer
continues to the server from the WXA.
NOTE: Attempting to open, re-open, delete, or rename any of the transferring files during the Store and
Forward operation is not recommended until the transfer is complete or cancelled using the WXA
interface. However, if the client PC that initiated the Store and Forward is still connected to the network
in the same active session, the user can delete the file, and the WXA will abort the Forward stage of the
process and delete the file. Also, during the Store stage, if the client PC is still connected, the user can
cancel the copy.
The Config button opens the Configure Store and Forward dialog, where you can enable the Store and Forward
feature and enter the file extensions of the file types you want to include in the Store and Forward operations.
NOTE: For Store and Forward to work, caching must be enabled for each file share involved. Caching is
enabled by default.
The Config button configures the Store and Forward options at the top level. However, in Advanced Mode, the
Store and Forward options can be overridden for individual servers and individual shares.
The Store and Forward feature is for unattended uploading of files only. It is not for interactive file saving from
applications. When saving files from Microsoft Office, Office 97 extensions (such as .doc, .xls) cause problems,
as Office thinks the file is closed and tries to rename it while the file is uploading. Files such as .docx .xlsx .pptx
do not have this problem because Office saves them to a temporary file (.tmp) first and then renames the
original file. However, in most cases, temporary files should not be used for Store and Forward.
In cases where file extensions are used for both interactive file saving and Store and Forward, a different
server/share alias should be configured for Store and Forward. The Store and Forward extensions do not need to
be configured on the WXA at the same site as the server, only on the site of the clients using the Store and
Forward feature.
To enable the Store and Forward feature:
1
Click the Config button.
The Configure Store and Forward dialog appears.
2
Select the Enable Store and Forward option.
3
Enter the file extensions for file types you want to include in the Store and Forward operations.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
79
The extensions must begin with a dot '.' and be separated by commas, spaces or new lines.
4
Click OK.
View
The View button displays a window that shows the current Store and Forward operations.
To view your current Store and Forward operations:
1
Click the View button.
The Store and Forward dialog appears with a list of the current Store and Forward operations.
2
If you want to update the list, click the Refresh button.
3
If you want to change the Refresh time period, enter the number of seconds in the Refresh box.
4
If you want to start or stop the Refresh of the list on the screen, click the Play/Pause button.
5
Click Close.
Hovering over an option in any row shows a tooltip window with information about that option. The Status
column shows the current status of the Store and Forward. The Progress column shows how much of the file has
been uploaded. The File column reports on the user who uploaded the file and their client PC.
Advanced Options (Advanced Mode Only)
When the Advanced Mode option is selected, the Advanced Options button is visible.
To configure the Advanced options:
1
Click the Advanced Options button.
The Advanced Options dialog box appears.
2
In the Client Signing menu, select one of the following options:
Auto – Permits signed connections with the server if the server permits it.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
80
Mandatory – Permits only signed connections with the server.
Disabled – Permits only unsigned connections with the server.
Client Signing refers to the WXA as a client of the remote WXA, or as a client of the local Windows
server. Therefore, these settings should be compliant with those of the remote WXA or the local
Windows server.
3
In the Server Signing menu, select one of the following options:
Auto – Permits signing between the WXA and clients, if the clients are enabled for signing.
Mandatory – Permits only connections with signing enabled between the WXA and clients.
Disabled – Permits only clients that do not require signing between WXA and clients.
Server Signing refers to the WXA as a server to the windows client PC, or as a server to a branch office
WXA. Therefore, these settings should be compliant with the previous WXA or windows client.
4
In the Max Transmit box, enter the number of bytes to set the largest block of data that can be written
at one time.
NOTE: Do not change the Max Transmit value unless it is necessary.
5
Click OK.
Restart (Advanced Mode Only)
When the Advanced Mode option is selected, the Restart button is visible. The Restart button restarts the WFS
Acceleration service, and all existing sessions and file transfers are terminated.
To restart the WFS Acceleration service:
1
Click the Restart button.
The Restart WFS (Signed SMB) dialog appears.
2
Click Yes to restart the WFS Acceleration service or No to cancel.
Flush Cache (Advanced Mode Only)
When the Advanced Mode option is selected, the Flush Cache button is visible. The Flush Cache button clears
all the WFS Signed SMB data that is currently in the cache.
To clear all the WFS Signed SMB data from the cache:
1
Click the Flush Cache button.
The Flush Cache (Signed SMB) dialog appears.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
81
2
Click Yes to clear all the WFS Signed SMB data from the cache or No to cancel.
The Status bar displays: “The cache has been flushed: WFS for Signed SMB.”
Domain Details
The Domain Details panel displays information about the Domain to which the WXA is currently joined.
Basic Mode
Advanced Mode
The Domain Details panel displays the following information:
•
Domain – The name of the current domain.
•
Hostname – The host name of the WXA series appliance.
•
WFS Acceleration Address – The IP address of the WXA series appliance on the LAN.
•
Domain Controller – The name of the Kerberos server that is configured as the Domain Controller for the
WXA series appliance (Advanced Mode only).
•
Edit button – Provides the option to select a different WFS Acceleration Address or Domain Controller.
Clicking the Edit button opens a dialog with the different options.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
82
Domain
Click the Edit button to configure the domain if it has not been and enter the domain name in the Fully
Qualified Domain Name box.
To use the corresponding NetBios name for the domain, select the check box alongside Use Discovered
value for NETBIOS Domain.
WXA Hostname
Click the Edit button alongside WXA Hostname to enter a user friendly hostname instead of using the default
name for the WXA series appliance.
WFS Acceleration Address Edit Button
The WFS Acceleration Address is typically chosen to be the LAN address of the firewall on the domain. NAT rules
are created on the firewall to direct traffic to the WXA. So, it is also the address of the WXA on the domain.
You can change the interface for WFS Acceleration by selecting a different address object from the WFS
Acceleration Address dialog.
To change the WFS Acceleration Address:
1
Click the Edit button next to the WFS Acceleration Address.
The WFS Acceleration Address dialog box appears.
2
From the WFS Acceleration Address drop-down menu, select the address you want.
3
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
83
Domain Controller Edit Button (Advanced Mode Only)
When the Advanced Mode option is selected, the Domain Controller edit button becomes visible. The Domain
Controller edit button allows you to choose a Kerberos server as the Domain Controller.
1
Click the Edit button next to the Domain Controller name.
The Configure Kerberos Server dialog box appears.
2
Enter the name and port number for the Kerberos Server.
3
Click OK.
Local Servers Tab
The local servers tab displays a list of the local servers (at the same location as the WXA) that are currently
configured on the WXA series appliance.
The Add button
lets you add new local servers to the WXA configuration.
For details on configuring local servers, see Adding File Servers on page 86.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
84
Remote Servers Tab
The Remote Servers tab displays a list of the remote servers (at a different location than the WXA) that are
currently configured on the WXA series appliance.
The Add button
lets you add new remote servers to the WXA configuration.
For details on configuring remote servers, see Adding File Servers on page 86.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
85
Adding File Servers
File server configuration does not require you to create SPNs for the remote servers. The File Server drop-down
menu on the WXA appliance is automatically populated with the file server names that are connected to the
Dell SonicWALL network security appliance. All available shares are added when a server is configured. The WXA
series appliance adds the SPN aliases for the share automatically.
The following example configurations show how to add file servers in Basic Mode and in Advanced Mode:
•
Adding File Servers Example Configuration in Basic Mode on page 86
•
Adding File Servers Example Configuration in Advanced Mode on page 91
Adding File Servers Example Configuration in Basic Mode
In Basic Mode, you can select local file servers from those discovered on the network. File operations to all of
the file server’s shared folders and documents from remote sites will be accelerated. If you wish to limit WFS
Acceleration (Signed SMB) to specific shares, this can be configured in Advanced Mode.
The following Illustration shows a simple WXA topology. In this example deployment scenario, the Central site
contains all the file servers, and the Branch site contains users that are accessing files from the Central site file
servers.
NOTE: When configuring shares on the Central site, the Branch site is considered “Remote”. When
configuring shares on the Branch site, the Central site is considered “Remote”.
Internet
NSA/TZ series
appliance
NSA/TZ series
appliance
X4
X2
X0
X3
X1
X4
X2
X0
X3
X1
CONSOLE
CONSOLE
Network Security Appliance
PWR
TEST ALARM
X5
3500
Network Security Appliance
PWR
TEST ALARM
X5
3500
Switch
Switch
D0
250GB
WAN Acceleration
D1
WAN Acceleration
250GB
WXA 2000
WXA 4000
Domain
File
File
Controller Server 1 Server 2
WXA-4000-CS
Central Site
WXA-2000-RS
PC
Branch Site
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
86
Central Site Configuration
Configuring file servers on the Central Office WXA, makes WFS Acceleration available for users at the branch
sites.
To configure File Servers 1 and 2 on the WXA 4000 appliance on the Central Site in Basic Mode,
perform the following steps for each file server:
1
Navigate to the WAN Acceleration > WFS Acceleration > Signed SMB Setup tab.
mmp
2
Under the Local Servers tab, click the Add button.
The Add Server dialog box appears.
3
At File Server, select or enter the name of the file server you want.
4
Enter the Local WXA Name.
5
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
87
6
On the WAN Acceleration > WFS Acceleration > Signed SMB Setup page,
click the Update Domain Records button.
The Update Domain Records dialog appears, where you are prompted to enter your Administrator
credentials.
7
In the Username text field, enter the Administrator username.
8
In the Password text field, enter the Administrator password.
9
Click the Update Records button.
The Update Domain Records window appears while it is processing the request. When it is finished
updating the domain records, if it was successful, it displays, “Successfully updated the domain records”
with a list of the details.
10 Click the Close button.
TIP: If you are adding multiple file servers, you can update the Domain Records after you have added all
the file servers, rather than updating the Domain Records after you add each file server.
TIP: After adding the file servers, you may want to force replication between domain controllers so that
all domain controllers are aware of each server that has been added. Otherwise, the branch site
configuration may fail.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
88
Branch Site Configuration
Users at the branch site have WFS Acceleration and accelerated access to the file servers at the Central Site.
To configure File Servers 1 and 2 (which are located on the Central Site) on the WXA 2000 appliance on the
Branch Site in Basic Mode, perform the following steps for each file server:
1
Navigate to the WAN Acceleration > WFS Acceleration > Signed SMB Setup tab.
2
Under the Remote Servers tab, click the Add button.
The Add Server dialog appears.
3
From the File Server drop-down menu, select the file server that you want.
4
In the Local WXA Name field, enter the name that you want.
NOTE: Adding a dot after the name will auto-complete the name with that of the domain. This (the
local WXA Name) is the name that should then be used in paths to folders and files on the remote
server in order for the file sharing operations to benefit from WFS Acceleration. For example, if
the current path is \\remote_server\docs under WFS Acceleration, it will become \\local_Wxa\docs.
5
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
89
Update Domain Records
TIP: If you are adding multiple file servers, you can update the Domain Records after you have
added all the file servers, rather than updating the Domain Records after you add each file server.
1
On the WAN Acceleration > WFS Acceleration > Signed SMB Setup page,
click the Update Domain Records button.
The Update Domain Records dialog appears, where you are prompted to enter your Administrator
credentials.
2
In the Username text field, enter the Administrator username.
3
In the Password text field, enter the Administrator password.
4
Click the Update Records button.
The Update Domain Records window appears while it is processing the request. When it is finished
updating the domain records, if it was successful, it displays, “Successfully updated the domain records”
with a list of the details.
5
Click the Close button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
90
Adding File Servers Example Configuration in Advanced
Mode
The Advanced mode offers a more detailed configuration process for adding file servers and shares. Giving you
manual configuration options such as enabling the default cache, selecting the default cache read ahead,
specifying individual shares, and adding domain records.
Note the following considerations before adding file shares:
•
A unique Local WXA Name must be created for every remote file server added on the Central Site.
•
When adding a server, it is recommended to enter a period after the Local WXA Name, this autocompletes the name with that of the domain (e.g WXA-4000-CS-1.my_domain.local). If the period is not
entered, a caution icon will appear in the Shares tab next to the Remote Server name, noting that it is
recommended to use the fully qualified name:
This section contains an example of configuring shares in a typical WXA deployment. If your WXA deployment is
different, you can still use this example as a guide to add file shares, the basic principals are the same.
The following Illustration shows a simple WXA topology. In this example deployment scenario, the Central site
contains all the file servers, and the Branch site contains users that are accessing files from the Central site file
servers.
NOTE: When configuring shares on the Central site, the Branch site is considered “Remote”. When
configuring shares on the Branch site, the Central site is considered “Remote”.
Internet
NSA/TZ series
appliance
NSA/TZ series
appliance
X4
X2
X0
X3
X1
X4
X2
X0
X3
X1
CONSOLE
CONSOLE
Network Security Appliance
PWR
TEST ALARM
X5
3500
Network Security Appliance
PWR
TEST ALARM
X5
3500
Switch
Switch
D0
250GB
WAN Acceleration
D1
WAN Acceleration
250GB
WXA 2000
WXA 4000
Domain
File
File
Controller Server 1 Server 2
WXA-4000-CS
Central Site
WXA-2000-RS
PC
Branch Site
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
91
Central Site Configuration
To configure File Server 1 and File Server 2 on the WXA 4000 appliance on the Central Site in
Advanced Mode, perform the following steps for each file server:
1
Navigate to the WAN Acceleration > WFS Acceleration > Signed SMB Setup tab.
2
Under the Local Servers tab, click the Add button.
The Add Local File Server dialog box appears.
3
In the File Server field, select the name of the file server you want from the drop-down menu.
4
In the Local WXA Name field, enter the name of the local WXA.
The local WXA forwards data to the remote server. A different local name alias should be used for each
remote server.
NOTE: If you selected the Use Automated Naming Convention option, the Local WXA Name will
be generated for you when you select the file server.
5
If you want to use the default cache for acceleration, select the Default Cache Enabled check box.This
option is enabled by default.
When the default cache is used, and a file is requested that is in the default cache, the WXA serves the
data from the default cache as long as the cache file is still valid. If the original file has changed and is
different from the default cache file, the parts of the default cache file that are still valid may be used.
This process reduces the amount of data sent over the network. This option can be overridden for
individual file shares.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
92
6
In the Default Cache Read Ahead field, enter the default size (in bytes) for WXA to read-ahead. This
increases the read-ahead speed in the cache. The default cache read ahead value is 61440 bytes.
You can estimate a suitable Default Cache Read Ahead value as follows:
a
Multiply the link latency to the server (in milliseconds) by the link rate (the measured site-to-site
bandwidth in kilobytes per second).
b
Divide that number by the number of expected simultaneous user sessions.
The example equation is:
(link latency to the server * link rate) / user sessions
This option can be overridden for individual file shares.
7
If you want to make all the shares on the file server accessible for WFS Acceleration,
select the All Shares option.
8
If you want to make only selected shares on the file server accessible for WFS Acceleration, select the
Selected Shares option.
When you select the Selected Shares option, the Add Server dialog is expanded to show the Add button.
9
Click the Add button (Selected Shares option) to open the Add Share dialog.
The WXA attempts to get the available shares on that server. If successful, the Select button becomes
available and the user can select from a list of shares. Otherwise, you can type the name of the share in
the Name field.
a
Click OK to confirm and close the Add Share dialog.
b
Click OK to confirm and close the Add Server dialog.
c
On the WAN Acceleration > WFS Acceleration > Signed SMB Setup page,
click the Update Domain Records button.
The Update domain Records dialog appears, where you are prompted to enter your Administrator
credentials.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
93
10 In the Username text field, enter the Administrator username.
11 In the Password text field, enter the Administrator password.
12 Click the Update Records button.
The Update Domain Records window appears while it is processing the request. When it is finished
updating the domain records, if it was successful, it displays, “Successfully updated the domain records”
with a list of the details.
13 Click the Close button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
94
Branch Site Configuration
To configure File Server 1 and File Server 2 (which are located on the Central Site) on the WXA 2000 appliance
on the Branch Site in Advanced Mode, perform the following steps for each file server:
1
Navigate to the WAN Acceleration > WFS Acceleration > Signed SMB Setup tab.
2
Under the Remote Servers tab, click the Add button.
The Add Server dialog appears.
3
Select the Use Automated Naming Convention option.
NOTE: The Use Automated Naming Convention option only works if it is enabled at the Central
Site as well, or if the server is configured in Basic Mode. Otherwise, the Next Hop WXA must be
entered manually.
4
In the File Server field, enter the name of the file server at the Central Site that you want.
or
Click the Select button and select the name of the file server from the menu.
NOTE: Optionally, you can click the Lookup button to test that the file server IP address can be
resolved.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
95
5
In the Next Hop WXA field, enter the name of the WXA at the Central Site that provides access to the
file server.
or
Click the Select button and select the name of the WXA from the menu.
NOTE: Optionally, you can click the Lookup button to test that the file server IP address can be
resolved.
6
In the Local WXA Name field, enter the name of the local WXA.
The local WXA forwards data to the remote file server via the Next Hop WXA. Both the Next Hop WXA
and the File Server are located at the Central Site.
Use the local WXA name in paths to accelerated remote shares. A different local name alias should be
used for each remote server.
7
If you want remote file server shares stored in the default cache, select the Default Cache Enabled
check box.This option is enabled by default.
When a file is requested, that is also available in the default cache, the WXA serves the data from the
default cache as long as the cache file is still valid. If the original file has changed and is different from
the default cache file, the parts of the default cache file that are still valid may be used. This process
reduces the amount of data sent over the network. This option can be overridden for individual file
shares.
8
In the Default Cache Read Ahead field, enter the default size (in bytes) for WXA to read-ahead. This
increases the read-ahead speed in the cache. The default cache read ahead value is 61440 bytes.
You can calculate the Default Cache Read Ahead value as follows:
a
Multiply the link latency (in milliseconds) by the link rate (the measured site-to-site bandwidth in
kilobytes per second).
b
Divide that number by the number of simultaneous user sessions.
The example equation is:
(link latency * link rate) / user sessions
This option can be overridden for individual file shares.
9
If you want to make all the shares on the file server accessible for WFS Acceleration,
select the All Shares option.
10 If you want to make only selected shares on the file server accessible for WFS Acceleration, select the
Selected Shares option.
When you select the Selected Shares option, the Add Server dialog is expanded to show the Add button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
96
11 Click the Add button to open the Add Share dialog.
12 Click OK to confirm and close the Add Share dialog.
13 Click OK to confirm and close the Add Server dialog.
14 Click the Update Domain Records button.
The Update domain Records dialog appears, where you are prompted to enter your Administrator
credentials.
15 In the Username text field, enter the Administrator username.
16 In the Password text field, enter the Administrator password.
17 Click the Update Records button.
The Update Domain Records window appears while it is processing the request. When it is finished
updating the domain records, if it was successful, it displays “Successfully updated the domain records”
with a list of the details.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
97
18 Click the Close button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
98
Verifying the WFS Acceleration Configuration
This section describes how to verify that the WFS Acceleration service is configured correctly.
NOTE: These verification procedures only apply to systems using Signed SMB.
After completing the step-by-step WFS Acceleration configuration procedures, you can verify that WFS
Acceleration is working by using the Test Config button that is available in both Basic and Advanced modes.
To verify that the WFS Acceleration service was successful:
1
Click the Test Config button.
The Test Configuration dialog box appears.
2
Enter the Username and Password of the Domain Administrator or another qualified user.
After you click Run Tests, the tests run for a few seconds and then a window appears with the test results as
shown below.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
99
The Test WFS Configuration Test Results page displays the test results for the WFS Acceleration service. A green
circle indicates a successful configuration, and a red circle indicates an error. Hover over the circle icons to
display the details for that configuration. The results are listed in a table with the following columns.
Name
Description
Server
Display the remote server or local WXA name.
Resolves To
Displays the IP address that the WXA series appliance is resolved to.
Used in Share Config.
Displays the server that is used for sharing. This can be an actual server,
or a WXA series appliance.
Short SPN
Verifies a short SPN is present on the machine account.
Long SPN
Verifies a long SPN is present on the machine account.
Trusted for Delegation
Lists the general server or specific hosts that are trusted for delegation by
the WXA series appliance.
Accept Delegation
Displays the hosts that are trusted to present delegated credentials to the
WXA series appliance.
Accepted Connection
Verifies the server accepted an authenticated connection.
Propagated Connection
Verifies the server propagated an authenticated connection.
NOTE: If some records are missing, such as SPN aliases or DNS records, you can update the records by
following the steps in “Update Domain Records” on page 78.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
100
11
Viewing the Web Cache Page
Topics:
•
WAN Acceleration > Web Cache on page 101
•
Configuration Tab on page 102
•
Statistics Tab on page 104
WAN Acceleration > Web Cache
This chapter is an overview of the WAN Acceleration > Web Cache management interface page. The Web Cache
page provides the Configuration and Statistics tabs for configuring and testing the Web Cache service.
onvention
Name
Description
Configuration tab
Provides configuration options to edit, restart, or flush the cache. It also provides
a dialog to enter the Administrator’s Email address so that it will appear on error
pages viewed by users. You can also select the caching strategy for the web
cache.
Statistics tab
Displays data and graphs detailing the Web Cache data size, total data reduction,
WAN capacity increase factor, cache size, cache free space, and number of
cached objects.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
101
Configuration Tab
NOTE: You must be in Configuration mode for the Accept, Restart Web Cache and Flush Cache tabs to
be active.
Name
Description
Accept button
Applies the latest configuration changes.
Restart Web Cache button
Restarts the Web Cache service. This disconnects any currently open
connections.
Flush Cache button
Removes all the data from the Web Cache. This also restarts the Web
Cache service, disconnecting any open connections.
Name
Description
Enable Web Cache check box
When selected, all web traffic passing through the Dell
SonicWALL network security appliance is redirected to the Web
Cache.
Web Server Ports
Select the Service object detailing the TCP port numbers that
Web Cache should cache.
Client Inclusion Address Object
Select the Address Object or Group that represents the local
subnets whose web traffic should be diverted via the Web
Cache. You can also choose “Any” and the traffic from any
source IP address is forwarded to the WXA.
Server Exclusion Address Object
Select the Address Object or Group that contains the
destination address of web servers for which traffic should not
be diverted via the Web Cache. If you select None, no web
server is excluded and all appropriate traffic is sent via the
WXA.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
102
Name
Description
Caching Strategy
The Caching Strategy determines which objects are placed
into the web cache and how long they stay there. Three
options are available for the Caching Strategy: Minimal,
Moderate, and Aggressive. The following describes the
different Caching Strategies:
Minimal - All objects are cached unless the HTTP header
specifically says not to, such as “no cache” or an “expire” time
that occurs in the past.
Moderate - This is the default web caching strategy. In
Moderate caching mode, the Web Cache keeps objects in the
cache for longer than in Minimal mode. The Web Cache also
enforces a minimum age of 7 days on objects that don't include
any 'no caching' control options (such as no-cache, no-store or
an explicit expiry time) in the HTTP header.
