Manuals+

SonicWall™ Secure Mobile Access SMA 500v Virtual Appliance 8.6

Getting Started Guide

Overview

This Getting Started Guide contains installation procedures and configuration guidelines for deploying the SonicWall SMA 500v Virtual Appliance on a server on your network. The SMA 500v includes a software appliance, which has been pre-installed and pre-configured for VMware environments, and allows for the secure and easy development of SMA 500v Virtual Appliance solutions within a virtual environment.

The SMA 500v provides the following benefits:

For more SMA 500v information, refer to the SonicWall Secure Mobile Access Administrator's Guide. This and other documentation are available at: https://support.sonicwall.com/sonicwall-secure-mobile-access/sma%206200/technical-documents

Before You Begin

This section contains the following topics:

Supported Platforms

The elements of basic VMware structure must be implemented prior to deploying the SMA 500v. The following VMware platforms are supported:

You can use the following client applications to import the image and configure the virtual settings:

Requirements

The following are the minimum requirements for the SMA 500v:

Files for Installation

NOTE: You will use different files for a fresh installation than when updating to a newer version

SMA 500v is available for download from http://www.MySonicWall.com. For a fresh install, the Open Virtual Appliance (OVA) file with a file name similar to the following format is available for import and deployment to your ESXi server:

sw_smavm_eng_8.6.0.0_tip_5sv_966392.ova

Creating a MySonicWall Account

A MySonicWall account is required for product registration. If you already have an account, log in and continue to the Registration section.

To create a MySonicWall account:

  1. In your browser, navigate to http://www.MySonicWall.com.
  2. In the login screen, click the Register Now link.

A screenshot of the MySonicWall login page is displayed, showing fields for Username/Email and Password, a Login button, and a link for "Not a registered user? Register Now".

  1. Complete the registration form, then click Register.
  2. Verify that the information is correct, then click Submit.
  3. In the screen confirming that your account was created, click Continue.

NOTE: MySonicWall registration information is not sold or shared with any other company.

Installing the SMA 500v Virtual Appliance

The SMA 500v Virtual Appliance is installed by deploying an OVA file to your ESXi server. Each OVA file contains all software components related to the SMA 500v.

You can deploy the OVA files as needed for your SMA 500v environment. The SMA 500v can be configured for a single server or in a distributed environment on multiple servers.

This section contains the following topics:

Downloading the SMA 500v Virtual Appliance Software

This section details the process for downloading the SMA 500v software from MySonicWall. If you do not have a MySonicWall account, you can easily create one. Refer to Creating a MySonicWall Account on page 7 for more information.

To complete the download process:

  1. Navigate to www.MySonicWall.com.

A screenshot of the MySonicWall login page is displayed, showing fields for Username/Email and Password, a Login button, and a link for "Not a registered user? Register Now".

Installing the SMA 500v

You can deploy an OVA file by using the vSphere client, which comes with ESXi. For vSphere, point your browser to your ESXi server, and click Download vSphere Client.

VMware ESXi Welcome Screen Description:

The VMware ESXi welcome screen provides sections for "Getting Started" and "For Administrators".

Under "Getting Started", it suggests downloading the vSphere Client for remote access. It also mentions VMware vCenter for streamlining IT operations, consolidating workloads, reducing deployment time, monitoring the environment, avoiding disruptions, centralizing access control, and automating administration tasks. A link to the vSphere Documentation is also provided.

Under "For Administrators", it details the "vSphere Remote Command Line" for managing vSphere from a client machine, with options to download the Virtual Appliance, Windows Installer, or Linux Installer. It also describes the "Web-Based Datastore Browser" for finding and downloading files like virtual machine and virtual disk files, and browsing datastores. For developers, it mentions the "vSphere Web Services SDK" for writing management programs and browsing objects managed by the host.

