User Manual
Table Of Contents
- Document Contents
- SonicWALL NSA E6500
- Pre-Configuration Tasks
- Registering Your Appliance
- Deployment Scenarios
- Selecting a Deployment Scenario
- Scenario A: NAT/Route Mode Gateway
- Scenario B: State Sync Pair in NAT/Route Mode
- For network installations with two SonicWALL NSA E-Series appliances configured as a stateful synchronized pair for redundant high-availability networking.
- In this scenario, one SonicWALL NSA E6500 operates as the primary gateway device and the other SonicWALL NSA E6500 is in passive...
- Scenario C: L2 Bridge Mode
- In this scenario, the original gateway is maintained. The SonicWALL NSA E6500 is integrated seamlessly into the existing network...
- Initial Setup
- System Requirements
- Connecting the WAN Port
- Connecting the LAN Port
- Applying Power
- Accessing the Management Interface
- Accessing the Setup Wizard
- Connecting to Your Network
- Testing Your Connection
- Activating Licenses in SonicOS
- Upgrading Firmware on Your SonicWALL
- Obtaining the Latest Firmware
- Saving a Backup Copy of Your Preferences
- Upgrading the Firmware
- Using SafeMode to Upgrade Firmware
- Configuring a State Sync Pair in NAT/Route Mode
- Configuring L2 Bridge Mode
- Selecting a Deployment Scenario
- Additional Deployment Configuration
- Support and Training Options
- Rack Mounting Instructions
- Product Safety and Regulatory Information
Page 42 An Introduction to Zones and Interfaces
An Introduction to Zones and Interfaces
Zones split a network infrastructure into logical areas, each with
its own set of usage rules, security services, and policies. Most
networks include multiple definitions for zones, including those
for trusted, untrusted, public, encrypted, and wireless traffic.
Some basic (default) zone types include:
WAN - Untrusted resources outside your local network
LAN - Trusted local network resources
WLAN - Local wireless network resources originating from
SonicWALL wireless enabled appliances such as SonicPoints.
DMZ - Local network assets that must be accessible from the
WAN zone (such as Web and FTP servers)
VPN - Trusted endpoints in an otherwise untrusted zone, such
as the WAN
The security features and settings configured for the zones are
enforced by binding a zone to one or more physical interfaces
(such as, X0, X1, or X2) on the SonicWALL UTM appliance.
The X1 and X0 interfaces are preconfigured as WAN and LAN
respectively. The remaining ports can be configured to meet the
needs of your network, either by using basic zone types (WAN,
LAN, WLAN, DMZ, VPN) or configuring a custom zone type to
fit your network requirements (for example: Gaming Console
Zone, Wireless Printer Zone, Wireless Ticket Scanner Zone).
Creating Network Access Rules
A Zone is a logical grouping of one or more interfaces designed
to make management, such as the definition and application of
access rules, a simpler and more intuitive process than
following a strict physical interface scheme.
By default, the SonicWALL security appliance’s stateful packet
inspection allows all communication from the LAN to the
Internet, and blocks all traffic from the Internet to the LAN. The
following behaviors are defined by the “Default” stateful
inspection packet access rule enabled in the SonicWALL
security appliance:
Originating Zone Destination Zone Action
LAN, WLAN WAN, DMZ
Allow
DMZ WAN
Allow
WAN DMZ
Deny
WAN and DMZ LAN or WLAN
Deny
NSA_E6500_GSG.book Page 42 Wednesday, June 17, 2009 7:16 PM