Aggressive - In Aggressive mode, the Web Cache ignores
explicit expiry time (enforcing a minimum age of 7 days),
reload and no-cache options in HTTP headers.
The Web Cache never caches any data marked as “private” or
“auth” (requiring authorization to access) in the HTTP header.
When switching from Aggressive or Moderate mode to Minimal
mode, any already cached objects that do not meet the
Minimal caching strategy will be refreshed by the cache.
YouTube caching is implemented in both Moderate and
Aggressive caching modes.
Administrator Email
Enter the Administrator’s Email address so that it will appear
on error pages viewed by users.
CAUTION: The Aggressive mode Caching Strategy should be used with caution, as it violates the HTTP
standard and may lead to unwanted consequences.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
103
Statistics Tab
Name
Description
Covering Period drop-down menu
Select the period of time the data displayed on the Statistics
tab.
Refresh button
Refreshes the Web Cache > Statistics displayed in the panel.
Total Data Reduction (%)
Displays the difference between the data conveyed and the
data sent, represented as a percentage.
WAN Capacity Increase Factor
Displays the ratio of the amount of data conveyed to the
amount actually sent. This can be used as a guide to how much
extra capacity the WAN gained without any increase in
bandwidth.
Requests
The number of requests made during the selected period.
Hits
The number of requests that were served from the Web Cache
during the selected period.
Errors
The total number of errors encountered during the selected
period.
Data Since
Displays the actual period covered using the statistics shown in
the data and graphs.
This might differ from the chosen covering period, depending
on the data stored and available on the appliance.
Cache Size
Displays the current size of the cache used by the Web Cache.
Cache Free Space
Displays the amount of disk space available to the Web Cache.
Number of Cached Objects
Displays the number of objects currently stored in the Web
Cache.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
104
Graphs
The Statistics graphs display the Web Cache data for the selected Covering Period and Chart. The Conveyed data
is the number of bytes that would be sent from a web server without the use of the WXA appliance’s Web
Cache. The Sent data are the bytes that are actually sent from web servers in response to the user’s web
request, with the remainder being served from the cache. A “Hit” is when an object is served from the Web
Cache instead of fetched from the internet. The following Chart types are available:
Summary
The Summary chart graphically displays the sent and conveyed bandwidth data.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
105
Time Series
The Time Series chart graphically displays the sent and conveyed data over a specified period of time. You can
drag the mouse over the chart to zoom in on a selected area. To zoom back out, click the Reset Zoom button.
Requests
The Requests chart graphically displays the number of Requests, Hits, and Hits % over a selected period of
time. You can drag the mouse over the chart to zoom in on a selected area. To zoom back out, click the Reset
Zoom button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
106
12
Configuring the Web Cache
Topics:
•
WAN Acceleration > Web Cache on page 107
•
Configuring Web Cache on page 108
•
Verifying Web Cache Operation on page 111
•
Configuring Web Cache on the WAN Acceleration > Summary Page on page 108
•
Configuring the Web Cache on the WAN Acceleration > Web Cache Page on page 110
WAN Acceleration > Web Cache
The Web Cache page provides options to enable, configure, view results, diagnose, and test performance of the
Web Cache feature. By enabling the Web Cache service, the Dell SonicWALL network security appliance
immediately begins transparently forwarding HTTP connections to the WXA appliances and saving bandwidth.
Consider the following when configuring the Web Cache service:
•
There is no need to configure the HTTP clients with proxy settings since the Dell SonicWALL network
security appliance transparently redirects standard HTTP connections onto the proxy.
•
When the Web Cache is enabled, the Dell SonicWALL network security appliance disables redirection of
HTTP connections to the WXA appliance if it becomes unavailable.
•
The Web Cache service is not available in WXA 500 Live CD Memory Mode.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
107
Configuring Web Cache
Configuring Web Cache on the WAN Acceleration > Summary
Page
To configure the Web Cache on the WAN Acceleration > Summary Page:
1
Navigate to the WAN Acceleration > Summary page.
2
At the WAN Acceleration panel, select the Enable WAN Acceleration check box.
3
Click the Edit button in the WXA Status panel and the Configure Acceleration popup appears.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
108
4
Verify the fields.
5
Click on the Web Cache tab.
6
Select the Enable WFS Acceleration (Unsigned SMB) check box.
7
From the Web Server Ports menu, select the type of ports that you want to use, such as HTTP.
8
From the Client Inclusion Address Object menu, select the type of client addresses that you want to
include in the Web Cache.
9
From the Server Exclusion Address Object menu, select the type of server addresses that you want to
exclude from the Web Cache.
The Caching Strategy determines which objects are placed into the web cache and how long they stay
there.
10 From the Caching Strategy menu, select one of the following options.
•
Minimal - All objects are cached unless the HTTP header specifically says not to, such as “no
cache” or an “expire” time that occurs in the past.
•
Moderate (default) - This is the default web caching strategy. In Moderate caching mode, the Web
Cache keeps objects in the cache for longer than in Minimal mode. The Web Cache also enforces
a minimum age of 7 days on objects that don't include any 'no caching' control options (such as
no-cache, no-store or an explicit expiry time) in the HTTP header.
•
Aggressive - In Aggressive mode, the Web Cache ignores explicit expiry time (enforcing a
minimum age of 7 days), reload and no-cache options in HTTP headers.
CAUTION: The Aggressive mode Caching Strategy should be used with caution, as it violates the HTTP
standard and may lead to unwanted consequences.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
109
11 In the Administrator Email field, type the name of the Administrator to be shown in the Web Cache error
page that is presented to network users in the event of an error.
12 Click OK.
Configuring the Web Cache on the WAN Acceleration > Web
Cache Page
To configure the Web Cache on the WAN Acceleration > Web Cache page:
1
Navigate to the WAN Acceleration > Web Cache page.
2
Select the Enable Web Cache check box.
3
From the Web Server Ports menu, select the Service object that details the TCP port numbers you want
WebCache to cache. Defaults to HTTP.
4
From the Client Inclusion Address Object menu, select the type of client addresses whose traffic want
to be included in the Web Cache. You can also choose “Any” and the traffic from any source IP address is
forwarded to the WXA.
5
From the Server Exclusion Address Object menu, select the type of server addresses that you want to
exclude from the Web Cache. If you select “None,” no web server is excluded and all appropriate traffic
is sent via the WXA.
6
The Caching Strategy determines which objects are placed into the web cache and how long they
remain there. From the Caching Strategy menu, select one of the following options:
•
Minimal - All objects are cached unless the HTTP header specifically says not to, such as “no
cache” or an “expire” time that occurs in the past.
•
Moderate (default) - This is the default web caching strategy. In Moderate caching mode, the Web
Cache keeps objects in the cache for longer than in Minimal mode. The Web Cache also enforces
a minimum age of 7 days on objects that don't include any 'no caching' control options (such as
no-cache, no-store or an explicit expiry time) in the HTTP header.
•
Aggressive - In Aggressive mode, the Web Cache ignores explicit expiry time (enforcing a
minimum age of 7 days), reload and no-cache options in HTTP headers.
CAUTION: The Aggressive mode Caching Strategy should be used with caution, as it violates the HTTP
standard and may lead to unwanted consequences.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
110
7
In the Administrator Email field, type the name of the Administrator to be shown in the Web Cache error
page that is presented to network users in the event of an error.
8
Click Accept.
9
Verify that the Web Cache service is working, see Verifying Web Cache Operation on page 111 for
details.
Verifying Web Cache Operation
To verify Web Cache operation:
1
Navigate to the Web Cache > Statistics tab.
2
From the Covering Period menu, select the period of time for which to display data.
NOTE: For data to be shown, the client PCs must be browsing the web, PCs and web servers must fall
within the configured values, and the WXA must be configured.
3
View the number of cached objects to confirm the Web Cache service is working.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
111
13
Enabling WXA for a VPN and Route
Policies
Topics:
•
Permitting Acceleration on the VPN on page 112
•
Permitting Acceleration on the Route Policy on page 114
•
Enabling WXAC on the WXA Appliance on page 121
Permitting Acceleration on the VPN
Enable Acceleration on the Network/VPN Page
To configure a VPN on the Network > VPN page:
1
Go to the VPN > Settings page.
2
Under VPN Policies > Name, select the VPN(s).
3
Click the Add or Edit button for the VPN policy you wish to use.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
112
4
Select the Advanced tab.
5
From the Advanced Settings menu, select the Permit Acceleration check box.
6
Click the OK button.
Enable Acceleration on a VPN on the WAN
Acceleration Summary Page
To enable acceleration on a site-to-site VPN on the WAN Acceleration interface:
1
Go to the WAN Acceleration > Summary page.
2
Click the VPN Policies tab and then click the Edit button for the VPN policy on which you want to enable
acceleration. The Edit VPN popup appears.
3
Select the Permit Acceleration check box.
4
Click the OK button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
113
Permitting Acceleration on the Route Policy
After you have configured the WXA, you can permit acceleration for a Route Policy. You can either permit
acceleration for a Route Policy on the WAN Acceleration > Summary page, under the Route Policies tab, or on
the Network > Routing page.
If you do not have a VPN configured on your network and you are using a custom Route Policy, you need to add
two route Policies on each site: One for outgoing traffic, and one for incoming traffic.
The illustration below displays the configuration between two non-VPN sites. Refer to this Illustration as an
example for the steps in the following examples.
Internet
Router
NSA/TZ series
appliance
Router
10.12.10.0
10.26.55.0
192.168.20.0
192.168.10.0
Switch
Web
Server
NSA/TZ series
appliance
Switch
WXA series
appliance
Central Site
WXA series
appliance
PC
Branch Site
Permitting Acceleration on a Route Policy on the WAN
Acceleration > Summary Page
To Permit Acceleration on a Route Policy on the WAN Acceleration > Summary page:
1
Go to the Wan Acceleration > Summary page.
NOTE: You must configure a Route Policy for outgoing traffic on both the branch site and the
central site.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
114
2
Select the Route Policies tab.
3
Select the Edit button for the route you want to use for acceleration. The Edit Route dialog appears.
4
Enable Permit Acceleration.
5
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
115
Enable Permit Acceleration for a Route Policy for
Outgoing Traffic on the Network > Routing Page
To Enable Permit Acceleration for a Route Policy for outgoing traffic on the Network > Routing
page:
1
Navigate to the Network > Address Objects page.
2
Click the Add button.
The Add Address pop-up window displays.
3
Enter a name (Central Site) for the address object in the Name text field.
4
Click the Zone Assignment drop-down, select WAN.
5
Click the Type drop-down, select Network.
6
Enter the LAN IP address of the Central Site (192.168.10.0) in the Network text field.
7
Enter the netmask IP address (255.255.255.0) in the Netmask text field.
8
Click the Add button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
116
9
Navigate to the Network > Routing page.
10 Click the Add button.
The Route Policy Settings pop-up window displays.
11 Click the Source drop-down, select Any.
12 Click the Destination drop-down, select the address object you created (Central Site.)
13 Click the Service drop-down, select Any.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
117
14 Click the Gateway drop-down, select the X1 Default Gateway.
15 Click the Interface drop-down, select the X1 interface.
16 Enter 1 in the Metric text field.
This gives the route policy a high priority level. A larger metric number would have a lower priority.
17 Select the Permit Acceleration check box.
18 Click the OK button.
Enable Permit Acceleration for a Route Policy for Incoming
Traffic
The following section describe how to assign the WXA to a Route Policy for incoming traffic:
•
Enable Permit Acceleration for a Route Policy for Incoming Traffic on the WAN Acceleration > Summary
Page on page 118
•
Enable Permit Acceleration for a Route Policy for Incoming Traffic on the Network > Routing Page on page
119
NOTE: You must configure a Route Policy for incoming traffic on both the branch site and the central site.
Enable Permit Acceleration for a Route Policy for Incoming
Traffic on the WAN Acceleration > Summary Page
To enable Permit Acceleration for a Route Policy for incoming traffic on the WAN Acceleration
> Summary page:
1
Go to the WAN Acceleration > Summary page.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
118
2
Select the Route Policies tab.
3
Select the Edit button for the route you want to use for permit acceleration.
The Route Policy Settings dialog appears.
4
Select the Permit Acceleration check box.
5
Click OK.
Enable Permit Acceleration for a Route Policy for Incoming
Traffic on the Network > Routing Page
To enable Permit Acceleration for a Route Policy for incoming traffic on the Network > Routing
page:
1
Navigate to the Network > Address Objects page.
2
Click the Add button.
The Add Address Object pop-up window displays.
3
Enter a name (Branch Site) for the address object in the Name text field.
4
Click the Zone Assignment drop-down, select LAN.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
119
5
Click the Type drop-down, select Network.
6
Enter the LAN IP address of the Branch Site (192.168.20.0) in the Network text field.
7
Enter the netmask IP address (255.255.255.0) in the Netmask text field.
8
Click the Add button.
9
Navigate to the Network > Routing page.
10 Click the Add button.
The Route Policy Settings pop-up window displays.
11 Click the Source drop-down, select Central Site.
12 Click the Destination drop-down, select the address object you created (Branch Site.)
13 Click the Service drop-down, select Any.
14 Click the Gateway drop-down, select (0.0.0.0).
15 Click the Interface drop-down, select the X0 interface.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
120
16 Enter 1 in the Metric text field.
This gives the route policy a high priority level. A larger metric number would have a lower priority.
17 Select the Permit Acceleration check box.
18 Click the OK button.
Enabling WXAC on the WXA Appliance
You can enable acceleration for NetExtender WAN Acceleration Clients (WXAC).
NOTE: The WXA must be licensed to support the NetExtender WAN Acceleration Client (WXAC).
To enable WXAC support on the WXA:
1
Go to the WAN Acceleration > Summary page.
2
Click the SSL VPN tab.
3
If WXAC is licensed, you will be able to enable/disable WAN Acceleration for WXAC Clients.
4
Click the Accept button.
NOTE: If the WAN Acceleration Client is not licensed, you will see the following message:
NetExtender WAN Acceleration Client (WXAC) is not licensed. You will also see how many Active
Licenses are Currently in Use (how many WXAC clients are connected).
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
121
14
Managing Firmware
Topics:
•
WAN Acceleration > Firmware on page 122
•
Manual Download/Upload on page 123
•
Firmware Auto-Download on page 125
•
Factory Reset on page 127
WAN Acceleration > Firmware
The WAN Acceleration > Firmware page provides options to check for upgrades, perform a factory reset and
automatically download a Dell SonicWALL WAN Acceleration firmware upgrade.
The following table describes the options and features on the Firmware page:
Name
Description
Toolbar
Allows you to refresh the data that is shown by clicking the Refresh button. The WXA model and serial number are shown in the panel.
Firmware Management
Lets you enable Auto-downloads, Check for Updates and Upload New
Firmware. When you click the Upload New Firmware button, instructions
appear that step you through the firmware upgrade process. Note: The
Administrator must click the upload or download button.
Factory Reset
Lets you restore the WXA appliance to its original factory default settings.
NOTE: When performing a firmware upload, do NOT navigate away from the WAN Acceleration >
Firmware page. This could stop the uploading process or cause the management interface to become
unresponsive.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
122
Manual Download/Upload
The Administrator can manually upgrade the WXA firmware.
To manually upgrade the WXA firmware:
1
On your Web Browser, go to mysonicwall.com.
2
On the Welcome page, click Downloads to open the Download Center.
3
From the Software Type menu, select the WXA model firmware that you want.
4
Under the Firmware list, click the link for the firmware you want.
For example, upgrade-1.3.2-0-7-x64.bin.
5
Save the file to a location on your computer.
6
Go to the WAN Acceleration > Firmware page.
7
Click the Firmware Management icon to open the Firmware Management panel.
8
Click the Upload New Firmware button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
123
The Firmware File field and Choose File button appear.
9
Click the Choose File button.
10 Navigate to the location where you saved the firmware file and select it.
11 Click the Upload button.
12 After the firmware upload has successfully completed, refresh the Firmware page. The Firmware page
now shows the new firmware ready to boot.
13 Apply the Boot button to apply the firmware image. The appliance will reboot as part of the process.
NOTE: The upgrade is NOT applied automatically. The Administrator must apply the upgrade
whether automatically downloaded or manually uploaded.
Troubleshooting Tips
•
Be sure that you select the correct firmware image for the WXA Model.
•
Do not navigate from the Firmware page during the upload.
•
Be sure that you have a long timeout on the Admin session.
•
Firmware image files are quite large and the process of uploading can take a considerable length of
time. Please be patient.
•
Close the browser and clear the browser cache after the upgrade if it does not appear to have taken
effect.
•
If there is a problem with one browser, try another - always use the latest version of any browser.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
124
Firmware Auto-Download
WXA firmware can be downloaded automatically or manually, using HTTP, from a web server cluster located in
the Dell cloud. Other features, such as WXA Client, NAC Client and NetExtender, use the same web server
cluster to distribute software and software updates.
NOTE: The upgrade is NOT applied automatically. The Administrator must apply the upgrade whether
manually uploaded or automatically downloaded.
The Firmware Auto-Download feature periodically checks the Dell cloud for WXA firmware updates and
automatically downloads the firmware when there is an upgrade. This feature is disabled by default.
NOTE: A WXA firmware upgrade file typically exceeds 100 MB and may require a long time to download to
the WXA through the firewall. Please be patient.
You can enable auto-downloads on the WAN Acceleration > System > Firmware page by selecting the Enable
Auto-downloads option in the Firmware Management panel.
When auto-downloads are enabled, the firewall checks for firmware updates every 2 hours at the
software.sonicwall.com website. If an upgrade to the firmware if found, the current firmware does a system
check and determines if the new firmware version should be downloaded. Auto-downloads have a limited
transfer rate of up to 200 Kbps.
Restrictions
•
Does not operate with 3rd party Proxy Servers.
•
Requires access to software.sonicwall.com via HTTP or HTTPS.
The WAN Acceleration > Log page gives information on the progress of the downloading firmware and decisions
that are made while downloading.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
125
When the firmware is successfully downloaded, it shows the firmware on the WAN Acceleration > Firmware
page, under Firmware Image. See the image under WAN Acceleration > Firmware on page 122 for an example.
To configure automatic downloads of firmware:
1
Go to the WAN Acceleration > Firmware page.
2
Click the Firmware Management icon to open the Firmware Management panel.
3
Select the Enable Auto-downloads option.
Your existing firmware must support this. If this option is not shown, check for updates by clicking the
Check for Updates button.
NOTE: If you don’t want to wait for auto-updates, the Check for Updates button forces an
immediate check on available updates. The Check for Updates button will not be visible if the
WXA version does not support auto-downloads.
4
Click the Upload New Firmware button. The Firmware File field and Choose File button appear.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
126
5
After the firmware upload has successfully completed, refresh the Firmware page. The Firmware page
now shows the new firmware ready to boot.
6
Click the Boot button to apply the firmware image. The appliance will reboot as part of the process.
NOTE: The Administrator must click the Boot button to apply the new
firmware image.
Factory Reset
To perform a Factory Reset:
1
Click the Factory Reset icon to open the Factory Reset panel.
2
Select the Restore the current configuration settings option.
3
Click the Factory Reset button. The WXA is restored to its original factory settings.
NOTE: When performing a firmware upload, do NOT navigate away from the WAN Acceleration >
Firmware page. This could stop the uploading process or cause the management interface to become
unresponsive. Do Not turn the power off during this process.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
127
15
Viewing the Log Page
Topics:
•
WAN Acceleration > Log on page 128
•
Viewing Log Messages on page 130
WAN Acceleration > Log
The WAN Acceleration > Log page provides a detailed list of log event messages and provides multiple options
to change how the log messages display. The Minimum Priority and Categories drop-down menus are used to
determine which logs are retrieved from the WXA.The filters at the bottom of the table then determine which
of those entries are actually shown on the screen. Use the scroll function to load more log entries as you scroll
down the page.
The menus and buttons in the tool bar determine which records are retrieved from the WXA. The records are
retrieved from the WXA depending on the selected options, but they are not all loaded into the table
immediately. By scrolling down, more records are appended. The filters at the top of the table determine which
of the retrieved entries are shown in the table.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
128
Action Items
Name
Description
Show
Menu from which to select whether to show All, For Group, or For WXA
Min. Priority
Displays the log entries of the selected priority or higher by using severity.
Categories
Displays the log entries of the selected categories.
# Entries: 2000
Selects the number of entries retrieved and displayed in the logs list. Depending on the number selected, you may need to scroll through the table to view
all the log entries.
Edit button
Displays the Logs: Reporting Period window.
Refresh button
Refreshes the WAN Acceleration > Logs page. The refresh interval can be
entered in the box to the right of the Refresh symbol. The interval can be
increased to a maximum of 999 seconds.
Click the Refresh button to manually update the Logs page.
Click the Pause button to stop updates on the page
Export as CSV
Exports the currently logged messages to a Comma Separated Values (CSV) file
that can be saved and viewed as a spreadsheet. The time, priority, category,
message, and ID fields are exported.
Clear Logs button
Clears all of the logged messages off the WXA appliance and is irreversible.
Filter by drop-down
menu
Filter the results by selecting from the drop-down lists and entering text in
text fields: ID, Priority, Category, and Message. The filters you select determine which of the log entries retrieved from the WXA series appliance are displayed on the Log screen.
Column Headings
Name
Description
Time
Displays the time the event was logged.
ID
Displays the ID number of the log message.
Priority
Displays the priority of the log message. Select from: Error, Info, Notice or
Warning.
Category
Displays the category of the log message. Select from: DHCP, GUI, SNTP, TCP
Accel. Cache, TCP Accel. Proxy, WFS Signed SMB, WFS Unsigned SMB, and
Web Cache.
Message
Displays the text of the log message.
The following table shows the ID number ranges for each WXA component.
ID Range
Component
10000-19999
WXA System
20000-29999
WXA System Network
30000-39999
TCP Acceleration
40000-49999
Unsigned WFS
50000-59999
Signed WFS
60000-69999
Web Cache
70000-79999
Management
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
129
Viewing Log Messages
The WAN Acceleration > Log page displays log messages from the connected WXA.
To view WXA log messages:
1
Go to the WAN Acceleration > Log page.
2
Filter log messages based on Min. priority, Categories and # Entries, and then click the refresh button
to apply the filter.
3
To export the logs, click the Export as CSV button. Log entries will be saved as entries on an excel
spreadsheet.
NOTE: A browser message appears asking: Do you want to open or save WXA Logs.... Click Open
(appears as log entries on an excel spreadsheet), Save, or Save As.
NOTE: You must click the Refresh button after changing any of the selection criteria.