To perform a fresh install of the SMA 500v using the vSphere client:

  1. Download the OVA file (similar to the file name format: sw_smavm_eng_8.6.0.0_tip_5sv_966392.ova) from MySonicWall to a system that is accessible to your ESXi server.
  2. Launch vSphere and use it to log on to your ESXi server. A screenshot of the VMware vSphere Client login window is shown, with fields for IP address/Name, User name, and Password.
  3. From the Home screen, click the Inventory icon to display the virtual appliances running on your ESXi server. A screenshot of the vSphere Client inventory view is shown, displaying hosts and clusters.
  4. To begin the import process, click File and select Deploy OVF Template.
  5. In the Source screen of the Deploy OVF Template window, under Deploy from a file or URL click Browse and then select the OVA file to import or type the URL of the OVA file. Click Next.
  6. In the OVF Template Details screen, verify the information about the selected file. To make a change, click the Source link to return to the Source screen, and select a different file. To continue, click Next.
  7. In the End User License Agreement screen, read the agreement, and click Accept. Then, click Next.
  8. In the Name and Location screen, enter a descriptive name for the virtual appliance in the Name field.
  9. Select the desired location in the Inventory Location field. Click Next.
  10. If using ESXi4, in the Disk Format screen, select either Thin provisioned format or Thick provisioned format. Thick provisioned format allocates the maximum storage space on disk immediately, while Thin provisioned allocates a small amount immediately and allocates extra storage as needed, up to the maximum. A screenshot of the Disk Format selection is shown.
  11. If using ESXi5, in the Disk Format screen, select:
    • Thick Provision Lazy Zeroed - Thick provisioned Lazy Zeroed format allocates the maximum storage space on disk immediately, but the blocks aren't actively zeroed out.
    • Thick Provision Eager Zeroed - Thick provisioned Eager Zeroed format allocates the maximum storage space on disk immediately and all allocated blocks are immediately zeroed out. Eager zeroing is slightly faster than Lazy zeroing because it doesn't have to periodically zero out blocks when more storage is needed.
    • Thin Provision - Thin provisioned format allocates a small amount immediately and allocates extra storage as needed, up to the maximum.
  12. In the Network Mapping screen, map the networks used in the OVF template to networks in your inventory. A screenshot of the Network Mapping screen is shown, with source and destination networks.
  13. In the Ready to Complete section, review and verify the displayed information. To begin the deployment with these settings, click Finish. Otherwise, click Back to navigate back through the screens to make a change. A screenshot of the Ready to Complete screen is shown.
  14. When the deployment is completed, click Finish in the Deployment Completed Successfully dialog box. The name of the new SMA 500v appears in the left pane of the vSphere window. A screenshot of the vSphere Client showing the completed deployment is displayed.

Using the SMA 500v Virtual Appliance

This section contains the following topics:

Configuring the SMA 500v Virtual Appliance

This section describes how to power on and configure basic settings on the SMA 500v Virtual Appliance, including virtual hardware settings and networking settings.

This section contains the following topics:

Powering the Virtual Appliance On or Off

There are multiple ways to power the SMA 500v on or off:

Configuring interface IP and route settings on the console

To open the console and configure the IP address and default route settings:

  1. In vSphere, right-click the SonicWall SMA 500v Virtual Appliance in the left pane and select Open Console in the right-click menu. A screenshot shows the right-click menu with "Open Console" highlighted.
  2. When the console window opens, click inside the window, type admin at the Login prompt and press Enter. Then, type password at the Password prompt and press Enter. The SNWLCLI> prompt is displayed. A screenshot of the console login prompt is shown.

NOTE: The mouse pointer disappears when you click in the console window. To release it, press Ctrl+Alt.

  1. Configure the local IP address for the virtual appliance with the command: interface eth0 <IP Address> <SubnetMask>
  2. Configure the DNS with the command: dns --namesrver <DNS IP>
  3. Configure the default route for the virtual appliance with the command: route --add default --destination <gateway IP>

You can test connectivity by pinging another server or your main gateway, for example:

ping <gateway IP>

Press Ctrl+c to stop pinging.

  1. Type exit to exit the CLI. Close the console window by clicking the X.

Using the Command Line Interface

The Command Line Interface (CLI) is a text-only mechanism for interacting with a computer operating system or software by typing commands to perform specific tasks. It is a critical part of the deployment of the SMA 500v Virtual Appliance, where basic networking needs to be configured from the console.

While the physical SMA 500v Virtual Appliance has a default IP address and network configuration that requires a client's network settings to be reconfigured to connect, as the network settings in the VMware virtual environment might conflict with the SonicWall defaults. The CLI utility remedies this by allowing basic configuration of the network settings when deploying the SMA 500v Virtual Appliance.

After the SMA 500v Virtual Appliance firmware has fully booted, a login prompt is displayed.

