Aventail E-Class SRA 10.6.3 Administrator Guide - …

1 Aventail E-Class SRA Administrator Guide | 1. Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. 2013 dell Inc. Trademarks: dell , the dell logo, sonicwall , sonicwall GMS , sonicwall . ViewPoint , Aventail , Reassembly-Free Deep Packet Inspection , Dynamic security for the Global Network , sonicwall Aventail Advanced End Point Control (EPC ), sonicwall Aventail Advanced Reporting , sonicwall Aventail Connect Mobile , sonicwall Aventail Connect , sonicwall Aventail Native Access Modules , sonicwall . Aventail Policy Zones , sonicwall Aventail Smart Access , sonicwall Aventail Unified Policy , sonicwall Aventail Advanced EPC , sonicwall Clean VPN , sonicwall .

2 Clean Wireless , sonicwall Global Response Intelligent Defense (GRID) Network , sonicwall Mobile Connect , sonicwall SuperMassive E10000 Series, and all other sonicwall product and service names and slogans are trademarks of dell Inc. 2013 03 P/N 232-002174-00 Rev. A. 2. Table of Contents Chapter 1. Introduction .. 13. Features of Your E-Class SRA Appliance ..14. E-Class SRA Appliance Models ..14. Administrator Components ..14. User Access Components ..15. What's New in This Release ..17. System Requirements ..17. Client Components ..17. Server Components ..24. About the Documentation ..27. Document Conventions ..27. Chapter 2. Installation and Initial Setup .. 29. Network Architecture ..29. Preparing for the Installation ..30. Gathering Information ..31. Verifying Your Firewall Policies ..32. Helpful Management Tools ..33. Installation and Deployment Process.

3 33. Specifications and Rack Installation ..35. Front Panel Controls and Indicators ..37. Connecting the Appliance ..43. Powering Up and Configuring Basic Network Settings ..46. Web-Based Configuration Using Setup Wizard..47. Configuring the Appliance Using the Management Console ..48. Moving the Appliance into Production ..50. Powering Down and Restarting the Appliance ..51. Next Steps..52. Chapter 3. User Management .. 53. Overview: Users, Groups, Communities, and Realms ..53. Using Realms and Communities ..54. Viewing Realms..54. Default, Visible, and Hidden Realms ..56. Specifying the Default Realm ..57. Enabling and Disabling Realms..57. Best Practices for Defining Realms ..58. Configuring Realms and Communities ..58. Creating Realms ..58. Table of Contents | 3. Adding Communities to a Realm ..61. Creating and Configuring Communities..62. Network Tunnel Client Configuration.

4 68. Using the Default Community ..77. Changing the Order of Communities Listed in a Realm ..77. Configuring RADIUS Accounting in a Realm..78. Editing, Copying and Deleting Communities ..79. Managing Users and Groups ..79. Viewing Users and Groups ..79. Managing Users and Groups Mapped to External Repositories ..80. Managing Local User Accounts..89. Importing and Exporting Local Accounts ..94. Chapter 4. Working with Aventail Management Console .. 101. Logging In to AMC..101. Logging Out ..102. AMC Basics ..103. A Quick Tour of the AMC Interface ..103. Adding, Editing, Copying, and Deleting Objects in AMC ..108. Getting Help..110. Administrator Accounts ..111. Managing Administrator Accounts and Roles ..111. Avoiding Configuration File Conflicts with Multiple Administrators ..122. Managing Multiple dell sonicwall E-Class SRA Devices..123. Configuring an Appliance for GMS.

5 123. Configuring an Appliance for ViewPoint ..125. Working with Configuration Data ..126. Saving Configuration Changes to Disk ..126. Applying Configuration Changes ..126. Discarding Pending Configuration Changes ..128. Deleting Referenced Objects ..128. Chapter 5. Network and Authentication Configuration .. 131. Configuring Basic Network Settings ..131. Specifying System Identity ..132. Configuring Network Interfaces ..132. Configuring ICMP ..133. Viewing Fully Qualified Domain Names and Custom Ports..133. Configuring Fallback Servers for Connect Tunnel..133. Configuring Routing..135. Configuring Network Gateways ..135. Choosing a Network Gateway Option ..135. Configuring Network Gateways in a Dual-Homed Environment ..137. 4 | Aventail E-Class SRA Administrator Guide Configuring Network Gateways in a Single-Homed Environment ..138. Enabling a Route to the Internet.