NOTE: To remove all of the logged messages from the WXA appliance, select the Clear Logs
button. This action is irreversible.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
130
Part 3
WAN Acceleration on NSA and
SuperMassive Series Firewalls
• About WXA Clustering and Licensing
• Configuring WXA Clustering
• Viewing Summary Information
• Configuring the WXA Series Appliances
• Viewing the TCP Acceleration Page
• Configuring TCP Acceleration
• Viewing the WFS Acceleration Page
• Configuring WFS Acceleration
• Configuring VPNs and Route Policies
• Viewing the Web Cache Page
• Configuring the Web Cache
• Managing Firmware
• Viewing the Log Page
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
131
16
About WXA Clustering and Licensing
Topics:
•
WXA Clustering Overview on page 132
•
Licensing Overview for WXA Clustering on page 133
•
Getting a License from MySonicWALL.com on page 135
•
Getting a License through the Firewall Management Interface on page 136
•
Activating a License on page 139
WXA Clustering Overview
This section provides an introduction to the WXA Clustering feature.
•
Supported Platforms for Clustering on page 132
•
What is WXA Clustering? on page 132
•
Benefits on page 133
•
How Does WXA Clustering Work? on page 133
•
Restrictions on page 133
Supported Platforms for Clustering
WXA Clustering is supported in the following WXA releases:
•
WXA firmware 1.3.2 and above
WXA Clustering is supported on the following Dell SonicWALL network security appliances:
•
NSA 2600
•
NSA 3600
•
NSA 4600
•
NSA 5600
•
NSA 6600
•
SM 9200
•
SM 9400
•
SM 9600
What is WXA Clustering?
WXA Clustering is defined as two or more WXA appliances working in conjunction to provide increased
throughput and resilience.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
132
Benefits
Clustering WXA appliances significantly increases the number of connections that can be accelerated
simultaneously. By simply adding more WXA devices, you can increase that capacity several times over. The
following table shows the maximum number of users and connections that are available for each WXA platform.
WXA 6000
WXA 4000
WXA 2000
WXA 5000
WXA 500 Live
Platform
Software
Hardware
Appliance
Hardware
Appliance
Virtual
Appliance
Software
Maximum Users
2000
240
120
360
20
Maximum
Connections
10,000
1,200
600
1,800
100
Clustering WXA appliances provides the following benefits:
•
Increases scalability of the acceleration solution for both users and the WAN infrastructure
•
Is an elastic solution that can be scaled to meet enterprise and application requirements
•
Is a flexible solution that allows one or more WXAs to be dedicated to particular tasks or network
segments
•
Is a resilient infrastructure for WAN Acceleration
How Does WXA Clustering Work?
WXA Clustering is accomplished by connecting multiple WXA series appliances together and using load balancing
and connection balancing to increase the number of simultaneous connections that are possible. It is not
necessary to have WXA Clustering implemented at both the remote and local locations, but there must be at
least one WXA at each location.
When multiple WXAs are connected and are working together, the amount of data that can be accelerated over
the WAN is increased significantly.
In a WXA Clustering configuration, the WXAs are members of groups, and there can be multiple groups. The
WXAs in each group have the same configuration, but different groups of WXAs can have different
configurations.
The WXA configurations are pushed from the SonicOS of the Dell SonicWALL network security appliance.
Restrictions
WXA Clustering does not support WFS Acceleration for Signed SMB. WFS Acceleration for Signed SMB is supported if you use a single WXA that is dedicated to accelerating Signed SMB. That WXA may or may not be part
of a group. However, by keeping it outside of the clustering groups, it can be engaged solely in accelerating
Signed SMB traffic.
Licensing Overview for WXA Clustering
Licensing for WXA Clustering is based on the maximum number of concurrent accelerated connections that you
wish to support. Customers can purchase a WXA Clustering Licenses for a specified number of connections that
will be accelerated.
On the WXA 500, WXA 5000 and WXA 6000, WXA Clustering licenses are purchased based on the number of
connections desired. Each license represents the maximum number of connections that are allowed. Only the
maximum number of connections that are licensed will be accelerated. If more than the maximum number of
connections passes through the firewall, the excess connections are still established, but are not accelerated.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
133
On the WXA 2000 and WXA 4000, no extra licenses are needed. For these models, the maximum number of
connections that is built into the appliance is also the maximum number of connections that will be
accelerated.
If a WXA 2000 or a WXA 4000 is added to a cluster that has a WXA 500, WXA 5000 or WXA 6000 in it, the number
of connections is increased accordingly. For example, adding a WXA 2000 to a cluster will add 600 concurrent
connections to the allowed limit.
Customers can add any number of virtual WXA 500s, WXA 5000s and WXA 6000s to a firewall, but the number of
accelerated connections is dependent on the license that has been purchased.
If the allowed number of accelerated connections is exceeded, all excess connections will bypass the cluster, no
matter how many WXAs are in the cluster. It is the Administrator’s responsibility to ensure that a sufficient
number of WXAs are attached to the firewall to handle the number of licensed connections that they wish to
support.
You can see the WXA Licensing information displayed on the WAN Acceleration > Summary page of the firewall.
In the example below, the Summary page shows that the firewall already has licenses for 5000 accelerated
connections, and that the license expires on 12 October 2015. The graph chart to the right shows the number of
connections currently being accelerated through the WXA(s).
You can add additional WXA Clustering Licenses by getting the Activation Key from the License Manager page.
The example below shows the Activation Key for the 3000 connections.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
134
Getting a License from MySonicWALL.com
The following example show how to get a license from mysonicwall.com.
To register a product and get the license:
1
Go to mysonicwall.com.
2
At the login page, enter your Username and Password.
NOTE: If you do not have a MySonicWALL account, click Register Now and follow the instructions in
the Getting Started Guide for your appliance.
3
On the mySonicWALL Home page, in the Quick Register panel, enter your Activation Key.
4
Click Next and follow the prompts on the screen.
You can also get a license on the Register Product page.
5
Go to the My Products > Register Product page.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
135
6
In the Serial Number field, enter your Activation Key, and follow the prompts on the screen.
Getting a License through the Firewall
Management Interface
You can also activate your license on the System > Licenses page on the firewall.
To activate your license on the System > Licenses page:
1
Enter the Activation Key for the product into the Enter upgrade key field
2
Click Submit.
3
Click the Synchronize button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
136
The License information has been updated on the System > Licenses page. Originally, there were 5000 WAN
Acceleration licenses, and we have added an additional 3000 licenses. So, now there are 8000 WAN Acceleration
licenses. The expiration date has also changed. The WAN Acceleration license now expires on the 13 October
2015.
This same information is also shown on the WAN Acceleration Summary page.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
137
Next we will add a WXA 2000. WXA 2000s support 600 concurrent connections and do not need an extra software
license. However, when we add a WXA 2000 to the firewall, the additional 600 licensed connections is shown in
the Licensed Connections table, and we can see that the total number of concurrent connections is now 8600.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
138
Activating a License
Customers can enter their Activation Key on either MySonicWALL.com or directly from the firewall on the
System > Licenses page.
To enter your Activation Key from the firewall on the System > Licenses page:
1
Go to the System > Licenses page.
2
On the line that says, To Activate, Upgrade, or Renew services, click here — click on the click here
hyperlink.
The page changes to the License Management page that shows a list of licenses.
3
On the WAN Acceleration Software line, click Upgrade.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
139
That opens a new page where we can enter the Activation Key.
4
In the New License Key 1 box, enter the Activation Key.
5
Click Submit.
6
Click the Upgrade button.
The Count, Expiration, License, and Expiration fields are updated accordingly.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
140
17
Configuring WXA Clustering
Topics:
•
WXA Clustering Management on page 141
•
Configuration for WXA Clustering on page 142
WXA Clustering Management
WXA Clustering is managed via SonicOS on the Dell SonicWALL network security appliance.
This section contains the following subsections:
•
WXA Groups on page 141
•
Connection Balancing on page 142
•
Statistics and Visualization on page 142
•
Configuration for WXA Clustering on page 142
SonicOS discovers WXAs that are connected to the firewall via DHCP and by clicking the Probe for WXA button
on the WAN Acceleration > Summary page. The probe also occurs automatically every few seconds. However,
the list of WXAs on the Summary page is not refreshed automatically, but can be updated by clicking the refresh
button.
When a WXA is detected, and the default group has been set, the WXA is assigned to the default group.
However, a user can unset the default group, in which case, the WXA is added to a list of unassigned WXAs. The
WXA must then be added to a group manually by the Administrator before it can accelerate traffic.
There can be any number of groups. A group can be assigned to each VPN or Route policy. Traffic on that VPN is
accelerated by the WXAs in that group. The same group can be assigned to more than one VPN or Route Policy,
but each policy can have only one group.
Each WXA in a group is given the same configuration, which is stored on the firewall. The configuration is set up
on each WXA when the WXA first connects to the firewall, whenever the WXA is probed by the firewall (every 60
seconds), and whenever any aspect of the configuration is changed.
WXA Groups
The WAN Acceleration feature uses connection balancing so that the number of connections is equally
distributed across all the WXAs in a Group. There is no primary WXA appliance in a group. The WXA appliances
are selected for use in the order that they occur in the list of WXAs of that group.
SonicOS stores the following WXA configuration settings on a per group basis:
•
Friendly Name
•
Whether Web Cache, Unsigned SMB, and TCP Acceleration are enabled
•
Web Cache mode
•
Exclusion/Inclusion list settings for TCP Acceleration, WFS Acceleration, Unsigned SMB, and Web Cache
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
141
Connection Balancing
SonicOS monitors and probes multiple WXA appliances simultaneously for their online and operational status.
The number of connections is equally spread across all of the WXAs in a group. SonicOS maintains a count of the
number of active connections on each WXA in the group. The WXA with the least number of active connections
is selected when a new connection is requested.
The connection balancing takes into account the number of connections supported by the WXA model type. So,
it will not send more connections than a particular WXA can handle.
Connection balancing is supported by the following WXA components:
•
TCP Acceleration
•
WFS Acceleration – Unsigned SMB acceleration
•
Web Cache
Statistics and Visualization
The WAN Acceleration > Summary page shows the multiple WXAs in the clustering configuration, with status
indicators for each WXA appliance and its components. The cumulative cluster performance statistics are
displayed by default. The visualization graph shows the instantaneous number of connections and throughput,
and a table shows the load.
Configuration for WXA Clustering
To configure WXA Clustering, you must be running SonicOS 6.2.2 or higher firmware on your Dell SonicWALL
network security appliance. Firmware can be obtained om MySonicWALL or through Dell SonicWALL Sales
Engineers (SE).
All WXAs must be connected to a single interface on the firewall, achieved by going through a switch. A typical
deployment scenario would be to use virtual WXA 5000s hosted on an ESXi Server, but all WXA models may be
used for clustering.
WXA Clustering is configured by adding WXAs to groups. You can configure multiple groups, and each group can
have multiple WXAs in it.
This section contains the following subsections:
•
Configuring WXA Clustering via the WXA Setup Wizard on page 143
•
Configuring WXA Clustering via the WAN Acceleration Pages on page 144
•
Configuring the Interface for the WXAs on page 145
•
Adding a New Group on page 145
•
Editing a Group on page 145
•
Viewing the List of WXAs on page 147
•
Assigning a WXA to a Group on page 149
•
Accelerating Traffic on a VPN on page 149
•
Accelerating Traffic on a Route on page 150
•
Support for WXAC on page 150
•
Monitoring Connections across WXAs in a Group on page 151
•
Viewing Statistics for Components on page 151
•
WFS for Signed SMB on page 152
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
142
Configuring WXA Clustering via the WXA Setup Wizard
To configure WXA Clustering via the WXA Setup Wizard:
1
At the top right of the firewall UI, click the Wizards link.
2
Select the WXA Setup Wizard option, and click Next.
3
Follow the instructions on the Wizard screens and click Next to work through the screens.
4
For the interface, select the interface that the WXAs are connected to via the switch.
5
Ensure that all the available WXAs are connected and powered on.
In the Groups screen, the first group is created automatically and set as the default group.
6
In the Groups screen, select a group to configure.
or
Select Create a new group and enter a name for the group in the Group Name field.
7
Click Next.
8
In the WXAs screen, select any of the discovered WXAs you want to assign to the group.
NOTE: If you chose the first, automatically created group, all the discovered WXAs may already be
assigned to that group because that group is the default group.
9
Click Next.
10 Select any combination of acceleration components:
•
TCP Acceleration
•
WFS (Unsigned SMB)
•
Web Cache
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
143
11 If you selected TCP Acceleration or WFS (Unsigned SMB), select the VPNs that will have their traffic
accelerated by the WXAs in the group.
12 If you selected TCP Acceleration or WFS (Unsigned SMB), select the Routes that will have their traffic
accelerated by the WXAs in the group.
13 Click Next.
14 Click Configure Another Group
or
Click Configure WFS for Signed SMB.
or
If you are done, click Close.
Configuring WXA Clustering via the WAN
Acceleration Pages
As an alternative or supplementary configuration method to the Wizard, you can also configure WXA Clustering
on the Management Interface of the Dell SonicWALL network security appliance via the WAN Acceleration pages.
The WAN Acceleration > Summary page shows the currently configured groups and the WXAs that belong to
each group.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
144
Configuring the Interface for the WXAs
To configure the interface on the firewall through which the WXAs are connected via a switch:
1
Go to the WAN Acceleration > Summary page.
2
Select the Enable WAN Acceleration option.
3
Click the Edit Interface button.
4
In the Interface for WXA dialog, select the Interface and Zone that you want and enter the IP Address
and Netmask. A DHCP range will be created.
5
Select the Keep existing interface configuration option if the interface is already configured and you
wish to keep the existing settings.
6
Click OK.
Adding a New Group
To add a New Group:
1
On the WAN Acceleration > Summary page, click the Add button.
The New Group dialog appears.
2
In the New Group dialog, enter the name of the group that you want to add.
3
If you want this group to be the default group, select the Use as Default Group option.
The new group is added to the Groups panel on the WAN Acceleration > Summary page with a green
LED indicator in the Default column if it is the default group.
NOTE: All newly discovered WXAs are automatically added to the default group.
Configure the various acceleration component settings for the group as described in the next section,
Editing a Group.
Editing a Group
To edit a group:
1
Go to the WAN Acceleration > Summary page.
2
Select the group that you want to edit.
3
Click the Edit button on the corresponding row for that group.
The Edit Group dialog appears.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
145
4
(Optional) Under the Group Details tab, enter a new name for the group if you wish.
5
If you want to use this group as the default group, select the Use as default group option.
Any newly discovered WXAs are automatically added to the default group.
6
If you do not want to use this group as the default group, unselect the Use as default group option.
7
Select the TCP Acceleration tab.
8
Select the Enable TCP Acceleration option.
9
From the TCP Acceleration Mode menu, select the mode that you want.
10 From the Service Object menu, select the type of service that you want.
11 From the Address Object always excluded menu, select the type of addresses that you do not want to
accelerate.
12 Select the WFS (Unsigned SMB) tab.
13 If you want to accelerate Unsigned SMB traffic, select the Enable WFS Acceleration (Unsigned SMB)
option.
14 Select the Web Cache tab.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
146
15 Select the Enable Web Cache option.
16 From the Web Server Ports menu, select the type of ports that you want to use.
17 From the Client Inclusion Address Object menu, select the type of client addresses that you want to
include in the Web Cache.
18 From the Server Exclusion Address Object menu, select the type of server addresses that you want to
exclude from the Web Cache.
NOTE: You can select address groups instead of address objects if you want to include or exclude multiple
address objects.
19 From the Caching Strategy menu, select the caching strategy that you want to use:
•
Minimal – All objects are cached unless the HTTP header specifically says not to, such as “no
cache” or an “expire” time that occurs in the past.
•
Moderate – This is the default web caching strategy. In Moderate caching mode, the Web Cache
keeps objects in the cache for longer than in Minimal mode. The Web Cache also enforces a
minimum age of 7 days on objects that don't include any 'no caching' control options (such as nocache, no-store or an explicit expiry time) in the HTTP header.
•
Aggressive – In Aggressive mode, the Web Cache ignores explicit expiry time (enforcing a
minimum age of 7 days), reload and no-cache options in HTTP headers.
CAUTION: The Aggressive mode Caching Strategy should be used with caution, as it violates the HTTP
standard and may lead to unwanted consequences.
20 In the Administrator Email field, type the name of the Administrator to be shown in the Web Cache error
page that is presented to network users in the event of an error.
21 Click OK to save the group.
The Groups table will be updated, and the relevant settings will be configured to the WXAs in the group. The
new configuration will determine how traffic is accelerated over the WAN.
Viewing the List of WXAs
The WAN Acceleration > Summary page has two panels, one that lists the groups and one that lists the WXAs.
To view the list of WXAs:
1
Go to the WAN Acceleration > Summary page.
Under the Groups panel is the WXAs panel that lists the discovered WXAs.
2
From the Show menu, select one of the following options:
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
147
•
All – Displays all discovered WXAs.
•
For Selected Groups – Displays only WXAs for the groups selected in the Groups panel.
•
Unassigned – Displays only WXAs that are not assigned to a group.
NOTE: When you power on a new WXA, that WXA should be added to the list of WXAs when it is
discovered. You can search for WXAs anytime by clicking the Probe All button.
3
If you want to search for new WXAs, click the Probe All button.
NOTE: If a default group has been set, any newly discovered WXAs are automatically assigned to
the default group, but you can move any the WXAs to another group at anytime.
WXA Panel Column Information
Op. Status Column
The Op. Status column shows the operational status of each WXA and shows a T, W, S, or C to indicate which
components are operational:
•
T – TCP Acceleration
•
W – WFS for Unsigned SMB
•
S – WFS for Signed SMB
•
C – Web Cache
NOTE: Solid green indicates enabled and ready, hollow green indicates ready but not enabled,
red indicates an error.
Firmware Column
The Firmware column shows the firmware version of each WXA.
NOTE: All the WXAs in the group must be running the same firmware. Any WXAs that are running a lower
version of firmware than their peers, will not participate in the load balancing.
Cluster Column
The Cluster column indicates whether the WXA is an active member of a group. A red LED indicator indicates
that the WXA is not included in acceleration either because it is not cluster-ready (has older firmware) or
because there has been an error of some kind. A green LED indicator indicates that the WXA is an active
member of a cluster.
Load Column
The Load column shows what percentage of the WXA’s CPU, memory, and disk space is in use.
Connections Column
The Connections column shows two numbers separated by a slash. The first number is the current number of
connections. The second number is the number of connections that can be handled by that WXA based on its
model type. Only TCP and Unsigned SMB connections are shown.
Configure Column
The Edit button in the Configure column opens the Edit WXA dialog where you can edit the name of the WXA
and assign the WXA to a different group.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
148
If a WXA goes offline, the Delete button in the Configure column enables you to delete a WXA from the list. If
the WXA is online when deleted, it will reappear in the list assigned to the default group.
NOTE: Before you can delete a WXA, you must first unassign the WXA from its group by selecting
<<UNASSIGNED>> in the Edit WXA dialog of the WAN Acceleration > Summary page.
Assigning a WXA to a Group
When a WXA is powered on and connected to the firewall, it is assigned to the default group. You can change
the group that the WXA belongs to at any time.
To assign which group a WXA belongs to:
1
Go to the WAN Acceleration > Summary page.
2
From the list of WXAs, select the WXA that you want to edit.
3
Click the Edit button on the corresponding row for that WXA.
The Edit WXA dialog appears.
4
In the Name field, enter a name for the WXA or keep the same name that is there.
5
From the Group menu, select the group that you want to assign the WXA to.
6
Click OK to close the dialog. The WXA table will be updated.
The WXA will now participate in load balancing the connections handled by the group as long as the WXA
is cluster ready, that is the firmware matches the other WXAs in the group.
NOTE: You can leave a WXA out of all groups, by selecting <<unassigned>>. You may wish to do
this if you want to use a WXA as a dedicated, standalone device to accelerate Signed SMB traffic. In
which case, that WXA would not be part of a group and would not participate in load balancing
with other accelerated traffic. However, you can assign a dedicated WXA for Signed SMB to a
group, but doing so will increase the load on the WXA.
Accelerating Traffic on a VPN
To accelerate traffic on a VPN:
1
Go to the WAN Acceleration > Summary page.
2
Click the VPN Policies tab.
3
Click the Edit button of the VPN policy you want to configure.
The Edit VPN Policy dialog appears.
4
From the Group menu, select the group that you want to manage the TCP Acceleration and
WFS Unsigned SMB traffic on that VPN.
5
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
149
To disable acceleration on a VPN:
1
Go to the WAN Acceleration > Summary page.
2
Click the VPN Policies tab.
3
Click the Edit button of the VPN policy you want to edit.
The Edit VPN Policy dialog appears.
4
From the Group menu, select None.
5
Click OK.
NOTE: You can also assign a group to a VPN from the VPN Policy dialog that is launched from the
VPN > Settings page.
Accelerating Traffic on a Route
To accelerate traffic on a Route:
1
Go to the WAN Acceleration > Summary page.
2
Click the Route Policies tab.
3
Click the Edit button of the route policy you want to configure.
The Edit Route Policy dialog appears.
4
From the Group menu, select the group that you want to manage TCP Acceleration and
WFS Unsigned SMB traffic on that Route.
5
Click OK.
To disable acceleration on a Route:
1
Go to the WAN Acceleration > Summary page.
2
Click the Route Policies tab.
3
Click the Edit button of the Route Policy you want to edit.
The Edit Route Policy dialog appears.
4
From the Group menu, select None.
5
Click OK.
NOTE: You can also assign a group to a Route from the Edit Route Policy dialog that is launched
from the Network > Routing page.
Support for WXAC
You can assign a group to support connections from NetExtender WAN Acceleration Clients (WXAC).
NOTE: The NetExtender WAN Acceleration Client (WXAC) must be licensed to assign a group to it.
To enable WXAC support in a group:
1
Go to the WAN Acceleration > Summary page.
2
Click the SSL VPN tab.
3
If WXAC is licensed, you will see the Group menu.
4
From the Group menu, select the group to be used for WXAC.
5
Click the Accept button.
NOTE: If WXAC is not licensed, you will see the following message:
NetExtender WAN Acceleration Client (WXAC) is not licensed.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
150
Monitoring Connections across WXAs in a Group
To monitor connections across WXAs in a group:
1
Go to the WAN Acceleration > Summary page.
2
Click the Monitor tab.
3
From the Group menu, select the group that you want to monitor.
The connections handled by each WXA are shown in the graph.
TIP: You can see the graph for any group by clicking the Monitor button for that group in the
Monitor column of the Groups panel on the WAN Acceleration > Summary page.
Viewing Statistics for Components
On the TCP Acceleration page, TCP Acceleration Statistics Breakdown tab, Connection tab, and the WFS
Acceleration and Web Cache pages, the statistics are collected from a selected group, a selected WXA, or from
all WXAs in all groups together. You can view the statistics for a specific component or for all components at
once.
The following example is for TCP Acceleration, but the steps are the same for those other UI pages as well.
