User Manual
Table Of Contents
- Document Contents
- SonicWALL NSA E6500
- Pre-Configuration Tasks
- Registering Your Appliance
- Deployment Scenarios
- Selecting a Deployment Scenario
- Scenario A: NAT/Route Mode Gateway
- Scenario B: State Sync Pair in NAT/Route Mode
- For network installations with two SonicWALL NSA E-Series appliances configured as a stateful synchronized pair for redundant high-availability networking.
- In this scenario, one SonicWALL NSA E6500 operates as the primary gateway device and the other SonicWALL NSA E6500 is in passive...
- Scenario C: L2 Bridge Mode
- In this scenario, the original gateway is maintained. The SonicWALL NSA E6500 is integrated seamlessly into the existing network...
- Initial Setup
- System Requirements
- Connecting the WAN Port
- Connecting the LAN Port
- Applying Power
- Accessing the Management Interface
- Accessing the Setup Wizard
- Connecting to Your Network
- Testing Your Connection
- Activating Licenses in SonicOS
- Upgrading Firmware on Your SonicWALL
- Obtaining the Latest Firmware
- Saving a Backup Copy of Your Preferences
- Upgrading the Firmware
- Using SafeMode to Upgrade Firmware
- Configuring a State Sync Pair in NAT/Route Mode
- Configuring L2 Bridge Mode
- Selecting a Deployment Scenario
- Additional Deployment Configuration
- Support and Training Options
- Rack Mounting Instructions
- Product Safety and Regulatory Information
SonicWALL NSA E6500 Getting Started Guide Page 35
Synchronizing Settings
Once you have configured the HA setting on the Primary
SonicWALL security appliance, click the Synchronize Settings
button. You should see a HA Peer Firewall has been updated
message at the bottom of the management interface page. Also
note that the management interface displays Logged Into:
Primary SonicWALL Status: (green ball) Active in the upper-
right-hand corner.
By default, the Include Certificate/Keys setting is enabled.
This specifies that Certificates, CRLs and associated settings
(such as CRL auto-import URLs and OCSP settings) are
synchronized between the Primary and Backup units. When
Local Certificates are copied to the Backup unit, the associated
Private Keys are also copied. Because the connection between
the Primary and Backup units is typically protected, this is
generally not a security concern.
Tip: A compromise between the convenience of
synchronizing Certificates and the added security of not
synchronizing Certificates is to temporarily enable the
Include Certificate/Keys setting and manually
synchronize the settings, and then disable Include
Certificate/Keys.
To verify that Primary and Backup SonicWALL security
appliances are functioning correctly, wait a few minutes, then
power off the Primary SonicWALL device. The Backup
SonicWALL security appliance should quickly take over.
From your management workstation, test connectivity through
the Backup SonicWALL by accessing a site on the public
Internet – note that the Backup SonicWALL, when active,
assumes the complete identity of the Primary, including its IP
addresses and Ethernet MAC addresses.
Log into the Backup SonicWALL’s unique LAN IP address. The
management interface should now display Logged Into:
Backup SonicWALL Status: (green ball) Active in the upper-
right-hand corner.
Now, power the Primary SonicWALL back on, wait a few
minutes, then log back into the management interface. If
stateful synchronization is enabled (automatically disabling
preempt mode), the management GUI should still display
Logged Into: Backup SonicWALL Status: (green ball)
Active in the upper-right-hand corner.
If you are using the Monitor Interfaces feature, experiment with
disconnecting each monitored link to ensure correct
configuration.
NSA_E6500_GSG.book Page 35 Wednesday, June 17, 2009 7:16 PM