6 139. Configuring Static Routes ..139. Configuring Name Resolution ..141. Configuring Domain Name Service ..141. Configuring Windows Network Name Resolution ..142. Certificates ..143. Server Certificates ..144. CA Certificates..152. Certificate FAQ ..159. Managing User Authentication ..160. About Intermediate Certificates ..160. Configuring Authentication Servers ..161. Configuring Microsoft Active Directory Servers ..164. Configuring LDAP and LDAPS Authentication ..177. Configuring RADIUS Authentication ..182. Configuring RSA Server Authentication ..186. Configuring a PKI Authentication Server ..187. Configuring a SAML Based Authentication Server ..189. Configuring a Single Sign-On Authentication Server..191. Using RSA ClearTrust Authentication ..193. Configuring Local User Storage ..195. Testing LDAP and AD Authentication Configurations ..198. Configuring Chained Authentication.

7 198. Enabling Group Affinity Checking in a Realm ..201. Using One-Time Passwords for Added security ..202. Next Steps..203. Chapter 6. security Administration .. 205. Creating and Managing Resources ..205. Resource Types ..205. Resources and Resource Groups ..208. Using Variables in Resource and WorkPlace Shortcut Definitions ..221. Creating and Managing Resource Groups ..228. Web Application Profiles ..230. Creating Forms-Based Single Sign-On Profiles ..235. Access Control Rules ..237. Configuring Access Control Rules..237. Resolving Deny Rule Incompatibilities ..250. Resolving Invalid Destination Resources ..251. Chapter 7. System Administration .. 253. Optional Network Configuration ..253. Table of Contents | 5. Enabling SSH Access from Remote Hosts ..253. Enabling ICMP..254. Configuring Time Settings ..255. System Logging and Monitoring ..256. Overview: System Logging and Monitoring.

8 256. Log Files ..257. Monitoring the Appliance ..267. SNMP Configuration ..277. Managing Configuration Data ..288. Exporting the Current Configuration to a Local Machine..289. Saving the Current Configuration on the Appliance ..289. Importing Configuration Data..290. Restoring or Exporting Configuration Data Stored on the Appliance ..291. Replicating Configuration Data ..291. Requirements for Replication ..292. Getting Started ..293. Defining a Collection of Appliances to Receive Configuration Data ..294. Beginning Replication ..296. Viewing Configuration Data Recipients ..298. Upgrading, Rolling Back, or Resetting the System ..299. Updating the System ..299. Rolling Back to a Previous Version ..302. Resetting the Appliance ..302. SSL Encryption ..303. Configuring SSL Encryption ..303. FIPS Certification ..305. Requirements for FIPS ..305. Managing FIPS-Compliant Certificates.

9 306. FIPS Violations ..306. Enabling FIPS ..307. Exporting and Importing FIPS-Compliant Certificates ..308. Disabling FIPS..308. Zeroization..309. Software Licenses ..309. How Licenses Are Calculated ..310. Viewing License Details..311. Managing Licenses ..312. Chapter 8. End Point Control .. 317. Overview: End Point Control ..317. How the Appliance Uses Zones and Device Profiles for End Point Control ..318. End Point Control Scenarios ..320. 6 | Aventail E-Class SRA Administrator Guide Managing EPC with Zones and Device Profiles ..324. Enabling and Disabling End Point Control..325. Zones and Device Profiles..325. Creating Zones for Special Situations ..345. Using the Virtual Keyboard to Enter Credentials ..351. Configuring Data Protection ..352. Chapter 9. The Aventail WorkPlace Portal .. 355. A Quick Tour of Aventail WorkPlace ..355. Home Page ..356.

10 Intranet Address Box ..359. Bookmarks..360. Custom RDP Bookmarks..360. Network Explorer Page ..360. Web Shortcut Access ..362. Configuring WorkPlace General Settings ..362. Working with WorkPlace Shortcuts ..363. Viewing Shortcuts ..364. Adding Web Shortcuts..365. Creating a Group of Shortcuts..366. Adding Network Shortcuts ..367. Adding Graphical Terminal Shortcuts ..368. Adding a Virtual Desktop Shortcut..377. Adding a Text Terminal Shortcut ..378. Editing Shortcuts ..379. WorkPlace Sites ..380. Adding WorkPlace Sites ..381. Modifying the Appearance of WorkPlace ..383. WorkPlace and Small Form Factor Devices ..385. Fully Customizing WorkPlace Pages ..389. WorkPlace Style Customization: Manual Edits ..389. Overview: Custom WorkPlace Templates ..390. How Template Files are Matched ..391. Customizing WorkPlace Templates..392. Giving Users Access to Aventail WorkPlace.