To view the statistics for TCP Acceleration components:
1
Go to the WAN Acceleration > TCP Acceleration > Statistics page.
2
From the Show menu, select one of the following options:
•
All
•
For Group
•
For WXA
3
If you select All, no specific Groups or WXAs are shown in the adjoining drop-down menu. Statistics for
all groups and all WXAs will be shown.
4
If you select For Group, select the group that you want from the adjoining drop-down menu.
Statistics for that group will be shown.
5
If you select For WXA, select the WXA that you want from the adjoining drop-down menu.
Statistics for that WXA will be shown.
6
From the Covering Period menu, select the time period over which you want to collect the data to be
displayed.
7
Click the Refresh button.
A table opens showing the status of the data loading from each of the selected WXAs.
This table can be minimized when the loading has finished.
NOTE: Even though statistics data is displayed when the page is opened, you must press the
Refresh button whenever any of the search criteria is changed.
The different charts available for the page are held within an accordion component, so you can quickly switch
between them. The table summarizes the results and also highlights the search criteria that was used to gather
the data.
The WFS Acceleration > Statistics page differs from the TCP Acceleration > Statistics page only in that you can
specify whether to show data for Signed SMB or Unsigned SMB or both.
Both the WFS Acceleration > Statistics page and the Web Cache > Statistics page display slightly different
charts.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
151
The TCP Acceleration Breakdown Statistics page and the TCP Acceleration Connections page both provide
selection criteria for what is displayed and a WXA loading table. The Refresh button must be clicked whenever
any of the selection criteria is changed.
WFS for Signed SMB
To configure acceleration of WFS for Signed SMB:
1
Go to the WAN Acceleration > WFS Acceleration > Signed SMB page.
2
Click the Accelerate Signed SMB check box.
3
Click the Edit button next to Domain.
4
Click the Join Domain button.
The Join Domain dialog appears.
5
Enter the username and password for the Administrator of the domain or an account that can join the
WXA appliance to the domain.
6
Click Join Domain.
A dialog appears asking you if you wish to continue.
7
Click Yes if you want to continue.
NOTE: The domain may not always be discovered. If the domain cannot be discovered, it usually
indicates that the WXA cannot reach the network. The Administrator should check the DNS settings
and verify them using the DNS Lookup Tool under the Signed SMB Tools page. If the connectivity is
ok and the domain is still not discovered by the WXA, the Administrator can manually type the
domain name by clicking the Edit Domain button that is visible when the WXA has not joined the
domain.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
152
While processing, the Joining the Domian dialog appears. When it is finished joining the domain, the
Join Domain Results window appears showing the results. If it was successful, it displays, “Successfully
joined the Domain” with a list of the details.
8
Click the Close button.
The Domain Details panel is populated with the current domain information.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
153
18
Viewing Summary Information
Topics:
•
WAN Acceleration > Summary on page 154
•
Groups Panel on page 155
•
WXAs Tab on page 156
•
VPN Policies Tab on page 157
•
SSL VPN Tab on page 157
•
Route Policies Tab on page 157
•
Monitor Tab on page 158
WAN Acceleration > Summary
The Summary page displays the WAN Acceleration panel that shows the WAN Acceleration status, license
information, and a graph showing the activity of the active connections. The Groups panel lists the configured
groups with columns showing a summary of the status and information for each group. Below that are five tabs
that display information for WXAs, VPN Policies, SSL VPN, Route Policies and Monitor.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
154
Groups Panel
The Groups panel has buttons to add a new group, delete groups, set a group as the default group, and unset
the default group. Each group can represent a number of WXAs that are working together in a cluster.
The columns in the Groups panel are described in the following table.
Column Name
Description
Name
The configured name of the group.
TCP Accel.
Enabled—Indicates that the TCP Acceleration service is enabled for this
group.
Disabled—Indicates that the TCP Acceleration service is disabled for this
group.
WFS (Unsigned SMB)
Enabled—Indicates that the WAN Acceleration service for Unsigned SMB is
enabled for this group.
Disabled—Indicates that the WAN Acceleration service for Unsigned SMB is
disabled for this group.
Web Cache
Enabled—Indicates that Web Cache is enabled for this group. Traffic passing
through the WXAs of this group is redirected to the Web Cache.
Disabled—Indicates that Web Cache is not enabled for this group. Traffic
passing through the WXAs of this group is not redirected to the Web Cache.
WXAs
The first number is the number of WXAs online and participating in
acceleration. The second number is the total number of WXAs assigned to
this group.
VPNs
The number of VPNs passing traffic accelerated by the WXAs in this group.
SSL VPN
Indicates whether the SSL VPN is assigned to this group. This field will
always be 1 or 0.
1 = the SSL VPN is assigned to this group.
0 = the SSL VPN is not assigned to this group.
Routes
The number of routes passing traffic accelerated by the WXAs in this group.
Conn.
The first number is the number of connections that are currently being
accelerated. The second number is the number of licensed connections
that are available to the combined WXAs of this group.
Default
Green indicates that this group is the default group.
Configure
The Edit icon opens the Edit Group dialog where you can change the
settings for this group. The delete icon removes this group.
A group cannot be deleted if it is assigned to a VPN, a Route, or the SSL
VPN, or if it has WXAs assigned to it.
Monitor
Clicking the Monitor button displays a graph showing the active
connections in use for each WXA in the selected group.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
155
WXAs Tab
Below the Groups list there are five tabs.
The columns displayed under the WXAs tab are described in the following table.
Column Name
Description
ID
The unique identifier number for the WXA.
Name
The unique name of the WXA.
Group
The configured name of the group.
IP
The IP address of the WXA.
Model
The model of the WXA.
Firmware
The firmware version in use by the WXA.
Probe
Clicking the Probe button performs a handshake between the firewall and
the WXA appliance, and confirms whether they are connected to each
other.
Op.Status
The operational status of the WXA indicated by a T, W, S, or C:
T – TCP Acceleration
W – WFS for Unsigned SMB
S – WFS for Signed SMB
C – Web Cache
Solid green indicates enabled and ready, hollow green indicates ready but
not enabled, red indicates an error.
Cluster Ready
Green indicates that the WXA is ready to be part of a cluster and
participate in accelerating traffic. The WXA is online, and the firmware
matches other WXAs in the group.
Load
The percentage of the WXA’s CPU, memory, and disk space that is in use.
Conn.
The first number is the current number of connections. The second number
is the number of connections that can be handled by that WXA based on its
model type. Only TCP and Unsigned SMB connections are shown.
Configure
The Edit icon opens the Edit WXA dialog where you can change the friendly
name of the WXA and the group to which the WXA is assigned.
The Delete icon removes this group. A group cannot be deleted if it is
assigned to a VPN, a Route, or the SSL VPN, or if it has WXAs assigned to it.
Control
Opens a dialog that gives access to functions that control the WXA, such as,
Power Down, Reboot, Set the Time, Jump to the Firmware Page, Set a
Static IP Lease.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
156
VPN Policies Tab
The VPN Policies tab has a list of all the VPN policies and the groups they belong to.
You can edit any of the groups by clicking on the edit icon for that group.
SSL VPN Tab
The SSL VPN tab displays the groups to which SSL VPN (NetExtender) clients belong.
You can select the group of WXAs that support accelerated connections from NetExtender Clients (WXAC).
When you select a group, the active licenses for that group are displayed.
Route Policies Tab
The Route Policies tab displays the configured Route Policies.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
157
Monitor Tab
The Monitor tab displays a graph for the selected group. You can display the graph in line or stack format.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
158
19
Configuring the WXA Series Appliances
Topics:
•
Configuring Network Interfaces on page 159
•
Configuring the Network Interface on the WAN Acceleration > Summary Page on page 160
•
Configuring the Network Interface on the Network > Interfaces Page on page 161
•
Configuring DNS on page 165
Configuring Network Interfaces
The initial configuration of the WXA series appliance should be performed using the WXA Setup Wizard, which is
available by clicking the Wizards button in the top-right corner of the UI page on Dell SonicWALL network
security appliances. For more information on the WXA Setup Wizard, refer to the SonicOS Administration Guide.
The initial setup includes configuring the network interface for the WXA appliance, enabling the WAN
Acceleration service, and creating a static DHCP lease for the WXA appliance.
After completing the initial configuration steps in this chapter, refer to Configuring TCP Acceleration on
page 48 and Configuring WFS Acceleration on page 68 to configure the TCP and WFS Acceleration services.
The preferred way to configure the firewall to connect to WXAs is by using the WXA Setup Wizard. However, you
can also configure the firewall to connect to WXAs by configuring the interface on the WAN Acceleration >
Summary page or on the Network > Interfaces page. The following example configurations show how to do
this. The Network > Interfaces page configuration also includes setting up DHCP.
NOTE: The configuration examples use the X5 interface, but you can use any spare interface on the Dell
SonicWALL network security appliance.
Configuring the network interfaces on your Dell SonicWALL network security appliance so that it can be used
with WXA appliances is described in the following sections.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
159
Configuring the Network Interface on the WAN
Acceleration > Summary Page
To configure your Dell SonicWALL network security appliance to be used with WXA appliances
on the WAN Acceleration > Summary page:
1
Navigate to the WAN Acceleration > Summary page.
2
In the WAN Acceleration panel, from the WXA Interface drop-down list, select the X5 interface.
3
Select the Enable WAN Acceleration check box.
4
Click the Apply Changes button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
160
Configuring the Network Interface on the Network >
Interfaces Page
Using the Network > Interfaces page to configure the interface for the WXA is an alternative method to using
the WXA Wizard or the WAN Acceleration > Summary page, which are the preferred methods. However, using
the Network > Interfaces page also provides the steps to configure DHCP.
To configure your Dell SonicWALL network security appliance to be used with the WXA
appliance on the Network > Interfaces page:
1
Navigate to the Network > Interfaces page.
2
Click the Edit button in the row for the interface you want to connect the WXA appliance to.
The Interface Settings > General tab is displayed.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
161
3
4
Configure the interface settings as follows:
•
From the Zone menu, select LAN.
•
From the Mode/IP Assignment menu, select Static IP Mode.
•
In the IP Address box, enter the IP Address for the port. This example uses 10.203.30.162.
•
In the Subnet Mask text field, enter the subnet mask for the port. This should be a subnet not
already used on the network, and private to the WXA series appliance.
•
(Optional) In the Comment text field, enter text that describes the device.
For example, WXA connection.
•
(Optional) For the Management check boxes, select the management methods you want.
•
(Optional) For the User Login check boxes, select the management methods you want.
•
Click OK.
Navigate to the Network > DHCP Server page.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
162
5
Under DCHP Server Lease Scopes, click Add Dynamic.
The Dynamic Range Configuration dialog appears.
NOTE: DNS configuration cannot be done in the WXA Setup Wizard or on the WAN Acceleration >
Summary page. DNS configuration can only be done on the network pages. See Configuring DNS on
page 165.
6
Select the Enable this DHCP Scope check box.
7
Select the Interface Pre-Populate check box.
8
From the Interface Pre-Populate menu, select port X5.
The information will be auto populated.
9
Click the OK button.
10 Connect an Ethernet cable from the WXA appliance to the X5 port on the Dell SonicWALL network
security appliance.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
163
11 Navigate to the Network > DHCP Server page.
12 Under Current DHCPv4 Leases, verify that your firewall has a DCHP lease for the WXA appliance.
13 Under DHCP Server Lease Scopes, verify that the lease was created with a dynamic range for X5
(the WXA appliance).
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
164
Configuring DNS
Configuring DNS is required only if you plan to use WFS Acceleration for Signed SMB. This example assumes that
the correct DNS server has already been entered on the Network > DNS page, but you can overwrite the DNS
server that is specified on that page.
To configure DNS:
1
Navigate to the Network > DHCP Server page.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
165
2
Under DHCP Server Lease Scopes, click the Edit button for the lease you want to change.
The Dynamic Range Configuration dialog appears.
3
Select the DNS/WINS tab.
4
Select Specify Manually.
5
In the DNS Server fields, enter the DNS IP Addresses that you want.
6
In the Domain Name text field, enter the Domain Name.
(This speeds up auto-detection of the DNS server in cases where Reverse DNS is not configured.)
7
Click OK.
NOTE: The correct DNS server is a domain controller. When Signed WFS is used, only DNS servers that
belong to the active directory domain should be specified. It is never appropriate to use public name
servers when signed WFS is used. However, the domain DNS server may forward requests to public name
servers.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
166
20
Viewing the TCP Acceleration Page
Topics:
•
WAN Acceleration > TCP Acceleration on page 167
•
Configuration Tab on page 168
•
Statistics Tab on page 169
•
Statistics Breakdown Tab on page 170
•
Connections Tab on page 171
WAN Acceleration > TCP Acceleration
The WAN Acceleration > TCP Acceleration page provides the ability to add and edit groups for TCP
Acceleration. The Add Group and Edit Group dialogs provide the options to configure and monitor the TCP
Acceleration service. This section describes the management interface functions of the Configuration,
Statistics, Statistics breakdown, and Connections tabs.
Name
Description
Configuration tab
When you click the Add button, the New Group dialog appears. When you click
the Edit button for a specific group, the Edit Group dialog appears. From these
dialogs, you can select the mode and service objects, and exclude objects for
that group. You can create a new group on this page, but you cannot assign
WXAs to the group. You can only assign WXAs to a group on the Summary page.
You must enable WAN Acceleration in the WAN Acceleration > Summary page.
See Configuration Tab on page 168 for details.
Statistics tab
Displays statistics on bandwidth savings due to TCP Acceleration. See Statistics
Tab on page 169 for details.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
167
Name
Description
Statistics Breakdown
tab
Graphs TCP Acceleration data by port, IP address and data reduction. See
Statistics Breakdown Tab on page 170 for details.
Connections tab
Displays a detailed list of the TCP Acceleration connection results, such as start
and end time stamps, source IP address and port, and destination IP address
and port. Use these results to monitor the performance of your TCP
Acceleration service. See Connections Tab on page 171 for details.
Configuration Tab
The configuration tab provides the options to add new groups or edit existing groups.
When you click on the Edit icon for a group, the Edit Group dialog appears.
The options for editing a group are described in the table below.
Name
Description
Enable TCP Acceleration
Enables or disables the TCP Acceleration service for the group.
TCP Acceleration Mode
Selects how the service object is used by the group. Either as services to be accelerated or as services to be excluded from acceleration.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
168
Name
Description
Service Object
Selects the TCP Acceleration service objects for the group. To add
new service objects to the drop-down list, navigate to Network >
Address Objects and create new service objects.
Note: The option for choosing a TCP Acceleration service object is
greyed out if the TCP Acceleration mode does not support it.
Address object always excluded
Selects the address objects to always exclude from TCP Acceleration for this group. To add an address object to the drop-down
list, navigate to Network > Address Objects and create new
address objects.
Statistics Tab
Name
Description
Show
You can select All WXAs, WXAs in a specific group, or one WXA for which to display
data.
Covering Period
Click the Covering Period drop-down list and select the period of time the data
displays on the Statistics tab.
Data and Graphs
Displays read-only data for the following:
• Total Data Reduction percentage
• WAN capacity increase factor
• New Connections
• Closed Connections
• Peak Connections
• Egress/Ingress data illustrated with bar graphs and time series
(corresponding to the site you are viewing from)
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
169
Statistics Breakdown Tab
Name
Description
Show
You can select All WXAs, WXAs in a specific group, or one WXA for which to
display data.
Display menu
From the Display menu, you select the destination ports and source
addresses to plot in the graph. Then, you select other criteria from the
other menus, such as the top 5 destination ports as determined by the most
data sent. The Display menu options are:
Dest. Port - Displays the volume of data (or “Detemined By” value)
compared to the destination port numbers of the accelerated connections.
Dest. Address - Displays the volume of data compared to the destination IP
address of the accelerated TCP connections.
Src. Address - Displays the volume of data compared to the source IP
address of the accelerated TCP connections.
Address on WAN - Displays the volume of data compared to the destination
address on the WAN of the accelerated TCP connections.
Address on LAN - Displays the volume of data compared to the destination
address on the LAN of the accelerated TCP connections. Connections can be
initiated by a machine on the LAN or WAN.
Show Top menu
Select how many ports or IP addresses display in the graph.
Determined By menu
Select the criteria that displays in the graph.
Edit button
Click the Edit button to select the advanced options to display in the Data
from Selected WXAs table.
Plot Graph
Displays the of the selected criteria in a graph.
Data from Selected WXAs
table
Displays the a summary of the selected criteria in a table.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
170
Connections Tab
Action Items
Name
Description
Show
Display TCP Acceleration data according to the selected criteria.
You can select All WXAs, WXAs in a specific group, or one WXA for which to display data.
Remote Node
Filters the table of connections based on the remote node (the WXA series appliance at the far end of the connection).
Max Entries per WXA
Selects the number of entries to display in the Connections table.
Include Non-Intercepted
Enables or disables the inclusion of non-intercepted traffic to display in the Connections table. The definition of “Non-intercepted” is traffic that is diverted
from the firewall to the WXA appliance, but is not accelerated.
Refresh button
You must click the Refresh button to update the displayed data whenever you
change the criteria.
Bypassed button
Opens a window that displays a list of the connections that are not being accelerated, either because their dates would not compress or the remote node WXA
would not respond.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
171
Column/Field Headings
Name
Description
Start Time
Indicates the starting time of a connection.
End Time
Indicates the ending time of a connection.
Initiator
Displays which end of the network initiated the connection. LAN for connections
started locally, and WAN for connections started from a remote site.
Remote Node
Displays the WXA series appliance at the far end of the connection.
Src IP
Displays the IP address where the connection started.
Src Port
Displays the port number that the connection request was sent from.
Dest IP
Displays the destination IP address.
Dest Port
Displays the destination port number.
Egress
Displays a bar graph that represents outgoing traffic on the network. The blue
colored bar is sent traffic and the grey bar is conveyed traffic.
Ingress
Displays a bar graph that represents incoming traffic on the network. The blue
colored bar is sent traffic and the grey bar is conveyed traffic.
Filter by
Filter the results by entering text into the appropriate input box. A combination
of fields can be filtered.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
172
21
Configuring TCP Acceleration
Topics:
•
WAN Acceleration > TCP Acceleration on page 173
•
Configuring TCP Acceleration for a Group on page 173
•
Verifying the TCP Acceleration Configuration on page 180
WAN Acceleration > TCP Acceleration
The initial configuration of TCP Acceleration should be done using the WXA Setup Wizard. Using the Wizard, you
can enable TCP Acceleration on groups and assign those groups to selected VPNs.
You can also configure TCP Acceleration for groups on the WAN Acceleration > Summary page and on the
WAN Acceleration > TCP Acceleration page. From the drop-down fields, you can select the TCP acceleration
modes, service objects, and address objects to include or exclude from the TCP Acceleration service for that
group.
NOTE: To view, create, or edit service objects, go to the Network > Address Objects page.
The TCP Acceleration service can be used in three different deployment scenarios including: VPN, routed mode,
and Layer 2 bridge mode. This chapter explains how to configure these deployment scenarios in the following
subsections:
•
Configuring TCP Acceleration for a Group on page 173
•
Verifying the TCP Acceleration Configuration on page 180
Configuring TCP Acceleration for a Group
Configuration of TCP Acceleration is done through groups, primarily on the WAN Acceleration > Summary page
or on the WAN Acceleration > TCP Acceleration page. After you create a group, you can assign the group to a
VPN or Route Policy. See “Configuring VPNs and Route Policies” section on page 118 for instructions on assigning
a group to a VPN or to a Route Policy.
For convenience, there is also a Configuration tab on the individual acceleration pages, such as the WAN
Acceleration > TCP Acceleration page. The configuration of WXAs is done creating and configuring groups of
WXAs. Those groups must then be assigned to VPNs or Route Policies.
The Configuration tab gives you the option to add or edit groups for TCP Acceleration. From the Edit dialog,
you can select the modes, service objects, and address objects to include or exclude from the TCP Acceleration
service for that group.
NOTE: To view, create, or edit service objects, go to the Network > Address Objects page.
The following examples describe how to configure TCP Acceleration for groups with various options:
•
Configuring TCP Acceleration for a Group on the WAN Acceleration > Summary Page on page 174
•
Configuring TCP Acceleration on the WAN Acceleration > TCP Acceleration Page on page 176
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
173
Configuring TCP Acceleration for a Group on the WAN
Acceleration > Summary Page
To configure TCP Acceleration for a group on the WAN Acceleration > Summary page:
1
Navigate to the WAN Acceleration > Summary page.
2
Click the Add Group button
, or click the Edit icon
The New Group or the Edit Group dialog appears.
3
Select the Group Details tab.
4
In the Name field, enter a name for the group.
5
If you want this group to be the default group, select the Use as default group.
for a specific group.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
174
6
Select the TCP Acceleration tab.
7
Select the Enable TCP Acceleration check box.
8
From the TCP Acceleration Mode menu, select All TCP services except those excluded by default.
NOTE: By Default, the following ports are excluded from TCP Acceleration:
7, 22, 23, 37, 44, 49, 88, 107, 135, 136, 137, 138, 139, 179, 261, 443, 445, 448, 465, 513,
563, 585, 614, 636, 684, 695, 989, 990, 992, 993, 994, 995, 1494, 1701, 1718, 1719, 1720,
1723, 2000, 2001, 2002, 2003, 2252, 2427, 2478, 2479, 2482, 2484, 2492, 2598, 2679, 2727,
2762, 2998, 3077, 3078, 3183, 3191, 3220, 3269, 3389, 3410, 3424, 3471, 3496, 3509, 3529,
3539, 3660, 3661, 3713, 3747, 3864, 3885, 3896, 3897, 3995, 4031, 5007, 5060, 5061, 5631,
5900, 5901, 5902, 5903, 6000, 7674, 8443, 9802, 11751, 12109.
NOTE: The option to choose a TCP Acceleration Service Object is read-only in this mode.
9
From the Address Object always excluded from TCP Acceleration menu, select None.
10 Click OK.
11 Go to “Configuring VPNs and Route Policies” section on page 118 for instructions on assigning a group to
a VPN or to a Route Policy.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
175
Configuring TCP Acceleration on the WAN Acceleration >
TCP Acceleration Page
This section gives three examples with different options:
•
Configuring TCP Acceleration with all TCP Services on page 176
•
Configuring TCP Acceleration for HTTP Web Traffic Only on page 178
•
Excluding Microsoft SQL database traffic or traffic to the Guest Authentication Servers on page 179
Configuring TCP Acceleration with all TCP Services
To configure TCP Acceleration on the WAN Acceleration > TCP Acceleration page with all TCP
services:
1
Navigate to WAN Acceleration > TCP Acceleration.
2
Select the Configuration tab.
NOTE: When you create a new group from the WAN Acceleration > TCP Acceleration page, you
cannot assign WXAs to that group or assign that group to a VPN or a Route. You must do that on the
WAN Acceleration > Summary page.