To access the CLI, login as admin. The password is the same as the password for the “admin” account configured on the appliance. The default is password.

sslvpn login: admin

Password: <password>

If an incorrect password is entered, the login prompt is displayed again. If the correct password is entered, the CLI is launched.

NOTE: The User input used in the examples highlighted in red indicates text entered by the user, there is no coloring of text done on the actual CLI.

Basic system information and network settings are displayed along with the main menu.

The main menu has six selections:

Setup Wizard

This option launches a simple wizard to change the basic network settings, starting with the X0 IP Address, X0 subnet mask, default gateway, primary and secondary DNS, and the hostname. The following CLI output illustrates an example where each field is changed:

X0 IP Address (default 192.168.200.1): 192.168.200.201

XO Subnet Mask (default 255.255.255.0): 255.255.0.0

Default Gateway (default 192.168.200.2): 192.168.200.1

Primary DNS: 10.50.128.52

Secondary DNS (optional, enter "none" to disable): 4.2.2.2

Hostname (default sslvpn): sra4200

New Network Settings:

X0 IP Address: 192.168.200.201

XO Subnet mask: 255.255.0.0

Default Gateway: 192.168.200.1

Primary DNS: 10.50.128.52

Secondary DNS: 4.2.2.2

Hostname: sra

Would you like to save these changes (y/n)?

If a field is not filled out, the prior value is retained, allowing you to change only a single field. After each field has been prompted, the new network settings are shown and a confirmation message is given for the user to review and verify the changes before applying them. The following shows the result when you save the changes:

Would you like to save these changes (y/n)? y

Saving changes...please wait....

Changes saved!

Press <Enter> to continue...

After saving the changes, press Enter to return to the original display of the System Information and Network Settings. Verify that the changes have taken effect

If no changes are saved, a message displays. Pressing Enter returns to the initial display of the System Information and Network settings.

NOTE: When applying settings that change the IP address, there might be a delay of up to five seconds as the interface settings are updated.

Reboot

Selecting this option displays a confirmation prompt, and then reboots:

Reboot

Are you sure you want to reboot (y/n)?

Restart SSL VPN Services

This option displays a confirmation prompt, and then restarts the Web server and the related SSL-VPN daemon services. This command is equivalent to issuing the Easy Access Ctrl restart command.

Restart SSL-VPN Services

Are you sure you want to restart the SSL-VPN services (y/n)? y

Restarting SSL-VPN services...please wait.

Stopping SMM: [ OK ]

Stopping Firebase : [ OK ]

Stopping FTP Session: [ OK ]

Stopping HTTPD: [ OK]

Cleaning Apache State: [ OK ]

Stopping Graphd : [ OK ]

Cleaning Temporary files......

Starting SMM: [ OK ]

Starting firebase: [ OK ]

Starting httpd: [ OK]

Starting ftpsession: [ OK]

Starting graphd: [ OK

Restart completed...returning to main menu...

Logout

The logout option ends the CLI session and returns to the login prompt.

NOTE: The X0 interface is the only interface configurable through the CLI. Currently, configuring any other interfaces using the CLI on a SonicWall SMA 500v Virtual Appliance is not supported.

Save TSR to Flash

Saves the Technical Support Report to flash memory on the SMA 500v Virtual Appliance.

Display EULA

Displays the End User License agreement associated with the SMA 500v Virtual Appliance.

Configuring Settings on the Appliance Web Interface

This section provides procedures to configure the remaining appliance settings as you would for the SonicWall SMA 500v Virtual Appliance hardware appliance.

To complete the host configuration:

  1. Launch a browser and enter the URL of the virtual appliance.
  2. On the appliance interface login page, type in the default credentials and then click Login. The default credentials are:

User - admin

Password - password

After you login, the SMA 500v Virtual Appliance management interface is displayed.

A screenshot of the SonicWall Secure Mobile Access management interface is shown, with sections for System, Licenses, Time, Settings, Administration, Certificates, Monitoring, Diagnostics, Restart, and About. Key information displayed includes System Information (Model, Serial Number, Firmware Version, CPU, Memory, System Time, Up Time, Active Users), Licenses & Registration, Network Interfaces, and Latest Alerts.

To-Do List items:

System Information:

Licenses & Registration:

Latest Alerts:

Network Interfaces:

3 Configure your settings for the SMA 500v.

Registering Your Appliance

This section contains information about registering your SMA 500v Virtual Appliance.