3
Click the Add Group button
, or click the Edit icon
The New Group or the Edit Group dialog appears.
for a specific group.
4
Select the Group Details tab.
5
In the Name field, enter a name for the group.
6
If you want this group to be the default group, select the Use as default group.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
176
7
Select the TCP Acceleration tab.
8
Select the TCP Acceleration tab.
9
Select the Enable TCP Acceleration check box.
10 From the TCP Acceleration Mode menu, select All TCP services except those excluded by default.
NOTE: By Default, the following ports are excluded from TCP Acceleration:
7, 22, 23, 37, 44, 49, 88, 107, 135, 136, 137, 138, 139, 179, 261, 443, 445, 448, 465, 513,
563, 585, 614, 636, 684, 695, 989, 990, 992, 993, 994, 995, 1494, 1701, 1718, 1719, 1720,
1723, 2000, 2001, 2002, 2003, 2252, 2427, 2478, 2479, 2482, 2484, 2492, 2598, 2679, 2727,
2762, 2998, 3077, 3078, 3183, 3191, 3220, 3269, 3389, 3410, 3424, 3471, 3496, 3509, 3529,
3539, 3660, 3661, 3713, 3747, 3864, 3885, 3896, 3897, 3995, 4031, 5007, 5060, 5061, 5631,
5900, 5901, 5902, 5903, 6000, 7674, 8443, 9802, 11751, 12109.
NOTE: The option to choose a TCP Acceleration Service Object is read-only in this mode.
11 From the Address Object always excluded from TCP Acceleration menu, select None.
12 Click OK.
13 Go to “Configuring VPNs and Route Policies” section on page 118 for instructions on assigning a group to
a VPN or to a Route Policy.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
177
Configuring TCP Acceleration for HTTP Web Traffic Only
To configure TCP Acceleration on the WAN Acceleration > TCP Acceleration page for HTTP web
traffic only:
1
Navigate to WAN Acceleration > TCP Acceleration.
2
Select the Configuration tab.
3
Click the Add button
, or click the Edit icon
for a specific group.
The Edit Group dialog appears.
4
Select the TCP Acceleration tab.
5
Select the Enable TCP Acceleration check box.
6
From the TCP Acceleration Mode menu, select Only TCP Services Specified in the Service Object.
7
From the Service Object menu, the select HTTP.
8
From the Address Object always excluded from TCP Acceleration menu, select None.
9
Click OK.
10 Go to “Configuring VPNs and Route Policies” section on page 118 for instructions on assigning a group to
a VPN or to a Route Policy.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
178
Excluding Microsoft SQL database traffic or traffic to the Guest Authentication
Servers
To configure TCP Acceleration on the WAN Acceleration > TCP Acceleration page for everything
except Microsoft SQL database traffic or traffic to the Guest Authentication Servers:
1
Navigate to WAN Acceleration > TCP Acceleration.
2
Select the Configuration tab.
3
Click the Add button
, or click the Edit icon
for a specific group.
The Edit Group dialog appears.
4
Select the TCP Acceleration tab.
5
Select the Enable TCP Acceleration check box.
6
From the TCP Acceleration Mode menu, select All TCP services except those specified in the Service
Object and those excluded by default.
7
From the Service Object menu, select Microsoft Structured Query Language (MS SQL).
8
From the Address Object always excluded from TCP Acceleration menu, select Guest Authentication
Servers.
9
Click OK.
10 Go to “Configuring VPNs and Route Policies” section on page 118 for instructions on assigning a group to
a VPN or to a Route Policy.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
179
Verifying the TCP Acceleration Configuration
After you complete the TCP Acceleration configuration procedures, verify TCP Acceleration is working by
checking the TCP Acceleration > Statistics tab.
NOTE: For this verification to work, the remote WXAs must already be configured and traffic must be
flowing between the sites.
1
Navigate to the TCP Acceleration > Statistics tab.
2
View the statistics data and graphs to verify TCP Acceleration.
This indicates if the WXA appliance is using TCP Acceleration for data transfer.
If the Statistics tab data and graphs do not display any information, TCP traffic is not being accelerated. The
TCP Acceleration feature is not configured correctly or is disabled.
Refer to the Configuring TCP Acceleration for a Group on page 173 and check the TCP Acceleration
configuration.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
180
22
Viewing the WFS Acceleration Page
Topics:
•
WAN Acceleration > WFS Acceleration on page 181
•
WFS Acceleration Page for Unsigned SMB on page 182
•
WFS Acceleration Page for Signed SMB on page 188
WAN Acceleration > WFS Acceleration
This chapter describes the management interface features and options that are available on the WAN
Acceleration > WFS Acceleration page and is split up in two sections, Unsigned SMB and Signed SMB. Some of the
tabs and options on this page might be hidden depending on which type of SMB signing and configuration mode
is selected, see below for details.
In a network that supports Unsigned SMB traffic, configuring WFS Acceleration is greatly simplified, because
Unsigned SMB traffic has no security layer. So, the WXA can intercept and modify traffic, eliminating the need
to join a domain, configure custom zones, configure reverse lookup, or add file shares.
In a network that requires SMB signing, the WXA must join a domain and be addressed as a server, due to the
security layer in Signed SMB traffic. Although this type of configuration is more complex than Unsigned SMB, it
offers a more granular configuration of the WFS Acceleration service. Supporting SMB signing provides the
option to configure WFS Acceleration in a Basic or Advanced configuration modes.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
181
WFS Acceleration Page for Unsigned SMB
The WAN Acceleration > WFS Acceleration page provides the ability to add and edit groups for WFS
Acceleration. The Add Group and Edit Group dialogs provide the options to configure and monitor the WFS
Acceleration service.
The WAN Acceleration > WFS Acceleration page should be used to configure the acceleration of Unsigned SMB
traffic by enabling or disabling the WFS Acceleration service in a specific group.
NOTE: Signed SMB cannot be configured in groups. Signed SMB is accomplished using a single WXA for each
firewall, and is configured under the Signed SMB Setup tab.
The WFS Acceleration page has five tabs:
Name
Description
Configuration tab
Allows you to enable/disable WFS (Unsigned SMB) for each of the configured
groups.
Statistics tab
Shows Statistical data in tabular and chart form for both Unsigned and Signed
SMB.
Connections tab
Displays each connection. Unsigned SMB only.
Signed SMB Setup
Not used for Unsigned SMB.
Signed SMB Tools
Not used for Unsigned SMB.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
182
Configuration Tab
The Configuration tab provides the ability to add and edit groups for WFS Acceleration. These groups are the
same groups used for configuration of TCP Acceleration and Web cache. The Add Group and Edit Group dialogs
provide the options to Enable WFS Acceleration.
When you click the Add button
, the New Group dialog box appears.
Clicking the Edit icon
for a specific group, the Edit Group dialog appears where you can edit the group
settings. The WFS (Unsigned SMB) tab provides the option to enable WFS Acceleration.
Name
Description
Enable WFS Acceleration
(Unsigned SMB) check box
Select this check box to enable WFS Acceleration for the group. This check
box is automatically selected when you select either the Unsigned SMB
check box or the Support SMB Signing check box.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
183
Statistics Tab
The Statistics tab displays performance statistics for the WFS Acceleration service.
Name
Description
Covering Period menu
Click the Covering Period drop-down list and select the period of time the
data displays on the Statistics tab.
Show menus
From the drop-down menu, select the traffic whose stats you want to show:
All, Group, WXA, Unsigned SMB or Signed SMB.
Refresh button
Refreshes the statistics on the page. You must click the Refresh button to
update the chart and table whenever any changes are made.
Bypassed Button
Displays a pop-up window with a list of connections that have either been
excluded from the acceleration process or failed. This button is greyed out
if these conditions are not present.
Overview table
Displays statistics for the following items:
• Total Data Reduction percentage
• WAN capacity increase factor
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
184
Summary Panel
Displays two bar graphs that represent Sent or outgoing traffic and Conveyed or incoming traffic on the
network over an actual period of time. The blue colored bar (Egress) is outgoing or sent data and the grey bar
(Ingress) is incoming data. Sent refers to the actual amount of data that is physically sent across the
connection. Conveyed refers to all of the data or information that is sent across the connection.
Breakdown by WXA
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
185
Time Series Panel
Displays two bar graphs that represents incoming and outgoing traffic on the network over a period of time. The
blue colored bar is sent (Egress) traffic and the grey bar is incoming (Ingress) traffic.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
186
Connections Tab
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
187
WFS Acceleration Page for Signed SMB
The WFS Acceleration page for Signed SMB is where you configure acceleration of Signed SMB traffic using a
single dedicated WXA.
Acceleration of WFS for Signed SMB occurs outside of the group configuration, and is not load balanced across
WXAs. Instead, one WXA is dedicated to accelerating Signed SMB traffic. The dedicated WXA may or may not be
assigned to a group. If it is assigned to a group, it will participate in the group's acceleration of TCP and
Unsigned SMB traffic as well as web caching.
To accelerate WFS operations with Signed SMB traffic, the WXA appliance must belong to a Windows domain,
and the Administrator must configure the WXA appliance so that users can access the shared files.
On the Central Site WXA, the Administrator configures the names of the local file servers that are available. On
the Branch Site WXAs, the Administrator also configures the names of the file servers that are listed on the
Central Site WXA, and then maps them to the Central Site WXA, so that remote users can access them. The
names of the file servers on the Branch Site WXAs must be mapped to the names of the file servers on the
Central Site WXA.
The Signed SMB Setup Wizard is accessible from the WXA Setup Wizard. The Signed SMB Setup Wizard walks the
Administrator through the steps of joining a WXA to a domain and configuring the servers at the Central Site site
and the Branch Site.
Advanced Mode is an option on the Signed SMB Setup page. In Advanced Mode, additional options are
displayed. The advanced dialogs allow the user to move away from the naming convention, specify individual
shares and configure different caching settings. Servers configured in Advanced Mode are still visible when
Advanced Mode is disabled.
In Advanced Mode, the Administrator can configure advanced options, restart the WFS appliance, flush the
cache, and select a different domain controller.
Naming Convention
The Naming Convention is intended to facilitate configuration of a file server on the WXA by eliminating
multiple steps by the each Administrator (Head and Branch).
•
The head office WXA Administrator selects the file servers to add to the configuration.
•
The branch office Administrator also selects those file servers (at the head office), however, they are
given a name that will be referred to locally by the branch office workers.
•
The branch office Administrator no longer needs to do the mapping of names on their WXA to the names
on the "next hop WXA" at the head office.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
188
Statistics Tab
The Statistics tab displays performance statistics for the WFS Acceleration service.
NOTE: The WFS Cache statistics displayed in this page only represent Signed SMB traffic. If you are using
only Unsigned SMB, the WFS Cache statistics do not apply. If you are using both, only Signed SMB statistics
will be shown.
Name
Description
Show
You can select All WXAs, WXAs in a specific group, or one WXA for which to
display data.
Covering Period menu
Click the Covering Period drop-down list and select the period of time the
data displays on the Statistics tab.
Show menu
Select whether to display data for Unsigned SMB or Signed SMB.
Refresh button
Refreshes the statistics on the page. You must click the Refresh button to
update the chart and table whenever any changes are made.
Overview table
Displays data for the following items:
Total Data Reduction percentage
WAN capacity increase factor
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
189
Signed SMB Setup Tab
The Signed SMB Setup tab provides the options to join the WXA appliance to a domain, add file servers to the
WXA configuration, and create the necessary records on the domain.
The WXA series appliance should automatically discover the domain details if either of these conditions is
present:
•
The DNS server can reverse resolve its own address into a hostname within the domain.
•
The domain is specified using DHCP, and the DNS server resolves the domain to the address of a Domain
Controller.
NOTE: Specifying the domain using DHCP is not directly considered auto-detecting and it is not a
requirement for the DNS server to be a Domain Controller, although it is most common. However, it
is required for the DNS server to be a domain DNS server, as problems can occur if any non-domain
DNS server is used. Also, some types of independent DNS caches and servers might cause issues.
TIP: The WFS Setup Wizard is available for deployments running SonicOS 6.2 and higher. You must run the
WXA Setup Wizard first. The WFS Setup Wizard is accessible only at the end of the WXA Setup Wizard. This
is the preferred way to configure Signed SMB. You can access the wizard by clicking the Wizards link in the
top-right corner of the firewall. For more information, refer to the “Wizards” section of the appropriate
SonicOS Administration Guide.
When the Advanced Mode option is not selected, the WFS Acceleration > Signed SMB Setup page displays the
basic configuration options.
When the Advanced Mode option is selected as shown, the WFS Acceleration > Signed SMB Setup page displays
three additional configuration buttons: Advanced Options, Restart, and Flush Cache. There are more options
when configuring servers and shares. You can also override the selection of the Domain Controller.
NOTE: If the WXA series appliance has not joined a domain, the Signed SMB Setup tab displays a Join
Domain button and a message that the WXA appliance has not yet joined the domain.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
190
Name
Description
Accelerate Signed SMB check box Select this option to use WAN Acceleration for Signed SMB.
Dedicated WXA
Displays the name of the WXA dedicated to Signed SMB and an Edit button
to open a dialog to select or change the dedicated WXA.
Test Config button
Tests the configuration of WFS for Signed SMB.
Update Domain Records button
Updates missing SPN aliases to the Domain Controller, remote servers in the
Specific Trusted Host List on the computer account, and missing DNS
records. It also removes unwanted or outdated records.
The management interface prompts you to Update Domain Records
whenever you make any configuration changes, such as adding file servers
or shares. You can cancel this prompt and Update Domain Records after all
configuration changes have been made.
Config button
Opens a dialog where you can select the Store and Forward option and
enter the extensions for file types to be included in Store and Forward.
View button
Displays the ongoing Store and Forward operations.
Advanced Mode check box
When this option is selected, additional options are displayed on the UI
page and more options are available for configuring file servers, including
the option to specify individual shares instead of all shares.
Domain Details panel
Displays the Domain that the WXA has joined, the WXA Hostname, and the
WFS Acceleration Address.
Rejoin and Unjoin buttons
Buttons to Rejoin or Unjoin the Domain.
Edit Icon
Opens dialog to select the WFS Acceleration Address.
Advanced Options button
Opens a dialog to configure the WFS Acceleration service in more detail
with Client Signing, Server Signing, and Max Transmit packet size for
Common Internet File System (CIFS) packets.
Restart button
Restarts the WFS Acceleration service for Signed SMB.
Flush Cache button
Clears the WFS Signed SMB data that is currently in the cache.
Local Servers tab
Displays a list of the local servers that are available for file sharing and a
button to add additional local servers. Local servers are servers that are on
the same site as the WXA appliance.
Remote Servers tab
Displays a list of the remote servers that are available for file sharing and a
button to add additional remote servers. Remote servers are servers that
are not on the same site as the WXA appliance.
CAUTION: Changing the dedicated WXA for Signed SMB acceleration will cause any active sessions and
file transfers to be terminated, perhaps resulting in loss of data.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
191
Signed SMB Tools Tab
The Tools tab provides diagnostic tools for the WFS Acceleration service.
The Diagnostic Tools drop-down menu provides the following panels:
•
DNS Name Lookup — Performs a search on a specific Name or IP address.
•
Available Shares — Displays information about available shares on a specific host.
•
List Kerberos Servers — Displays a list of Kerberos servers that are available to use.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
192
DNS Name Lookup
The DNS Name Lookup panel displays the following information:
Name
Description
Primary DNS: (read-only)
Displays the primary DNS which was configured on Dell SonicWALL
network security appliance using the Network > DNS page or Network
> DHCP Server > Edit > DNS/WINS tab.
Secondary DNS: (read-only)
Displays the secondary DNS which was configured on Dell SonicWALL
network security appliance using the Network > DNS page or Network
> DHCP Server > Edit > DNS/WINS tab.
Lookup Name or IP: text field
Allows you to search for available DNS names or IP addresses. Click Go
to initiate the search. A response will be received from the DNS server.
It is used to verify whether the WXA series appliance can reach the DNS
server.
Lookup of IP addresses only works if the DNS server has reverse lookup
zones configured.
NOTE: The DNS servers in the DNS Name Lookup should all be domain DNS servers. Non-domain DNS
servers will cause problems authenticating and connecting to shares.
The DNS Name Lookup Tool is specifically aimed at determining whether computer names can be resolved on
the domain. If they are resolved, the WFS configuration can proceed and acceleration should be successful.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
193
Available Shares
The Available Shares panel provides the following configuration options:
NOTE: If the WXA appliance has already joined the domain, you can select the Use Machine Account
Credentials option. Then you do not need to enter a username or password.
Name
Description
Host: Text Field
The name of the server to query for the share list.
Use Machine Account Credentials
check box
Checks the shares available on the share entered in the Host text
field using the WXA series appliance’s machine account credentials.
This will normally be sufficient.
Username: Text Field
The username for the user’s account.
Password: Text Field
The password for the user’s account.
Go Button
Initiates the search. This displays a list of shares available on the
server that the system Administrator specified. It is used to verify the
connection between the WXA series appliance and the server and that
a list of shares can successfully be obtain from that server.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
194
List Kerberos Servers Panel
The List Kerberos Server panel provides the following configuration options:
Name
Description
Basic List
Displays a list of available Kerberos servers.
Including Accessibility Test
Displays a list of available Kerberos servers that are tested for accessibility.
Domain: Text Field
Displays the domain for the Kerberos server if discovered. The Administrator
can also enter a name here.
Go Button
Initiates the search and displays a list of the Kerberos servers.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
195
23
Configuring WFS Acceleration
Topics:
•
WAN Acceleration > WFS Acceleration on page 196
•
Configuring WFS Acceleration for Unsigned SMB Traffic on page 197
•
Configuring WFS Acceleration for Signed SMB Traffic on page 201
•
Adding File Servers on page 218
•
Verifying the WFS Acceleration Configuration on page 231
WAN Acceleration > WFS Acceleration
This chapter provides details on configuring the WFS Acceleration service. There are different ways to configure
WFS Acceleration, depending on the user requirements and type of network environment used. If the Client PC
is already joined to a domain, it is recommended to use Signed SMB. If you are not sure of the Client PC’s
domain joining status, it is recommended to use Unsigned SMB to begin with.
Configuration of WFS Acceleration is done through groups, primarily on the WAN Acceleration > Summary page
or on the WAN Acceleration > WFS Acceleration page. After you create a group, you can assign the group to a
VPN or Route Policy. See Enabling WXA for a VPN and Route Policies on page 112 for instructions on assigning a
group to a VPN or to a Route Policy.
Unsigned SMB
In a network that supports Unsigned SMB traffic, the WFS Acceleration service configuration is greatly
simplified. The reason for this is Unsigned SMB traffic does not have a security layer, so the WXA appliance can
intercept the traffic without joining the domain, eliminating the need to configure custom zones, configuring
reverse lookup, and add file shares. Unsigned SMB is enabled by default.
Signed SMB
In a network that requires SMB signing, it is required that the WXA appliance join the domain, due to the
presence of a security layer in Signed SMB traffic. Although this type of configuration is more complex than
Unsigned SMB, it offers a more granular configuration of the WFS Acceleration service. The WAN Acceleration >
WFS Acceleration page displays a warning when Signed SMB traffic is detected on the network. If this warning is
present, please enable the Support SMB Signing check box, join the WXA appliance to the domain, and access
the signed shares through the WXA appliance’s shares.
Supporting SMB signing provides the option to configure WFS Acceleration in a Basic or Advanced configuration
mode. The Basic configuration mode (recommended) is a simplified WFS Acceleration configuration that
concentrates on selecting the Windows File Servers that are hosting shares, and distinguishing remote and local
file server configurations in the management interface. The Signed SMB Setup tab is displayed, providing
options to easily add file servers and domain records. The Advanced configuration mode offers manual
configuration of the domain details, file servers, and file shares on the Domain Details and Shares tabs.
CAUTION: Advanced configuration mode should only be used if you need to specifically define server
or share names.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
196
Configuring WFS Acceleration for Unsigned SMB
Traffic
WFS Acceleration for Unsigned SMB Traffic can be configured using any of the following methods:
•
Configuring WFS Acceleration for Unsigned SMB Traffic on the WAN Acceleration > Summary Page on
page 197
•
Configuring WFS Acceleration for Unsigned SMB Traffic on the WAN Acceleration > WFS Acceleration
Page on page 199
Configuring WFS Acceleration for Unsigned SMB Traffic on
the WAN Acceleration > Summary Page
To configure WFS Acceleration for Unsigned SMB traffic on the WAN Acceleration > Summary
page:
1
Navigate to the WAN Acceleration > Summary page.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
197
2
Click the Add Group button
, or click the Edit icon
The New Group or the Edit Group dialog appears.
3
Select the Group Details tab.
4
In the Name field, enter a name for the group.
5
If you want this group to be the default group, select the Use as default group.
6
Select the WFS (Unsigned SMB) tab.
7
Select the Enable WFS Acceleration (Unsigned SMB) check box.
8
Click the Add button
, or click the Edit icon
for a specific group.
for a specific group.
The New Group or the Edit Group dialog appears.
9
Select the WFS (Unsigned SMB) tab.
10 Select the Enable WFS Acceleration (Unsigned SMB) check box.
11 Click OK.
12 Go to Enabling WXA for a VPN and Route Policies on page 112 for instructions on assigning a group to a
VPN or to a Route Policy.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
198
Configuring WFS Acceleration for Unsigned SMB Traffic on
the WAN Acceleration > WFS Acceleration Page
To configure WFS Acceleration for Unsigned SMB traffic on the WAN Acceleration > WFS
Acceleration page:
1
Navigate to the WAN Acceleration > WFS Acceleration page.
2
Select the Configuration tab.
3
Click the Add Group button
, or click the Edit icon
The New Group or the Edit Group dialog appears.
4
Select the Group Details tab.
5
In the Name field, enter a name for the group.
6
If you want this group to be the default group, select the Use as default group.
for a specific group.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
199
7
Click the Add button
, or click the Edit icon
for a specific group.
The New Group or the Edit Group dialog appears.
8
Select the WFS (Unsigned SMB) tab.
9
Select the Enable WFS Acceleration (Unsigned SMB) check box.
10 Click OK.
11 Go to Enabling WXA for a VPN and Route Policies on page 112 for instructions on assigning a group to a
VPN or to a Route Policy.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
200
Configuring WFS Acceleration for Signed SMB Traffic
The preferred way to configure WFS Acceleration for Signed SMB is to use the WFS for Signed SMB Wizard.
The descriptions and configuration steps for the options and buttons under the Signed SMB Setup tab fare
provided in the following sections:
•
Configuring WFS Acceleration for Signed SMB on page 202
•
Test Config on page 206
•
Update Domain Records on page 207
•
Configure Store and Forward on page 208
•
View on page 209
•
Advanced Options (Advanced Mode Only) on page 210
•
Restart (Advanced Mode Only) on page 211
•
Flush Cache (Advanced Mode Only) on page 211
•
Domain Details on page 212
•
Local Servers Tab on page 217
•
Remote Servers Tab on page 217
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
201
Configuring WFS Acceleration for Signed SMB
To configure the WFS Acceleration service for Signed SMB:
1
Configure a network interface on the Dell SonicWALL network security appliance for the port you want to
connect the WXA appliance to. The WXA appliance must be connected to a Dell SonicWALL network
security appliance on a port other than X0 and X1.
2
Navigate to the WAN Acceleration > WFS Acceleration page.
3
Select the Signed SMB Setup tab.
4
Select the Accelerate SMB Signing check box.
5
Click on the Edit button for the Dedicated WXA, and select the WXA that you want to use as the
dedicated WXA for Signed SMB.
NOTE: If you have previously joined the domain the Rejoin button is shown. If you have not
previously joined the domain, the Join button is shown. You must join a domain to use Signed SMB.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
202
6
Click the Join or Rejoin button.
The Join Domain dialog appears.
7
Enter the username and password for the Administrator of the domain or an account that can join the
WXA appliance to the domain.
8
Click Join Domain.
A dialog appears asking you if you wish to continue.
9
Click Yes if you want to continue.
NOTE: The domain may not always be discovered. If the domain cannot be discovered, it usually
indicates that the WXA cannot reach the network. The Administrator should check the DNS settings
and verify them using the DNS Lookup Tool under the Signed SMB Tools page. If the connectivity is
ok and the domain is still not discovered by the WXA, the Administrator can manually type the
domain name by clicking the Edit Domain button that is visible when the WXA has not joined the
domain.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
203
While processing, the Joining the Domian dialog appears. When it is finished joining the domain, the
Join Domain Results window appears showing the results. If it was successful, it displays, “Successfully
joined the Domain” with a list of the details.
10 Click the Close button.
The Domain Details panel is populated with the current domain information.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
204
Domain Details panel in Basic Mode (Advanced Mode check box is not checked)
Domain Details panel in Advanced Mode (Advanced Mode check box is checked)
When the Advanced Mode option is not selected, the WFS Acceleration > Signed SMB Setup page displays the
basic configuration options. When the Advanced Mode option is selected as shown below, the WFS
Acceleration > Signed SMB Setup page displays three additional configuration buttons: Advanced Options,
Restart, and Flush Cache.
This screen shot represents a WXA located in a head-office. The file server name was auto-created by the WXA
in basic mode and is automatically added when accounts-dsg-DC.accounts-dsg.com is selected in the branch
office in basic mode.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
205
Name
Description
Accelerate Signed SMB check box Select this option to use WAN Acceleration in Signed SMB mode.
Test Config button
Tests the configuration of WFS for Signed SMB.
Update Domain Records button
Updates missing SPN aliases to the Domain Controller, remote servers
in the Specific Trusted Host List on the computer account, and missing DNS records. It also removes unwanted or outdated records.
Config button
Opens a dialog where you can select the Store and Forward option
and enter the extensions for file types to be included in Store and
Forward.
View button
Displays the ongoing Store and Forward operations.
Advanced Mode check box
When this option is selected, additional options are displayed on the
page.
Advanced Options button
Opens a dialog to configure the WFS Acceleration service in more
detail with Client Signing, Server Signing, and Max Transmit packet
size for Common Internet File System (CIFS) packets.
Restart button
Restarts the WFS Acceleration service for Signed SMB.
Flush Cache button
Clears the WFS Signed SMB data that is currently in the cache.
Domain Details panel
Displays the Domain that the WXA has joined, the WXA Hostname,
and the WFS Acceleration Address. This panel also provides the buttons to Rejoin or Unjoin the Domain and the configuration button to
select the WFS Acceleration Address.
Local Servers tab
Displays a list of the local servers that are configured on the WXA and
a button to add additional local servers.
Remote Servers tab
Displays a list of the remote servers that are configured on the WXA
and a button to add additional remote servers.
Test Config
When you click the Test Config button, the Test Configuration dialog appears. You can choose to run the tests
using the WXA series appliance credentials or by entering the username and password of the Domain
Administrator.
To run the configuration tests:
1
Select the Use Machine Account Credentials check box.
Or
Unselect the Use Machine Account Credentials check box and enter the Username and Password of the
Domain Administrator.
2
Click the Run Tests button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
206
When you click Run Tests, the tests run for a few seconds and then a window appears with the test results as
shown below.
For descriptions of the column headings see Verifying the WFS Acceleration Configuration on page 231.
Update Domain Records
The Update Domain Records button updates missing SPN aliases to the Domain Controller, remote servers in the
Specific Trusted Host List, and missing DNS records. It also removes unwanted or outdated records. This button
can be used whenever you add or delete servers.
To update the domain records:
1
Click the Update Domain Records button.
The Update Domain Records dialog appears, where you are prompted to enter your Administrator
credentials.
2
In the Username text field, enter the Administrator username.
3
In the Password text field, enter the Administrator password.
4
Click the Update Records button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
207
The Update Domain Records window appears while it is processing the request. When it is finished
updating the domain records, if it was successful, it displays, “Successfully updated the domain records”
with a list of the details.
5
Click the Close button.
Configure Store and Forward
The Config button provides the Administrator with the ability to set up the Store and Forward feature for WFS.
The Store and Forward feature is useful in cases where a user wants to transfer large files to an off-site file
server, and then disconnect their PC without having to wait for a lengthy transfer to complete.
The Store and Forward feature makes this possible. Users can transfer large files quickly from a PC to an on-site
WXA appliance at LAN speeds, and then disconnect the PC while the WXA continues to transfer the files to the
off-site file server via the next hop WXA.
The Store and Forward feature functions so that all write requests and close requests are acknowledged
immediately. So the client can complete transfers quickly and disconnect from the network, while the transfer
continues to the server from the WXA.
NOTE: Attempting to open, re-open, delete, or rename any of the transferring files during the Store and
Forward operation is not recommended until the transfer is complete or cancelled using the WXA
interface. However, if the client PC that initiated the Store and Forward is still connected to the network
in the same active session, the user can delete the file, and the WXA will abort the Forward stage of the
process and delete the file. Also, during the Store stage, if the client PC is still connected, the user can
cancel the copy.
The Config button opens the Configure Store and Forward dialog, where you can enable the Store and Forward
feature and enter the file extensions of the file types you want to include in the Store and Forward operations.
NOTE: For Store and Forward to work, caching must be enabled for each file share involved. Caching is
enabled by default.
The Config button configures the Store and Forward options at the top level. However, in Advanced Mode, the
Store and Forward options can be overridden for individual servers and individual shares.
The Store and Forward feature is for unattended uploading of files only. It is not for interactive file saving from
applications. When saving files from Microsoft Office, Office 97 extensions (such as .doc, .xls) cause problems,
as Office thinks the file is closed and tries to rename it while the file is uploading. Files such as .docx .xlsx .pptx
do not have this problem because Office saves them to a temporary file (.tmp) first and then renames the
original file. However, in most cases, temporary files should not be used for Store and Forward.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
208
In cases where file extensions are used for both interactive file saving and Store and Forward, a different
server/share alias should be configured for Store and Forward. The Store and Forward extensions do not need to
be configured on the WXA at the same site as the server, only on the site of the clients using the Store and
Forward feature.
To enable the Store and Forward feature:
1
Click the Config button.
The Configure Store and Forward dialog appears.
2
Select the Enable Store and Forward option.
3
Enter the file extensions for file types you want to include in the Store and Forward operations.
The extensions must begin with a dot '.' and be separated by commas, spaces, or new lines.
4
Click OK.
View
The View button displays a window that shows the current Store and Forward operations.
To view your current Store and Forward operations:
1
Click the View button.
The Store and Forward dialog appears with a list of the current Store and Forward operations.
2
If you want to update the list, click the Refresh button.
3
If you want to change the Refresh time period, enter the number of seconds in the Refresh box.
4
If you want to start or stop the Refresh of the list on the screen, click the Play/Pause button.
5
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
209
Hovering over an option in any row shows a Tooltips window with information about that option. The Status
column shows the current status of the Store and Forward. The Progress column shows how much of the file has
been uploaded. The File column reports on the user who uploaded the file and their client PC.
Advanced Options (Advanced Mode Only)
When the Advanced Mode option is selected, the Advanced Options button is visible.
To configure the Advanced options:
1
Click the Advanced Options button.
The Advanced Options dialog appears.
2
In the Client Signing menu, select one of the following options:
Auto – Permits signed connections with the server if the server permits it.
Mandatory – Permits only signed connections with the server.
Disabled – Permits only unsigned connections with the server.
Client Signing refers to the WXA as a client of the remote WXA, or as a client of the local Windows
server. Therefore, these settings should be compliant with those of the remote WXA or the local
Windows server.
3
In the Server Signing menu, select one of the following options:
Auto – Permits signing between the WXA and clients, if the clients are enabled for signing.
Mandatory – Permits only connections with signing enabled between the WXA and clients.
Disabled – Permits only clients that do not require signing between WXA and clients.
Server Signing refers to the WXA as a server to the windows client PC, or as a server to a branch office
WXA. Therefore, these settings should be compliant with the previous WXA or windows client.
4
In the Max Transmit box, enter the number of bytes to set the largest block of data that can be written
at one time.
5
Click OK or No to cancel.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
210
Restart (Advanced Mode Only)
When the Advanced Mode option is selected, the Restart button is visible. The Restart button restarts the WFS
Acceleration service, and all existing sessions and file transfers are terminated.
To restart the WFS Acceleration service:
1
Click the Restart button.
The Restart WFS (Signed SMB) dialog appears.
2
Click Yes to restart the WFS Acceleration service or No to cancel.
Flush Cache (Advanced Mode Only)
When the Advanced Mode option is selected, the Flush Cache button is visible. The Flush Cache button clears
all the WFS Signed SMB data that is currently in the cache.
To clear all the WFS Signed SMB data from the cache:
1
Click the Flush Cache button.
The Flush Cache (Signed SMB) dialog appears.
2
Click Yes to clear all the WFS Signed SMB data from the cache or No to cancel.
The Status bar displays: “The cache has been flushed: WFS for Signed SMB.”
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
211
Domain Details
The Domain Details panel displays information about the Domain to which the WXA is currently joined. It also
provides buttons to Rejoin or Unjoin the Domain.
Basic Mode
Advanced Mode
The Domain Details panel displays the following information:
•
Domain – The name of the current domain.
•
Hostname – The host name of the WXA series appliance.
•
WFS Acceleration Address – The IP address of the WXA series appliance on the LAN.
•
Domain Controller – The name of the Kerberos server that is configured as the Domain Controller for the
WXA series appliance. (Advanced Mode only)
•
Edit button – Provides the option to select a different WFS Acceleration Address or Domain Controller.
Clicking the Edit button opens a dialog with the different options.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
212
Rejoin Button
To rejoin the WXA series appliance to the domain:
1
Click Rejoin.
The Join Domain dialog appears.
2
Enter the username and password for the Administrator of the domain or an account that can join the
WXA appliance to the domain.
3
Click Join Domain.
A dialog appears asking you if you wish to continue.
4
Click Yes if you want to continue.
While processing, the Joining the Domian dialog appears. When it is finished joining the domain, the
Join Domain Results window appears showing the results. If it was successful, it displays, “Successfully
joined the Domain” with a list of the details.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
213
5
Click the Close button.
Unjoin Button
Sometimes it is necessary to Unjoin the WXA from the domain. For example, if the WXA is moved from one
domain to another.
To Unjoin the WXA series appliance from the domain:
1
Click the Unjoin button.
The Unjoin Domain dialog appears.
2
Click Yes to unjoin the domain or No to cancel.
If you click Yes, the following window appears stating that, “The appliance has unjoined the domain.”
3
Click OK.
After you have unjoined a domain, you can rejoin the same domain or join a new domain.
NOTE: If you rejoin the domain after removing the machine account from the domain controller,
then any client PC that has already authenticated against the old machine account may be using
stale credentials and may not be able to connect until those credentials are flushed. The easiest
way to flush the credentials is to logout of the client PC(s), then login again.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
214
WFS Acceleration Address Edit Button
The WFS Acceleration Address is typically chosen to be the LAN address of the firewall on the domain. NAT rules
are created on the firewall to direct traffic to the WXA. So, it is also the address of the WXA on the domain.
You can change the interface for WFS Acceleration by selecting a different address object from the WFS
Acceleration Address dialog.
To change the WFS Acceleration Address:
1
Click the Edit button next to the WFS Acceleration Address.
The WFS Acceleration Address dialog appears.
2
From the WFS Acceleration Address menu, select the address object you want.
3
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
215
Domain Controller Edit Button (Advanced Mode Only)
When the Advanced Mode option is selected, the Domain Controller Edit Button is visible. The
Domain Controller Edit Button allows you to choose a Kerberos server as the Domain Controller.
1
Click the Edit button next to the Domain Controller name.
The Configure Kerberos Server dialog appears.
2
If you want the WXA appliance to discover the Kerberos Server automatically, select the Allow automatic
choice of a discovered Kerberos option.
The Current Selection displays the name of the Kerberos Server currently used as the Domain Controller.
3
If you want to manually enter the Kerberos Server, select the Manually enter Kerberos Server option
and enter the name and port number for the Kerberos Server.
4
If you want to select a discovered Kerberos Server from the Kerberos Server list, select the Select a
discovered Kerberos Server option, and then select a Kerberos Server from the list.
The Kerberos Server list displays the following information for each server listed:
5
•
Port – The port number for the Kerberos Server.
•
Priority – The priority of the Kerberos Server. Lower values are higher priorities.
•
Weight – The relative weight for Kerberos Servers with the same priority. Higher values have
greater weight.
•
RTT – The round trip time for probes to the Kerberos Server.
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
216
Local Servers Tab
The local servers tab displays a list of the local servers (at the same location as the WXA) that are currently
configured on the WXA series appliance.
The Add button
lets you add new local servers to the WXA configuration.
For details on configuring local servers, see Adding File Servers on page 218.
Remote Servers Tab
The Remote Servers tab displays a list of the remote servers (at a different location than the WXA) that are
currently configured on the WXA series appliance.
The Add button
lets you add new remote servers to the WXA configuration.
For details on configuring remote servers, see Adding File Servers on page 218.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
217
Adding File Servers
The File Server drop-down menu on the WXA appliance is automatically populated with the file server names
that are connected to the Dell SonicWALL network security appliance. All available shares are added when a
server is configured. The WXA appliance adds the SPN aliases for the share automatically.
The following example configurations show how to add file servers in Basic Mode and in Advanced Mode:
•
Adding File Servers Example Configuration in Basic Mode on page 218
•
Adding File Servers Example Configuration in Advanced Mode on page 223
Adding File Servers Example Configuration in Basic Mode
In Basic Mode, you can select local file servers from those discovered on the network. File operations to all of the file server’s shared folders and documents from remote sites will be accelerated. If you wish to limit WFS Acceleration (Signed SMB) to specific shares, this can be configured in Advanced Mode.
The following Illustration shows a simple WXA topology. In this example deployment scenario, the Central site
contains all the file servers, and the Branch site contains users that are accessing files from the Central site file
servers.
NOTE: When configuring shares on the Central site, the Branch site is considered “Remote”. When
configuring shares on the Branch site, the Central site is considered “Remote”.
Internet
NSA/TZ series
appliance
NSA/TZ series
appliance
X4
X2
X0
X3
X1
X4
X2
X0
X3
X1
CONSOLE
CONSOLE
Network Security Appliance
PWR
TEST ALARM
X5
3500
Network Security Appliance
PWR
TEST ALARM
X5
3500
Switch
Switch
D0
250GB
WAN Acceleration
D1
WAN Acceleration
250GB
WXA 2000
WXA 4000
Domain
File
File
Controller Server 1 Server 2
WXA-4000-CS
Central Site
WXA-2000-RS
PC
Branch Site
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
218
Central Site Configuration
Configuring file servers on the Central Office WXA, makes WFS Acceleration available for users at the branch
sites.
To configure File Servers 1 and 2 on the WXA 4000 appliance on the Central Site in Basic Mode,
perform the following steps for each file server:
1
Navigate to the WAN Acceleration > WFS Acceleration > Signed SMB Setup tab.
2
Under the Local Servers tab, click the Add button.
The Add Local File Server dialog appears.
3
From the File Server drop-down menu, select the file server you want.
4
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
219
5
On the WAN Acceleration > WFS Acceleration > Signed SMB Setup page,
click the Update Domain Records button.
The Update Domain Records dialog appears, where you are prompted to enter your Administrator
credentials.
6
In the Username text field, enter the Administrator username.
7
In the Password text field, enter the Administrator password.
8
Click the Update Records button.
The Update Domain Records window appears while it is processing the request. When it is finished
updating the domain records, if it was successful, it displays, “Successfully updated the domain records”
with a list of the details.
9
Click the Close button.
TIP: If you are adding multiple file servers, you can update the Domain Records after you have added all
the file servers, rather than updating the Domain Records after you add each file server.
TIP: After adding the file servers you may want to force replication between domain controllers so that all
domain controllers are aware of each server that has been added. Otherwise, the branch site
configuration may fail.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
220
Branch Site Configuration
Users at the branch site have WFS Acceleration and accelerated access to the file servers at the Central Site.
To configure File Servers 1 and 2 (which are located on the Central Site) on the WXA 2000 appliance on the
Branch Site in Basic Mode, perform the following steps for each file server:
1
Navigate to the WAN Acceleration > WFS Acceleration > Signed SMB Setup tab.
2
Under the Remote Servers tab, click the Add button.
The Add Server dialog appears.
3
From the File Server drop-down menu, select the file server that you want.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
221
4
In the Local WXA Name field, enter the name that you want.
NOTE: Adding a dot after the name will auto-complete the name with that of the domain. This (the
local WXA Name) is the name that should then be used in paths to folders and files on the remote
server in order for the file sharing operations to benefit from WFS Acceleration. For example, if
the current path is \\remote_server\docs under WFS Acceleration, it will become \\local_Wxa\docs.
5
Click OK.
Update Domain Records
TIP: If you are adding multiple file servers, you can update the Domain Records after you have
added all the file servers, rather than updating the Domain Records after you add each file server.
6
On the WAN Acceleration > WFS Acceleration > Signed SMB Setup page,
click the Update Domain Records button.
The Update Domain Records dialog appears, where you are prompted to enter your Administrator
credentials.
7
In the Username text field, enter the Administrator username.
8
In the Password text field, enter the Administrator password.
9
Click the Update Records button.
The Update Domain Records window appears while it is processing the request. When it is finished
updating the domain records, if it was successful, it displays, “Successfully updated the domain records”
with a list of the details.
10 Click the Close button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
222
Adding File Servers Example Configuration in Advanced
Mode
The Advanced mode offers a more detailed configuration process for adding file servers and shares. Giving you
manual configuration options such as enabling the default cache, selecting the default cache read ahead,
specifying individual shares, and adding domain records.
Note the following considerations before adding file shares:
•
A unique Local WXA Name must be created for every remote file server added on the Central Site.
•
When adding a server, it is recommended to enter a period after the Local WXA Name, this autocompletes the name with that of the domain (e.g WXA-4000-CS-1.my_domain.local).
If the period is not entered, a caution icon will appear in the Shares tab next to the Remote
Server name, noting that it is recommended to use the fully qualified name:
This section contains an example of configuring shares in a typical WXA deployment. If your WXA deployment is
different, you can still use this example as a guide to add file shares, the basic principals are the same.
The following Illustration shows a simple WXA topology. In this example deployment scenario, the Central site
contains all the file servers, and the Branch site contains users that are accessing files from the Central site file
servers.
NOTE: When configuring shares on the Central site, the Branch site is considered “Remote”. When
configuring shares on the Branch site, the Central site is considered “Remote”.
Internet
NSA/TZ series
appliance
NSA/TZ series
appliance
X4
X2
X0
X3
X1
X4
X2
X0
X3
X1
CONSOLE
CONSOLE
Network Security Appliance
PWR
TEST ALARM
X5
3500
Network Security Appliance
PWR
TEST ALARM
X5
3500
Switch
Switch
D0
250GB
WAN Acceleration
D1
WAN Acceleration
250GB
WXA 2000
WXA 4000
Domain
File
File
Controller Server 1 Server 2
WXA-4000-CS
Central Site
WXA-2000-RS
PC
Branch Site
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
223
Central Site Configuration
To configure File Server 1 and File Server 2 on the WXA 4000 appliance on the Central Site in
Advanced Mode, perform the following steps for each file server:
1
Navigate to the WAN Acceleration > WFS Acceleration > Signed SMB Setup tab.
2
Under the Local Servers tab, click the Add button.
The Add Server dialog appears.
3
Select the Use Automated Naming Convention option if you want it.
NOTE: The Use Automated Naming Convention option is not necessary, but if selected, it uses the
same naming convention that is used in Basic Mode. If you do not select this option, you need to
manually enter the Local WXA Name. The Administrator at the Branch site needs to know this
name, so it can be used as the next hop WXA. The Branch site will not be able to use Basic Mode
unless the naming convention is adhered to at the Central site.
4
In the File Server field, enter the name of the file server you want.
or
Click the Select button and select the name of the file server from the dialog menu.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
224
5
In the Local WXA Name field, enter the name of the local WXA.
The local WXA forwards data to the remote server. A different local name alias should be used for each
remote server.
NOTE: If you selected the Use Automated Naming Convention option, the Local WXA Name will
be generated for you when you select the file server.
6
If you want to use the default cache for acceleration, select the Default Cache Enabled check box.This
option is enabled by default.
When the default cache is used, and a file is requested that is in the default cache, the WXA serves the
data from the default cache as long as the cache file is still valid. If the original file has changed and is
different from the default cache file, the parts of the default cache file that are still valid may be used.
This process reduces the amount of data sent over the network. This option can be overridden for
individual file shares.
7
In the Default Cache Read Ahead field, enter the default size (in bytes) for WXA to read-ahead. This
increases the read-ahead speed in the cache. The default cache read ahead value is 61440 bytes.
You can estimate a suitable Default Cache Read Ahead value as follows:
a
Multiply the link latency to the server (in milliseconds) by the link rate (the measured site-to-site
bandwidth in kilobytes per second)
b
Divide that number by the number of expected simultaneous user sessions.
The example equation is:
(link latency to the server * link rate) / user sessions
This option can be overridden for individual file shares.
8
If you want to make all the shares on the file server accessible for WFS Acceleration,
select the All Shares option.
9
If you want to make only selected shares on the file server accessible for WFS Acceleration, select the
Selected Shares option.
When you select the Selected Shares option, the Add Server dialog is expanded to show the Add button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
225
10 Click the Add button to open the Add Share dialog.
The WXA attempts to get the available shares on that server. If successful, the Select button becomes
available and the user can select from a list of shares. Otherwise, you can type the name of the share in
the Name field.
a
Click OK to confirm and close the Add Share dialog.
b
Click OK to confirm and close the Add Server dialog.
c
On the WAN Acceleration > WFS Acceleration > Signed SMB Setup page,
click the Update Domain Records button.