You must purchase a license and register your SMA 500v before first use. Registration is performed using the appliance management interface. When registration is completed, SMA 500v will be licensed and ready to use.

For the 30-Day Trial Virtual Appliance registration process, refer to Registering the 30-day Trial Virtual Appliance on page 25.

SMA 500v provides user-based licensing. By default, the virtual appliance comes with a 5-user license. Extra licenses can be added in 5, 10, and 25 user denominations, up to a maximum that allows for 50 concurrent user sessions.

Licensing is controlled by SonicWall's license manager service, and customers can add licenses through their MySonicWall accounts. Unregistered units support the default license allotment for their model, but the unit must be registered in order to activate additional licensing from MySonicWall.

License status is displayed in the SMA 500v Virtual Appliance management interface, on the Licenses & Registration section of the System > Status page.

Communication with the SonicWall Licensing Manager is necessary while using the SMA 500v Virtual Appliance, and requires Internet access.

If a user attempts to log in to the Virtual Office portal and there are no more available user licenses, the login page will display the error, "No more User Licenses available. Please contact your administrator." The same error is displayed if a user launches the NetExtender client when all user licenses are in use. These login attempts are logged with a similar message in the log entries, displayed in the Log > View page. You can add user licenses if this occurs regularly. For occasional spikes in remote access needs, you can purchase a Spike License to temporarily increase the number of remote users your virtual appliance can support. See the SonicWall Secure Mobile Access Administrator's Guide for more information.

To register your SMA 500v:

  1. Log in to your SMA 500v. The System > Status page displays.
  2. Navigate to the System > Licenses page.
  3. Enter your MySonicWall.com account username and password in the appropriate fields. Click Submit.
  4. The Administration section displays. Enter the Serial Number, Authentication Code, and Friendly Name for your SonicWall appliance. Click Submit to finish the registration process.
  5. You have successfully registered your SMA 500v. Click Continue to view the Manage Licenses screen or continue configuring other settings within the appliance.

Using the 30-day Trial Version

The SMA 500v Virtual Appliance is offered in a 30-day Trial version. The installation, registration, and functionality of the 30-Day Trial appliance is the same as the full SMA 500v, except for differences noted below in Deployment Considerations. An email is sent from the SonicWall License Manager to warn you when your trial is near its expiration date.

To upgrade to the full version:

You must install the SMA 500v software before registering for your 30-Day Trial. For more information on obtaining the software, see Downloading the SMA 500v Virtual Appliance Software on page 8.

This section contains the following topics:

Deployment Considerations

The following is a list of deployment considerations for the 30-day Trial version:

Registering the 30-day Trial Virtual Appliance

This section details registration of the SonicWall 30-day Trial Virtual Appliance.

NOTE: Before starting the registration process, contact SonicWall Sales to obtain your serial number and authorization code.

To register the 30-day Trial:

  1. Log in to your SMA 500v.
  2. Navigate to the System > Licenses page. A screenshot of the System > Licenses page is shown, displaying various services and their status.
  3. Click the Activate, Upgrade, or Renew services link.
  4. Enter your MySonicWall account name and password, then click Submit. A screenshot of the License Management section is shown, with fields for MySonicWall username/email and password.
  5. Enter the Serial Number, Authentication Code, and a Friendly Name.
  6. Click Submit.
  7. When the registration confirmation page displays, click Continue.

Upgrading Your Appliance

This section contains the following topics:

Obtaining the Latest Image Version

To obtain a new SMA 500v image file for your security appliance:

  1. Go to www.MySonicWall.com and connect to your MySonicWall account.

NOTE: If you have already registered your SMA 500v and you selected to be notified when new firmware is available on the System > Settings page, you are automatically notified of any updates available for your model.

  1. Copy the new SMA 500v image file to a directory on your management station. For the Virtual Appliance, this is a file such as:

sw_smavm_eng_8.6.0.0_tip_5sv_966392.sig

Exporting a Copy of Your Configuration Settings

Before beginning the update process, export a copy of your SMA 500v Virtual Appliance configuration settings to your local machine. The Export Settings feature saves a copy of your current configuration settings on your SMA 500v, protecting all your existing settings in the even that it becomes necessary to return a previous configuration state.