The Update domain Records dialog appears, where you are prompted to enter your Administrator
credentials.
11 In the Username text field, enter the Administrator username.
12 In the Password text field, enter the Administrator password.
13 Click the Update Records button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
226
The Update Domain Records window appears while it is processing the request. When it is finished
updating the domain records, if it was successful, it displays, “Successfully updated the domain records”
with a list of the details.
14 Click the Close button.
Branch Site Configuration
To configure File Server 1 and File Server 2 (which are located on the Central Site) on the WXA 2000 appliance
on the Branch Site in Advanced Mode, perform the following steps for each file server:
1
Navigate to the WAN Acceleration > WFS Acceleration > Signed SMB Setup tab.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
227
2
Under the Remote Servers tab, click the Add button.
The Add Server dialog appears.
3
Select the Use Automated Naming Convention option.
NOTE: The Use Automated Naming Convention option only works if it is enabled at the Central
Site as well, or if the server is configured in Basic Mode. Otherwise, the Next Hop WXA must be
entered manually.
4
In the File Server field, enter the name of the file server at the Central Site that you want.
or
Click the Select button and select the name of the file server from the menu.
NOTE: Optionally, you can click the Lookup button to test that the file server IP address can be
resolved.
5
In the Next Hop WXA field, enter the name of the WXA at the Central Site that provides access to the
file server.
or
Click the Select button and select the name of the WXA from the menu.
NOTE: Optionally, you can click the Lookup button to test that the file server IP address can be
resolved.
6
In the Local WXA Name field, enter the name of the local WXA.
The local WXA forwards data to the remote file server via the Next Hop WXA. Both the Next Hop WXA
and the File Server are located at the Central Site.
Use the local WXA name in paths to accelerated remote shares. A different local name alias should be
used for each remote server.
7
If you want remote file server shares stored in the default cache, select the Default Cache Enabled
check box.This option is enabled by default.
When a file is requested, that is also available in the default cache, the WXA serves the data from the
default cache as long as the cache file is still valid. If the original file has changed and is different from
the default cache file, the parts of the default cache file that are still valid may be used. This process
reduces the amount of data sent over the network. This option can be overridden for individual file
shares.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
228
8
In the Default Cache Read Ahead field, enter the default size (in bytes) for WXA to read-ahead. This
increases the read-ahead speed in the cache. The default cache read ahead value is 61440 bytes.
You can calculate the Default Cache Read Ahead value as follows:
a
Multiply the link latency (in milliseconds) by the link rate (the measured site-to-site bandwidth in
kilobytes per second).
b
Divide that number by the number of simultaneous user sessions.
The example equation is:
(link latency * link rate) / user sessions
This option can be overridden for individual file shares.
9
If you want to make all the shares on the file server accessible for WFS Acceleration,
select the All Shares option.
10 If you want to make only selected shares on the file server accessible for WFS Acceleration, select the
Selected Shares option.
When you select the Selected Shares option, the Add Server dialog is expanded to show the Add button.
11 Click the Add button to open the Add Share dialog.
12 Click OK to confirm and close the Add Share dialog.
13 Click OK to confirm and close the Add Server dialog.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
229
14 Click the Update Domain Records button.
The Update domain Records dialog appears, where you are prompted to enter your Administrator
credentials.
15 In the Username text field, enter the Administrator username.
16 In the Password text field, enter the Administrator password.
17 Click the Update Records button.
The Update Domain Records window appears while it is processing the request. When it is finished
updating the domain records, if it was successful, it displays, “Successfully updated the domain records”
with a list of the details.
18 Click the Close button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
230
Verifying the WFS Acceleration Configuration
This section describes how to verify that the WFS Acceleration service is configured correctly.
NOTE: These verification procedures only apply to systems using Signed SMB.
After completing the step-by-step WFS Acceleration configuration procedures, you can verify that WFS
Acceleration is working by using the Test Config button that is available in both Basic and Advanced modes.
To verify that the WFS Acceleration service was successful:
1
Click the Test Config button.
The Test Config dialog appears.
2
If you want to use the WXA appliance credentials to run the test, select the Use Machine Account
Credentials check box.
3
If you do not want to use the WXA appliance credentials to run the test, unselect the Use Machine
Account Credentials check box, and enter the Username and Password of the Domain Administrator or
another qualified user.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
231
After you click Run Tests, the tests run for a few seconds and then a window appears with the test results as
shown below.
The Test WFS Configuration Test Results page displays the test results for the WFS Acceleration service. A green
circle indicates a successful configuration, and a red circle indicates an error. Hover over the circle icons to
display the details for that configuration. The results are listed in a table with the following columns.
Name
Description
Server
Display the remote server or local WXA names.
Resolves To
Displays the IP address that the WXA series appliance is resolved to.
Used in Share Config.
Displays the server that is used for sharing. This can be an actual server,
or a WXA series appliance.
Short SPN
Verifies a short SPN is present on the machine account.
Long SPN
Verifies a long SPN is present on the machine account.
Trusted for Delegation
Lists the general server or specific hosts that are trusted for delegation by
the WXA series appliance.
Accept Delegation
Displays the hosts that are trusted to present delegated credentials to the
WXA series appliance.
Accepted Connection
Verifies the server accepted an authenticated connection.
Propagated Connection
Verifies the server propagated an authenticated connection.
NOTE: If some records are missing, such as SPN aliases or DNS records, you can update the records by
following the steps in “Update Domain Records” on page 207.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
232
24
Viewing the Web Cache Page
Topics:
•
WAN Acceleration > Web Cache on page 233
•
Configuration Tab on page 234
•
Statistics Tab on page 236
WAN Acceleration > Web Cache
This chapter is an overview of the WAN Acceleration > Web Cache management interface page. The Web Cache
page provides the Configuration and Statistics tabs for configuring and testing the Web Cache service.
Name
Description
Configuration tab
Provides configuration options to edit, restart, or flush the cache. It also provides
a dialog to enter the Administrator’s Email address so that it will appear on error
pages viewed by users. You can also select the caching strategy for the web
cache.
Statistics tab
Displays data and graphs detailing the Web Cache data size, total data reduction,
WAN capacity increase factor, cache size cache free space, and number of cached
objects.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
233
Configuration Tab
NOTE: You must be in Configuration mode for the Accept, Restart Web Cache, and Flush Cache tabs to
be active.
Name
Description
Accept button
Applies the latest configuration changes.
Restart Web Cache button
Restarts the Web Cache service. This disconnects any currently open
connections.
Flush Cache button
Removes all the data from the Web Cache. This also restarts the Web
Cache service, disconnecting any open connections.
When you click the Add button
appears.
, or click the Edit button
for a specific group, the Edit Group dialog
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
234
Name
Description
Enable Web Cache check box
When selected, all web traffic passing through the Dell
SonicWALL network security appliance is redirected to the Web
Cache for that particular group.
Web Server Ports
Select the type of ports that you want to use, such as HTTP.
Client Inclusion Address Object
Select the Address Object or Group that represents the local
subnets whose web traffic should be diverted via the Web
Cache. You can also choose “Any” and the traffic from any
source IP address is forwarded to the WXA.
Server Exclusion Address Object
Select the Address Object or Group that contains the
destination address of web servers for which traffic should not
be diverted via the Web Cache. If you select “None” no web
server is excluded and all appropriate traffic is sent via the
WXA.
Caching Strategy
The Caching Strategy determines which objects are placed
into the web cache and how long they stay there. Three
options are available for the Caching Strategy: Minimal,
Moderate, and Aggressive. The following describes the
different Caching Strategies:
Minimal - All objects are cached unless the HTTP header
specifically says not to, such as “no cache” or an “expire” time
that occurs in the past.
Moderate - This is the default web caching strategy. In
Moderate caching mode, the Web Cache keeps objects in the
cache for longer than in Minimal mode. The Web Cache also
enforces a minimum age of 7 days on objects that don't include
any 'no caching' control options (such as no-cache, no-store or
an explicit expiry time) in the HTTP header.
Aggressive - In Aggressive mode, the Web Cache ignores
explicit expiry time (enforcing a minimum age of 7 days),
reload and no-cache options in HTTP headers.
The Web Cache never caches any data marked as “private” or
“auth” (requiring authorization to access) in the HTTP header.
When switching from Aggressive or Moderate mode to Minimal
mode, any already cached objects that do not meet the
Minimal caching strategy will be refreshed by the cache.
YouTube caching is implemented in both Moderate and
Aggressive caching modes.
Cache Status panel
Provides read-only data for the following:
Operational Status - Displays the operational status of the
Web Cache service.
Cache Size - Displays the current size of the cache used by the
Web Cache.
Cache Free Space - Displays the amount of disk space
available to the Web Cache.
Number of Cached Objects - Displays the number of objects
currently stored in the Web Cache.
CAUTION: The Aggressive mode Caching Strategy should be used with caution, as it violates the HTTP
standard and may lead to unwanted consequences.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
235
Statistics Tab
Name
Description
Show
Menu from which to select whether to show All, For Group, or
For WXA.
Covering Period drop-down menu
Select the period of time the data displays on the Statistics
tab.
Chart drop-down menu
Selects what data displays in the graph. For details on the
different chart types, see Graphs on page 237.
Refresh button
Refreshes the Web Cache > Statistics displayed in the panel.
Data Since
Displays the actual period covered using the statistics shown in
the data and graphs.
This might differ from the chosen covering period, depending
on the data stored and available on the appliance.
Total Data Reduction (%)
Displays the difference between the data conveyed and the
data sent, represented as a percentage.
WAN Capacity Increase Factor
Displays the ratio of the amount of data conveyed to the
amount actually sent. This can be used as a guide to how much
extra capacity the WAN gained without any increase in
bandwidth.
Requests
The number of requests made during the selected period.
Hits
The number of requests that were served from the Web Cache
during the selected period.
Errors
The total number of errors encountered during the selected
period.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
236
Name
Description
Cache Size
Displays the current size of the cache used by the Web Cache.
Cache Free Space
Displays the amount of disk space available to the Web Cache.
Number of Cached Objects
Displays the number of objects currently stored in the Web
Cache.
Graphs
The Statistics graphs display the Web Cache data for the selected Covering Period and Chart. The Conveyed data
is the number of bytes that would be sent from a web server without the use of the WXA appliance’s Web
Cache. The Sent data is the bytes that are actually sent from web servers in response to the user’s web request,
with the remainder being served from the cache. A “Hit” is when an object is served from the Web Cache
instead of fetched from the internet. The following Chart types are available:
•
Summary— The Summary chart graphically displays the sent and conveyed bandwidth data.
•
Time Series— The Time Series chart graphically displays the sent and conveyed data over a specified
period of time. You can drag the mouse over the chart to zoom in on a selected area. To zoom back out,
click the Reset Zoom button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
237
•
Requests— The Requests chart graphically displays the number of requests, hits, and hits% over a
selected period of time. You can drag the mouse over the chart to zoom in on a selected area. To zoom
back out, click the Reset Zoom button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
238
25
Configuring the Web Cache
Topics:
•
WAN Acceleration > Web Cache on page 239
•
Configuring the Web Cache on page 240
•
Configuring Web Cache on the WAN Acceleration > Summary Page on page 240
•
Configuring the Web Cache on the WAN Acceleration > Web Cache Page on page 242
•
Verifying Web Cache Operation on page 244
WAN Acceleration > Web Cache
The Web Cache page provides options to enable, configure, view results, diagnose, and test performance of the
Web Cache feature. By enabling the Web Cache service, the Dell SonicWALL network security appliance
immediately begins transparently forwarding HTTP connections to the WXA appliances and saving bandwidth.
Consider the following when configuring the Web Cache service:
•
When the Web Cache check box is enabled, the Web Proxy fields are automatically populated in the
Network > Web Proxy page in the SonicOS management interface.
•
There is no need to configure the HTTP clients with proxy settings since the Dell SonicWALL network
security appliance transparently redirects standard HTTP connections onto the proxy.
•
When the Web Cache is enabled, the Dell SonicWALL network security appliance disables redirection of
HTTP connections to the WXA appliance if it becomes unavailable.
•
The Web Cache service is not available in WXA 500 Live CD Memory Mode.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
239
Configuring the Web Cache
Web Cache configuration is in done in groups, and can be done on the WAN Acceleration > Summary page or on
the Web Cache > Configuration page.
Configuring Web Cache on the WAN Acceleration > Summary
Page
To configure Web Cache on the WAN Acceleration > Summary page:
1
Navigate to the WAN Acceleration > Summary page.
2
Click the Add Group button
, or click the Edit icon
The New Group dialog box appears.
for a specific group.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
240
3
Select the Group Details tab.
4
In the Name field, enter a name for the group.
5
If you want this group to be the default group, select the Use as default group.
6
Select the Web Cache tab.
7
Select the Enable WFS Acceleration (Unsigned SMB) check box.
8
From the Web Server Ports menu, select the type of ports that you want to use, such as HTTP.
9
From the Client Inclusion Address Object menu, select the type of client addresses that you want to
include in the Web Cache.
10 From the Server Exclusion Address Object menu, select the type of server addresses that you want to
exclude from the Web Cache.
The Caching Strategy determines which objects are placed into the web cache and how long they stay
there.
11 From the Caching Strategy menu, select one of the following options:
•
Minimal - All objects are cached unless the HTTP header specifically says not to, such as “no
cache” or an “expire” time that occurs in the past.
•
Moderate (default) - This is the default web caching strategy. In Moderate caching mode, the Web
Cache keeps objects in the cache for longer than in Minimal mode. The Web Cache also enforces
a minimum age of 7 days on objects that don't include any 'no caching' control options (such as
no-cache, no-store or an explicit expiry time) in the HTTP header.
•
Aggressive - In Aggressive mode, the Web Cache ignores explicit expiry time (enforcing a
minimum age of 7 days), reload and no-cache options in HTTP headers.
CAUTION: The Aggressive mode Caching Strategy should be used with caution, as it violates the HTTP
standard and may lead to unwanted consequences.
12 In the Administrator Email field, type the name of the Administrator to be shown in the Web Cache error
page that is presented to network users in the event of an error.
13 Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
241
Configuring the Web Cache on the WAN Acceleration > Web
Cache Page
To configure the Web Cache on the WAN Acceleration > Web Cache page:
1
Navigate to the WAN Acceleration > Web Cache page.
2
Click the Add button
, or click the Edit icon
for a specific group.
The Edit Group dialog appears.
3
Select the Enable Web Cache check box.
4
From the Web Server Ports menu, select the type of ports that you want to use, such as HTTP.
5
From the Client Inclusion Address Object menu, select the type of client addresses that you want to
include in the Web Cache.
6
From the Server Exclusion Address Object menu, select the type of server addresses that you want to
exclude from the Web Cache.
The Caching Strategy determines which objects are placed into the web cache and how long they stay
there.
7
From the Caching Strategy menu, select one of the following options.
•
Minimal - All objects are cached unless the HTTP header specifically says not to, such as “no
cache” or an “expire” time that occurs in the past.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
242
•
Moderate (default) - This is the default web caching strategy. In Moderate caching mode, the Web
Cache keeps objects in the cache for longer than in Minimal mode. The Web Cache also enforces
a minimum age of 7 days on objects that don't include any 'no caching' control options (such as
no-cache, no-store or an explicit expiry time) in the HTTP header.
•
Aggressive - In Aggressive mode, the Web Cache ignores explicit expiry time (enforcing a
minimum age of 7 days), reload and no-cache options in HTTP headers.
CAUTION: The Aggressive mode Caching Strategy should be used with caution, as it violates the HTTP
standard and may lead to unwanted consequences.
8
In the Administrator Email field, type the name of the Administrator to be shown in the Web Cache error
page that is presented to network users in the event of an error.
9
Click OK to save the group.
The Groups table will be updated, and the relevant settings will be pushed to the WXAs in the group. The
new configuration will determine how traffic is accelerated on VPNs and Routes governed by the group.
10 Verify that the Web Cache service is working, see Verifying Web Cache Operation on page 244 for details.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
243
Verifying Web Cache Operation
To verify Web Cache operation:
1
Navigate to the Web Cache > Statistics tab.
2
From the Show menu, select All, For Group, or For WXA.
3
From the Covering Period menu, select the period of time for which to display data.
NOTE: For data to be shown, client PCs must be browsing the web, PCs and web servers must fall within
the configured values, and the WXAs must be configured in a group.
4
View the number of cached objects to confirm the Web Cache service is working.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
244
26
Configuring VPNs and Route Policies
Topics:
•
Assigning Groups to VPNs and Route Policies on page 245
•
Assigning a Group to a VPN on page 245
•
Assigning a Group to a Route Policy on page 249
•
Enabling WXAC on the WXA Appliance on page 258
Assigning Groups to VPNs and Route Policies
After you have configured a group or groups, you can assign them to a VPN or a Route Policy as described in the
following sections.
Assigning a Group to a VPN
You can assign a group to a VPN on the WAN Acceleration > Summary page, under the VPN Policies tab, or on
the Network > VPN > Settings page.
The following examples describe how to assign a group to a VPN:
•
Assigning a Group to a VPN on the WAN Acceleration > Summary Page on page 246
•
Assigning a Group to a VPN on the Network > VPN Page on page 247
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
245
Assigning a Group to a VPN on the WAN Acceleration >
Summary Page
To assign a group to a site-to-site VPN on the WAN Acceleration > Summary page:
1
Go to the WAN Acceleration > Summary page.
2
Select the VPN Policies tab.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
246
3
Select the Edit button for the group you want to assign to a VPN.
The Edit VPN dialog appears.
4
From the Group menu, select the group that you want to assign to this VPN.
5
Click OK.
Assigning a Group to a VPN on the Network > VPN Page
To assign a group to a site-to-site VPN on the Network > VPN page:
1
Go to the VPN > Settings page.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
247
2
Click the Configure button for the VPN policy you wish to use. The Security Policy window appears; the
General tab is selected by default.
3
Click the Advanced tab. The Advanced Settings window displays.
4
From the WXA Group menu, select the desired group.
5
Click the OK button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
248
Assigning a Group to a Route Policy
After you have configured a group or groups, you can assign them to a Route Policy. You can assign a group to a
Route Policy on the WAN Acceleration > Summary page, under the Route Policies tab, or on the Network >
Routing page.
If you do not have a VPN configured on your network and you are using a custom Route Policy, you need to add
two route Policies on each site: One for outgoing traffic, and one for incoming traffic.
The illustration below displays the configuration between two non-VPN sites. Refer to this Illustration as an
example for the steps in the following examples.
The following examples describe how to assign a group to a Route Policy:
•
Assigning a Group to a Route Policy for Outgoing Traffic on page 249
•
Assigning a Group to a Route Policy for Incoming Traffic on page 253
Internet
Router
NSA/TZ series
appliance
Router
10.12.10.0
10.26.55.0
192.168.20.0
192.168.10.0
Switch
Web
Server
NSA/TZ series
appliance
Switch
WXA series
appliance
WXA series
appliance
Central Site
PC
Branch Site
Assigning a Group to a Route Policy for Outgoing Traffic
The following section describe how to assign a group to a Route Policy for outgoing traffic:
•
•
Assigning a Group to a Route Policy for Outgoing Traffic on the WAN Acceleration > Summary Page on
page 250
Assigning a group to a Route Policy for Outgoing Traffic on the Network > Routing Page on page 251
NOTE: You must configure a Route Policy for outgoing traffic on both the branch site and the central site.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
249
Assigning a Group to a Route Policy for Outgoing Traffic on
the WAN Acceleration > Summary Page
To assign a group to a Route Policy for outgoing traffic on the WAN Acceleration > Summary
page:
1
Go to the WAN Acceleration > Summary page.
2
Select the Route Policies tab.
3
Select the Edit button for the group you want to assign to a Route Policy.
The Edit Route Policy dialog appears.
4
From the Group menu, select the group that you want to assign to this Route Policy.
5
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
250
Assigning a group to a Route Policy for Outgoing Traffic on
the Network > Routing Page
To Assign a group to a Route Policy for outgoing traffic on the Network > Routing page:
1
Navigate to the Network > Address Objects page.
2
Click the Add button.
The Add Address Object Group pop-up window displays.
3
Enter a name (Central Site) for the address object in the Name text field.
4
Click the Zone Assignment drop-down, select WAN.
5
Click the Type drop-down, select Network.
6
Enter the LAN IP address of the Central Site (192.168.10.0) in the Network text field.
7
Enter the netmask IP address (255.255.255.0) in the Netmask text field.
8
Click the Add button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
251
9
Navigate to the Network > Routing page.
10 Click the Add button.
The Route Policy Settings pop-up window displays.
11 Click the Source drop-down, select Any.
12 Click the Destination drop-down, select the address object you created (Central Site.)
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
252
13 Click the Service drop-down, select Any.
14 Click the Gateway drop-down, select the X1 Default Gateway.
15 Click the Interface drop-down, select the X1 interface.
16 Enter 1 in the Metric text field.
This gives the route policy a high priority level. A larger metric number would have a lower priority.
17 From the WXA Group menu, select the group that you want.
18 Click the OK button.
Assigning a Group to a Route Policy for Incoming Traffic
The following section describe how to assign a group to a Route Policy for incoming traffic:
•
•
Assigning a Group to a Route Policy for Incoming Traffic on the WAN Acceleration > Summary Page on
page 254
Assigning a Group to a Route Policy for Incoming Traffic on the Network > Routing Page on page 255
NOTE: You must configure a Route Policy for incoming traffic on both the branch site and the central site.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
253
Assigning a Group to a Route Policy for Incoming Traffic on
the WAN Acceleration > Summary Page
To assign a group to a Route Policy for incoming traffic on the WAN Acceleration > Summary
page:
1
Go to the WAN Acceleration > Summary page.
2
Select the Route Policies tab.
3
Select the Edit button for the group you want to assign to a Route Policy.
The Edit Route Policy dialog appears.
4
From the Group menu, select the group that you want to assign to this Route Policy.
5
Click OK.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
254
Assigning a Group to a Route Policy for Incoming Traffic on
the Network > Routing Page
To assign a group to a Route Policy for incoming traffic on the Network > Routing page:
1
Navigate to the Network > Address Objects page.
2
Click the Add button.
The Add Address Object Group pop-up window displays.
3
Enter a name (Branch Site) for the address object in the Name text field.
4
Click the Zone Assignment drop-down, select LAN.
5
Click the Type drop-down, select Network.
6
Enter the LAN IP address of the Branch Site (192.168.20.0) in the Network text field.
7
Enter the netmask IP address (255.255.255.0) in the Netmask text field.
8
Click the Add button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
255
9
Navigate to the Network > Routing page.