NOTE: Exporting and Importing system configuration settings is supported when upgrading from a SonicWall SRA 4600 appliance to an SMA 500v.

To save a copy of your configuration settings and export them to a file on your local management station, click the Export Settings button on the System > Settings page and save the settings file to your local machine. The default settings file is named sslvpnSettings.zip.

NOTE: To more easily restore settings in the future, rename the .zip file to include the version of the SMA 500v image from which you are exporting the settings.

Uploading a New Image

SMA 500v Virtual Appliances do not support downgrading an image and using the configuration settings file from a higher version. To downgrade to a previous version of a SMA 500v image, you must create a new Virtual Machine or load a snapshot taken earlier.

To upload a new SMA 500v Virtual Appliance image:

  1. Download the SMA 500v image file and save it to a location on your local computer.
  2. Select Upload New Firmware from the System > Settings page. Browse to the location where you saved the SMA 500v Virtual Appliance image file, select the file, and click the Upload button. The upload process can take up to one minute.
  3. When the upload is complete, you are ready to reboot your SMA 500v with the new SMA 500v Virtual Appliance image. Do one of the following:
    • To reboot the image with current preferences, click the boot icon for New Firmware.
    • To reboot the image with factory default settings, click the boot icon for New Firmware and select the check box to Boot with factory default settings.

NOTE: Be sure to save a backup of your current configuration settings to your local computer before rebooting the SonicWall SMA 500v Virtual Appliance with factory default settings, as described in the previous "Exporting a copy of your configuration settings" section.

  1. A warning message dialog is displayed saying Are you sure you wish to boot this firmware? Click OK to proceed. After clicking OK, do not power off the device while the image is being uploaded to the hard disk.
  2. After successfully uploading the image to your SMA 500v, the login screen is displayed. The updated image information is displayed on the System > Settings page.

SonicWall Support

Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract and to customers who have trial versions.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://support.sonicwall.com/.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. In addition, the Support Portal provides direct access to product support engineers through an online Service Request system.

The Support Portal enables you to:

To contact SonicWall Support, refer to https://support.sonicwall.com/contact-support.

PDF preview unavailable. Download the PDF instead.

sma-8-6-500v-getting-started-guide Acrobat Distiller 10.1.16 (Windows)

Related Documents

Preview SonicWall Secure Mobile Access 10.0 User Guide
A comprehensive user guide for SonicWall Secure Mobile Access 10.0, detailing how to use the Virtual Office portal for secure remote access, including NetExtender, file shares, and bookmark management.
Preview SonicWall Secure Mobile Access 10.2 Upgrade Guide for SMA 100
This guide provides instructions for upgrading SonicWall Secure Mobile Access (SMA) 100 Series systems to the latest version of SMA 10.2.1. It also covers importing configuration settings from earlier versions.
Preview SonicWall SMA 100 Series Security Best Practice Guide
A comprehensive guide to implementing security best practices for the SonicWall SMA 100 Series, covering multi-factor authentication, secure configurations, and advanced security features.
Preview SonicWall SMA Appliance Integration Guide: Configuring TOTP with Google Authenticator
This guide details the configuration of Time-based One-Time Password (TOTP) multi-factor authentication using Google Authenticator on SonicWall Secure Mobile Access (SMA) appliances running SMA 10.0.
Preview Network Security Manager for VMware and Hyper-V: Getting Started Guide
This guide provides instructions for setting up and configuring SonicWall's Network Security Manager (NSM) for VMware and Hyper-V environments. Learn how to deploy NSM as a SaaS or on-premises solution, manage firewalls, and utilize security features.
Preview SonicWall Secure Mobile Access 12.4 Connect Tunnel User Guide
This user guide provides comprehensive instructions for using the SonicWall Secure Mobile Access 12.4 Connect Tunnel client, covering installation, login procedures, connection management, and troubleshooting for both administrators and users.
Preview SonicWall NSv Getting Started Guide for KVM
A comprehensive guide to installing and configuring SonicWall NSv virtual firewall appliances on KVM/QEMU environments. Covers system requirements, deployment on Ubuntu and CentOS, licensing, and management.
Preview SonicOS 7.1 System Administration Guide
A comprehensive guide to administering and monitoring the SonicWall family of firewalls using SonicOS 7.1. This document details network configuration, security services, and advanced features for network administrators.