10 Click the Add button.
The Route Policy Settings pop-up window displays.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
256
11 Click the Source drop-down, select Central Site.
12 Click the Destination drop-down, select the address object you created (Branch Site).
13 Click the Service drop-down, select Any.
14 Click the Gateway drop-down, select (0.0.0.0).
15 Click the Interface drop-down, select the X0 interface.
16 Enter 1 in the Metric text field.
This gives the route policy a high priority level. A larger metric number would have a lower priority.
17 From the WXA Group menu, select the group that you want.
18 Click the OK button.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
257
Enabling WXAC on the WXA Appliance
You can assign a group to support connections from NetExtender WAN Acceleration Clients (WXAC).
NOTE: The NetExtender WAN Acceleration Client (WXAC) must be licensed to assign a group to it.
To enable WXAC support in a group:
1
Go to the WAN Acceleration > Summary page.
2
Click the SSL VPN tab.
3
If WXAC is licensed, you will see the Group menu.
4
From the Group menu, select the group to be used for WXAC.
5
Click the Accept button.
NOTE: If WXAC is not licensed, you will see the following message:
‘NetExtender WAN Acceleration Client (WXAC) is not licensed.’
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
258
27
Managing Firmware
Topics:
•
WAN Acceleration > Firmware on page 259
•
Manual Download/Upload on page 260
•
Firmware Auto-Download on page 262
•
Factory Reset on page 265
WAN Acceleration > Firmware
The WAN Acceleration > Firmware page provides options to check for updates, perform a factory reset,
automate updates and download Dell SonicWALL WAN Acceleration firmware.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
259
The following table describes the options and features on the Firmware page:
Name
Description
Toolbar
Allows you to refresh the data that is shown by clicking the Refresh button. The WXA model and serial number of the WXA that you going upgrade
or perform a factory reset on is shown in the panel.
Firmware Management panel
Lets you enable Auto-downloads, Check for Updates and Upload New
Firmware. When you click the Upload New Firmware button, instructions
appear that step you through the firmware upgrade process.
Factory Reset panel
Lets you restore the WXA appliance to its original factory default settings.
NOTE: When performing a firmware upload, do NOT navigate away from the WAN Acceleration >
Firmware page. This could stop the uploading process or cause the management interface to become
unresponsive.
Upgrading the WXA firmware and resetting the WXA to the factory defaults are described in the following
sections.
Manual Download/Upload
The Administrator can manually upgrade the WXA firmware.
To manually upgrade the WXA firmware:
1
On your Web Browser, go to mysonicwall.com.
2
On the Welcome page, click Downloads to open the Download Center.
3
From the Software Type menu, select the WXA model firmware that you want.
4
Under the Firmware list, click the link for the firmware you want. For example, upgrade-1.3.1-0-24x64.bin.
5
Save the file to a location on your computer.
6
Go to the WAN Acceleration > Firmware page.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
260
7
Click the Firmware Management icon to open the Firmware Management panel.
8
Select the WXA that you are going to manage.
9
Click the Upload New Firmware button.
The Firmware File field and Choose File button appear.
10 Click the Choose File button.
11 Navigate to the location where you saved the firmware file and select it.
12 Click the Upload button.
13 After the upload completes, refresh the Firmware page.
The Firmware page now shows the new firmware ready to boot.
14 Click the Boot button to apply the firmware image. The appliance will reboot as part of the process.
Troubleshooting Tips
•
Be sure that you select the correct firmware image for the WXA Model.
•
Do not navigate from the Firmware page during the upload.
•
Be sure that you have a long timeout on the Admin session.
•
Firmware image files are quite large and the process of uploading can take a considerable length of
time. Please be patient.
•
Close the browser and clear the browser cache after the upgrade if it does not appear to have taken
effect.
•
If there is a problem with one browser, try another - always use the latest version of any browser.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
261
Firmware Auto-Download
WXA firmware can be downloaded automatically or manually, using HTTP, from a web server cluster located in
the Dell cloud. Other features, such as WXA Client, NAC Client, and NetExtender use the same web server
cluster to distribute software and software updates.
The Firmware Auto-Download feature periodically checks the Dell cloud for WXA firmware updates and
automatically downloads the firmware when there is an upgrade. This feature is disabled by default.
NOTE: A WXA firmware upgrade file typically exceeds 100 MB and may require a long time to download to
the WXA through the firewall.
You enable auto-downloads on the WAN Acceleration > System > Firmware page by selecting the Enable AutoDownloads option in the Firmware Management panel.
When auto-downloads are enabled, the firewall checks for firmware updates every 2 hours at the
software.sonicwall.com website. If an upgrade to the firmware if found, the current firmware does a system
check and determines if the new firmware version should downloaded. Auto-downloads have a limited transfer
rate of up to 200 Kbps.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
262
Restrictions
•
Does not operate with 3rd party Proxy Servers.
•
Requires access to software.sonicwall.com via HTTP or HTTPS.
The WAN Acceleration > Log page provides information on the progress of downloading firmware and the
decisions that are made while downloading.
When the firmware is successfully downloaded, it shows the firmware on the WAN Acceleration > Firmware
page, under Firmware Image.
To configure automatic downloads of firmware:
1
Go to the WAN Acceleration > Firmware page.
NOTE: Firmware management is done on individual WXAs, not on groups. However, to function as a
cluster, all WXAs in a group must be running the same version of firmware.
2
From the WXA menu, select the WXA you want to upgrade.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
263
3
Click Firmware Management icon to open the Firmware Management panel.
4
Select the Enable Auto-downloads option.
Your existing firmware must support this. If this option is not shown, check for updates by clicking the
Check for Updates button.
NOTE: In a case where you don’t want to wait for auto-updates, the Check for Updates button
forces an immediate check on available updates.
NOTE: The Check for Updates button will not be visible if the WXA version does not support autodownloads.
5
Click the Upload New Firmware button. The Firmware File field and Choose File button appear.
6
After the firmware upload has successfully completed, refresh the Firmware page. The Firmware page
now shows the new firmware ready to boot.
7
Click the Boot button to apply the firmware image. The appliance will reboot as part of the process.
NOTE: The Administrator must click the Boot button to apply the new
firmware image.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
264
Factory Reset
To perform a Factory Reset:
1
Click Factory Reset to open the Factory Reset panel.
2
Select the Restore the current configuration settings option if you want it.
3
Click the Factory Reset button. The WXA is restored to its original factory settings.
NOTE: When performing a firmware upload, do NOT navigate away from the WAN Acceleration >
Firmware page. This could stop the uploading process or cause the management interface to become
unresponsive. Do Not turn the power off during this process.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
265
28
Viewing the Log Page
Topics:
•
WAN Acceleration > Log on page 266
•
Viewing Log Messages on page 268
WAN Acceleration > Log
The WAN Acceleration > Log page provides a detailed list of log event messages and provides multiple options
to change how the log messages display.
The Minimum Priority and Categories drop-down menus are used to determine which logs are retrieved from the
WXA.The filters at the bottom of the table then determine which of those entries are actually shown on the
screen. Use the scroll function to load more log entries as you scroll down the page.
The menus and buttons in the tool bar determine which records are retrieved from the WXA. The records are
retrieved from the WXA depending on the selected options, but they are not all loaded into the table
immediately. By scrolling down, more records are appended. The filters at the top of the table determine which
of the retrieved entries are shown in the table.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
266
Action Items
Name
Description
Show
Menu from which to select whether to show All, For Group or For WXA.
Min. Priority
Displays the log entries of the selected priority or higher by using severity.
Categories
Displays the log entries of the selected categories.
# Entries per WXA
Selects the number of entries retrieved and displayed in the logs list. Depending on the number selected, you may need to scroll through the table to view
all the log entries.
Refresh
Refreshes the WAN Acceleration > Logs page. The refresh interval can be
entered in the box to the right of the Refresh symbol. The interval can be
increased to a maximum of 999 seconds.
Click the Refresh button to manually update the Logs page.
Click the Pause button to stop updates on the page
Export as CSV
Exports the currently logged messages to a Comma Separated Values (CSV) file
that can be saved and viewed as a spreadsheet. The time, priority, category,
message, and ID fields are exported. This option can only be done for one WXA
at a time. You must use the options on this page to select an individual WXA.
Clear Logs
Clears all of the logged messages off the WXA appliance and is irreversible.
Filter by
Filter the results by selecting from the drop-down lists and entering text into
the priority, category, and message text fields. The filters you select determine which of the log entries retrieved from the WXA series appliance are displayed on the Log screen.
Panel Column Headings
Name
Description
Time
Displays the time the event was logged.
ID
Displays the ID number of the log message.
Priority
Displays the priority of the log message.
Category
Displays the category of the log message.
Message
Displays the text of the log message.
The following table shows the ID number ranges for each WXA component.
ID Range
Component
10000-19999
WXA System
20000-29999
WXA System Network
30000-39999
TCP Acceleration
40000-49999
Unsigned WFS
50000-59999
Signed WFS
60000-69999
Web Cache
70000-79999
Management
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
267
Viewing Log Messages
The WAN Acceleration > Log page displays log messages collated from selected WXAs, selected groups, or from
all WXAs in all Groups.
To view WXA log messages:
1
Go to the WAN Acceleration > Log page.
2
From the Show menu, select the WXAs for which you want to show messages.
3
From the Show menu, select one of the following options:
•
All
•
For Group
•
For WXA
4
If you select All, no specific Groups or WXAs are shown in the adjoining drop-down menu.
Log messages for all WXAs in all groups will be shown.
5
If you select For Group, select the group that you want from the adjoining drop-down menu.
Log messages for that group will be shown.
6
If you select For WXA, select the WXA that you want from the adjoining drop-down menu.
Log messages for that WXA will be shown.
7
Press the Refresh button.
NOTE: You must click the Refresh button after changing any of the selection criteria.
NOTE: The Log table uses infinite scrolling. You can scroll down to load more data. At the bottom
of the page, the Filter by menus and fields are displayed.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
268
Part 4
Appendices
• Appendix A: Configuring the WXA to the Domain Without
Using the WXA Management Interface
• Appendix B: Configuring the NetExtender WAN
Acceleration Client
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
269
A
Appendix A: Configuring the WXA to the
Domain Without Using the WXA
Management Interface
This appendix contains procedures to configure the WXA series appliance to the domain without using the WAN
Acceleration management interface.
NOTE: Although this type of configuration is supported, Dell SonicWALL does not recommend configuring
the domain this way.
This appendix contains the following subsections:
•
Automatically Joining the Domain on page 270
•
Configuring Custom Zones for WXA on page 273
•
Configuring Reverse Lookup on page 274
•
Manually Adding SPN Hostnames in DNS on page 274
Automatically Joining the Domain
To automatically join the WXA appliance to the domain, perform the following steps:
1
Access the domain controller and create a computer account. The computer account must use the
default hostname or a hostname specified in the Domain Details tab (the name of the WXA appliance). If
a new hostname is entered in the Domain Details tab in the WAN Acceleration management interface, it
overrides the default hostname. The authentication code should be used as the password for the
computer account.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
270
2
Click Change....
3
In the Enter the object name to select text field, enter SELF, and then click OK.
NOTE: This is also required when manually joining using a non-admin account.
4
Right click on the computer account, go to Properties.
5
Select the setting Trust this computer for delegation to specified services only.
6
Select the setting Use any authentication protocol.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
271
7
Click the Add... button.
8
Select the computer account to which the WXA appliance computer account can present delegation
credentials. For example, if you were performing this configuration for a central site, you would select
the WXA appliance computer account on the branch site. This enables the branch site to connect to the
central site, and then onto the domain controller/file server for accelerated sharing.
9
Select CIFS for the service.
10 Click the OK button.
The computer account properties window populates with the configured account.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
272
11 If you typed SELF in the computer account for step 3, perform steps 11 and 12.
a
Open a cmd.exe window.
b
Set the password for the computer account, where ABCD-EFGH is the auth code.
NOTE: The password for the computer account must be the auth code found on the WAN
Acceleration > Status page on the Dell SonicWALL network security appliance.
Configuring Custom Zones for WXA
Dell SonicWALL recommends setting a LAN zone for the zone properties of the interface to which the WXA
appliance is connected to. Setting the WXA appliance to a LAN zone is recommended because the default access
rules associated with that zone allow traffic between the WXA appliances at both locations; therefore, there is
no need for additional configuration to the access rules. Set a WAN > LAN zone if using Layer 2 Bridge mode.
NOTE: Access rules are necessary for the traffic coming from VPN>LAN and LAN>VPN to be open for WXA
associated traffic and the default zone properties of the LAN takes care of handling traffic without
manually adding or modifying any access rules. Both WXA appliances deployed at each location should be
able to communicate with each other without being blocked by access rules or firewall policies.
If you need to customize a zone for WFS acceleration, make sure VPN remote users are allowed to access the
WXA appliance. If additional domain controllers and file servers are located in any zone other than the LAN,
necessary access rules must be configured to allow traffic from and to the WXA appliance to those zones as well
as from and to the Dell SonicWALL network security appliance.
For example consider, at the central site, if the WXA appliance is deployed in the DMZ zone, the access rules
must be configured to allow traffic from VPN>DMZ and LAN>DMZ so that traffic to the WXA appliance from the
VPN and from the LAN zones are allowed to the WXA appliance.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
273
Configuring Reverse Lookup
After both WXA appliances are added to the domain, corresponding Computer Accounts for WXA appliances,
DNS Host name, and Pointer (PTR) records are automatically created on the DC and DNS servers. For PTR
records to be updated, relevant Reverse Lookup Zones must be configured on the DNS servers. Networks used
for Reverse Lookup Zones depend on whether WFS acceleration is using NAT. If using NAT, the WXA appliance
uses the NAT IP for WFS services and only the X0 subnets are used as networks in Reverse Lookup Zones. If the
WXA appliances are not using NAT, the Reverse Lookup Zone network must also be configured for WXA subnets
on both locations.
To add a PTR record, perform the following steps:
1
Navigate to your DNS on the data center and remote locations.
2
Expand the Reverse Lookup Zones folder.
3
Right-mouse click on the subnet you want to add a new PTR.
4
Select New Pointer (PTR)... in the pop-up menu.
The New Resource Record window appears.
5
Enter the subnet in the Host IP number field.
6
Enter the Host (A) record name in the Host name text field, and then click OK.
7
Verify that the PTR record is created in the Reverse Lookup Zone folder.
Manually Adding SPN Hostnames in DNS
In the event that SPN hostnames are not added automatically, the Domain Administrator can manually add SPN
hostnames in the DNS.
Perform the following steps:
1
Navigate to the DNS on the central and branch sites.
2
Expand the Forward Lookup Zones.
3
Right click on the subnet you wish to add a new Host (A) record.
4
Select New Host (A)... in the pop-up menu.
The New Host window is displayed.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
274
5
Enter the hostname for the central and remote DNS servers.
NOTE: The newly created hostname for the central and branch sites should be updated with the NAT IP of
the X0 interface on the Dell SonicWALL network security appliance that is located at the central and
branch site, respectively.
6
Ping the IP addresses at the central and branch sites to verify correct connectivity.
E.g. The WXA-4000 resolves to X.X.1.100 and the WXA-2000 resolves to A.A.240.1.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
275
B
Appendix B: Configuring the
NetExtender WAN Acceleration Client
This appendix provides configuration procedures for activating, installing, and enabling the NetExtender WAN
Acceleration Client (WXAC). The configuration procedures are split into two parts: one for the Administrator
enabling/allowing NetExtender WAN Acceleration Clients to connect to the central site, and one for the client
configuring the NetExtender WXAC on a remote PC. Both of these configurations must be complete for the
NetExtender WXAC to work.
This appendix contains the following sections:
•
Overview on page 276
•
Requirements / Prerequisites on page 276
•
Deployment Considerations on page 277
•
Enabling WXAC on the Central Site on page 278
•
Configuring WXAC on a Remote PC on page 282
Overview
The NetExtender Client allows remote PCs to connect to the central site via a VPN connection, the NetExtender
WAN Acceleration Client (WXAC) is an addition to the NetExtender Client, and accelerates traffic though the
VPN connection. Using the NetExtender WXAC on a remote PC means the traffic at the central site will pass
through the central site's WXA appliance.
The WXA Client for NetExtender supports Unsigned SMB and is compatible with all versions of Windows including
Windows 8.
Requirements / Prerequisites
The NetExtender WXAC requires the following:
•
A Dell SonicWALL network security appliance running SonicOS 6.2 and higher firmware.
•
A WXA series appliance running WXA 1.2 or higher firmware.
•
The WXA series appliance is connected and configured to the managing Dell SonicWALL network security
appliance.
•
The TCP Acceleration service is enabled on the WXA appliance.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
276
Deployment Considerations
Consider the following when deploying the NetExtender WXAC:
•
When a user tries to enable WXAC, while PPP software compression is on, a dialog pops up and the user
needs to choose whether to reconnect the SSL VPN session. But the user doesn't need to enter the server
information and credentials if he chooses to reconnect the session.
•
The NetExtender WXAC is supported on all Dell SonicWALL network security appliances running SonicOS
6.2 that also support WAN Acceleration.
•
If the WXA appliance is not connected to a Dell SonicWALL firewall, the WXAC tab will not display in the
NetExtender management interface.
•
A link to install the WXAC will display on the NetExtender WXAC tab if WXAC is licensed and enabled on
the managing Dell SonicWALL network security appliance, but not yet installed on the client side.
•
If the WXAC is disabled or not supported at the central site, the WXAC tab will not display in the
NetExtender Client on the remote PC.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
277
Enabling WXAC on the Central Site
The NetExtender WXAC is used on remote PCs connecting to a central site. At the central site, the Administrator
has to allow those NetExtender WAN Acceleration Clients to connect to the central site (location of the WXA,
managing firewall, and server).
To enable/allow WAN Acceleration Clients:
Activating the WXAC
1
Login to the managing Dell SonicWALL network security appliance.
2
Navigate to the System > Licensing page.
3
Scroll down to the Manage Security Services Online section, then click the link to Activate, Upgrade, or
Renew services.
The License Management page displays.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
278
4
Enter your MySonicWALL credentials, then click the Submit button.
The Manage Online Services page displays.
5
Click the Activate link in the Manage Service column for the WAN Acceleration Client.
The License Management page displays.
6
In the WAN Acceleration Client Activation Key text-field, enter your WAN Acceleration Client license key,
then click the Submit button.
For reference, the table below displays the maximum numbers of supported client licences per
appliance.
Appliance
Number of Supported Clients
WXA 500 Live CD
20
WXA 2000
60
WXA 4000
120
WXA 5000 Virtual Appliance
120
WXA 6000 Software
120
NOTE: Lower end Dell SonicWALL network security appliances may support fewer clients.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
279
The WAN Acceleration Client now displays as “Licensed”.
Configuring SSL VPN for the NetExtender WXAC Connection
7
Navigate to the SSL VPN > Server page, and then configure the server settings.
8
Navigate to the SSL VPN > Client page, and then configure the client settings.
NOTE: Refer to the SonicOS Administration Guide for details on configuring the server and client
settings.
Configuring the User Credentials for the NetExtender WXAC
9
Navigate to the Users > Local Users page and configure user credentials for the clients that will be using
the NetExtender WXAC.
NOTE: Refer to the SonicOS Administration Guide for details on configuring the server and client
settings.
Enabling WXAC on the WXA Appliance
You can assign a group to support connections from NetExtender WAN Acceleration Clients (WXAC).
NOTE: The NetExtender WAN Acceleration Client (WXAC) must be licensed to assign a group to it.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
280
To enable WXAC support:
1
Go to the WAN Acceleration > Summary page.
2
Click the SSL VPN tab.
3
Click on the box to enable WXAC.
4
Click the Accept button.
NOTE: If WXAC is not licensed, you will see the following message:
NetExtender WAN Acceleration Client (WXAC) is not licensed.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
281
Configuring WXAC on a Remote PC
This section shows the client user how to download and install the NetExtender Client (if not already done), and
then download, install, and enable NetExtender WXAC. These procedures are performed on a remote PC that is
connecting to a central site.
Downloading / Installing the NetExtender Client
If you already have the NetExtender Client installed on your PC, make sure you have version 7.0.197 or higher.
If you do not have the NetExtender Client installed on your PC, perform the following:
1
Open a Web browser, and then enter the WAN IP address of the Dell SonicWALL network security
appliance that is on the central site.
The Dell SonicWALL network security appliance login page displays.
2
Click the Here link to login to sslvpn.
The Virtual Office login page displays.
3
Enter the Username and Password to log into the Virtual Office.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
282
The Virtual Office main page displays.
4
Click the Here link to download the NetExtender Client.
5
Run the NetExtender Setup Wizard to install the NetExtender Client.
Refer to the SonicOS Administration Guide for details on the NetExtender Setup Wizard.
Downloading / Installing the NetExtender WXAC in the NetExtender Management Interface
6
Open the NetExtender Client.
7
Enter the following in the text-fields:
•
Server—the WAN IP address of the managing Dell SonicWALL network security appliance that is on
the site where the WXA appliance and server are located. Enter a colon (:) after the WAN IP
address, and then enter the server port number.
•
Username—the username created by the Administrator.
•
Password—the password created by the Administrator.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
283
•
Domain—the domain name displayed in the SSL VPN > Server Settings page of the managing Dell
SonicWALL network security appliance’s management interface.
8
Click the Connect button.
9
Once the NetExtender Client is connected, click the WXAC tab, and then click the Install WAN
Acceleration Client button.
If the WXAC is already installed, there will be an option to upgrade to the latest version.
10 Once the WXAC is installed, click the Disconnect button.
The NetExtender Client login page displays.
11 Enter the information from Step 4 in the text-fields, then click the Connect button
This reconnects you to the server, which is required in order to activate WAN Acceleration.
12 Once you are connected, click the Properties button, then select Acceleration from the left-navigation
menu.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
284
The Acceleration screen displays.
13 Verify that the Enable Acceleration check box is selected.
NOTE: The Enable Acceleration check box is selected by default.
14 Exit the NetExtender Properties window, and then click the WXAC tab.
From this tab, you can view the WXAC data of files downloading from the server.
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
285
About Dell
Dell listens to customers and delivers worldwide innovative technology, business solutions and services they
trust and value. For more information, visit www.software.dell.com.
Contacting Dell
Technical support:
Online support
Product questions and sales:
(800) 306-9329
Email:
[email protected]
Technical Support Resources
Technical support is available to customers who have purchased Dell software with a valid maintenance
contract and to customers who have trial versions. To access the Support Portal, go to
https://support.software.dell.com/.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. In addition, the portal provides direct access to product support engineers through an
online Service Request system.
The site enables you to:
•
Create, update, and manage Service Requests (cases)
•
View Knowledge Base articles
•
Obtain product notifications
•
Download software. For trial software, go to Trial Downloads.
•
View how-to videos
•
Engage in community discussions
•
Chat with a support engineer
Dell SonicWALL WXA 1.3.2 for SonicOS 6.2
Administration Guide
286

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz