Aventail EX-2500/1600/750 STv(Ver.8.9) Sep 2007 c 2007 SonicWALL,Inc. All rights reserved.
SonicWALL Aventail EX-2500/1600/750 v8.9 1 4 2 4 3 5 3.1................................................ 5 3.2.................................. 5 3.3............................................ 5 3.4...................................... 5 3.5.............................................. 6 3.6............................................ 6 3.7............................................. 6 4 7 4.1......................................... 7 4.2............................................ 8 4.3......................................... 9 4.4....................................... 9 4.5............................................. 9 5 VPN 10 5.1........................................... 10 5.2........................................... 11 5.3............................................. 15 5.4............................................ 16 5.5..................................... 17 5.6.............................................. 18 5.7....................................... 19 6 21 6.1........................................ 22 6.2........................................ 23 6.3......................................... 25 6.4 ACL............................... 26 6.5................................................ 27 c 2007 Aventail Corporation. All rights reserved. 2
7 27 7.1 End Point Control................................... 28 7.2 Device Profile...................................... 29 7.3........................................... 30 7.4.................................. 31 7.5 ASD Default Zone.................................. 32 7.6................................. 33 7.7........................................... 35 7.8 Aventail Secure Desktop................................. 35 8 36 1 2007 9 1 SonicWALL Aventail EX c 2007 Aventail Corporation. All rights reserved. 3
1 2 ASAP Management Console(AMC PC Windows XP Pro Home SP2 Internet Explorer 6.0 SP1 PC Windows XP Pro Home SP2 Internet Explorer 6.0 SP1 ActiveX Sun JVM 1.5.01 plug-in OS EX c 2007 Aventail Corporation. All rights reserved. 4
3 EX PC EX VT100 9600 1 3.1 root 3.2 y Do you accept the terms of the license agreement? (n) y 3.3 root AMC Please enter a password for the administrator of the appliance. known as the "root" password. This is also Password: ******** Confirm password: ******** 3.4 EX INT2 IP PC INT2 IP Gateway Please enter network settings for the internal interface (labeled "2" on the appliance). If you are on the same network as the appliance, press ENTER when prompted for a gateway. IP address: 192.168.0.10 c 2007 Aventail Corporation. All rights reserved. 5
Subnet mask: 255.255.255.0 Gateway: 3.5 ENTER Please review the information you provided. current value, otherwise enter a new value. Press ENTER to accept the IP address [192.168.0.10]: Subnet mask [255.255.255.0]: Gateway: 3.6 n Install node in a cluster? (n) 3.7 Do you want to save and apply the configuration settings? (y) Setup complete! To continue configuring the appliance, connect to https://192.168.0.10:8443/console. See the product documentation for more information. PC https://<int2_ip_address>:8443/console admin c 2007 Aventail Corporation. All rights reserved. 6
4 4.1 System Configuration Network Settings Basic edit mydomain.co.jp AventailSSLVPN External IF IP 192.168.1.10 255.255.255.0 auto Ping Enable ICMP pings c 2007 Aventail Corporation. All rights reserved. 7
Save Apply Changes 4.2 Network Settings Name Resolution edit Search Domains DNS WINS Windows Search Domains internal.mydomain.co.jp DNS 192.168.0.100 WINS 192.168.0.100 Windows MYDOMAIN Windows Windows c 2007 Aventail Corporation. All rights reserved. 8
4.3 General Settings Appliance Options edit Date/Time Time Zone Save Apply Changes Change Set 4.4 License edit Import License... Save 4.5 SSL Settings SSL Certificates edit AMC WorkPlace New Certificate Create self-signed certificate c 2007 Aventail Corporation. All rights reserved. 9
Fully qualified domain name DNS IF IP ( 192.168.1.10) Organization Mycompany Country JP Used by WorkPlace/access methods Pending Changes VPN 1. 2. 3. / 4. 5. 5 VPN 5.1 System Configuration Authentication servers New User store Local user storage Credential type Username / Password c 2007 Aventail Corporation. All rights reserved. 10
Continue 5.2 User Access Realms New Authentication server Next c 2007 Aventail Corporation. All rights reserved. 11
Default Community Default community Create New... 1 1 Next c 2007 Aventail Corporation. All rights reserved. 12
UDP Smart Tunnel Access Network Tunnel Client Configure IP Address Pool Edit IP New Routed address pool - static New IP IP 10.0.0.0 255.255.255.0 c 2007 Aventail Corporation. All rights reserved. 13
IP IP IP OK Address Pools IP Save c 2007 Aventail Corporation. All rights reserved. 14
OK Finish Finish 5.3 Security Administration Users & Groups Local Accounts New Realm user1 c 2007 Aventail Corporation. All rights reserved. 15
RADIUS Active Directory LDAP PKI 6 5.4 Web SMTP,POP3 Resources New 8 3 URL Name Description URL http://intra.internal.mydomain.co.jp Create shortcut on ASAP WorkPlace Host name or IP C/S Name Description (POP3,SMTP) Host name or IP mail.mydomain.co.jp c 2007 Aventail Corporation. All rights reserved. 16
Network share Name Description Network share \\192.168.0.100\employee Create shortcut on ASAP WorkPlace 5.5 Security Administration Access Control New Basic Settings From Edit Any Save To 3 Number 2 Description Action Permit From Any@ c 2007 Aventail Corporation. All rights reserved. 17
To Number 3 Description Action Permit From Any@ To Number 4 Description Action Permit From Any@ To Advanced Destination restrictions Read/Write Read VoIP UDP FTP 2 Basic Settings User Resouces 5.6 Pending Changes c 2007 Aventail Corporation. All rights reserved. 18
Apply Changes Your configuration changes were successfully submitted. 5.7 EX EXT1 IP https://192.168.1.10 user1 Aventail Aventail Access Manager Aventail Access Manager WorkPlace c 2007 Aventail Corporation. All rights reserved. 19
Aventail All deny c 2007 Aventail Corporation. All rights reserved. 20
1 mail.mydomain.co.jp Outlook Express 6 Active Directory ACL c 2007 Aventail Corporation. All rights reserved. 21
6.1 Authentication Server Active Directory Directory Type/Protocol: Microsoft Active Directory Credential Type: Username/Password c 2007 Aventail Corporation. All rights reserved. 22
Name Active Directory domain controller AD FQDN IP Active Directory domain name AD Login Name adamin AD Password Test Valid connection! AD RADIUS RADIUS UDP 1645 1812 192.168.0.100:1812 6.2 AD Realms New Name EPC Authentication Server Active Directory Next c 2007 Aventail Corporation. All rights reserved. 23
Default Community Create new Comm2 EPC Next 13 Network Tunnel Client configure IP IP c 2007 Aventail Corporation. All rights reserved. 24
Finish Save Default realm 6.3 Security Administrations Users & Groups Groups New Directory Search LDAP Look in EPC Search Active Directory / Insert Selected Group c 2007 Aventail Corporation. All rights reserved. 25
DN 6.4 ACL ACL 2: 3: c 2007 Aventail Corporation. All rights reserved. 26
4: EX ACL Windows Pending Changes Apply Changes 6.5 PC WorkPlace EPC EPC 7 WorkPlace ACL ACL From: Any@ EPC 7 Aventail / PC Default Zone Default Zone Aventail Secure Desktop c 2007 Aventail Corporation. All rights reserved. 27
PC VPN EPC ASD ASD Aventail Secure Desktop Windows Vista 1. End Point Control 2. 3. 4. 5. 7.1 End Point Control End Point Control General Settings Appliance options Edit Enable End Point Control Enable Aventail Secure Desktop Agent Configuration End Point Control Agent Data Protection Edit Aventail Secure Desktop Enable Aventail Secure Desktop Allow user to switch between desktops c 2007 Aventail Corporation. All rights reserved. 28
7.2 Device Profile End Point Control Device Profiles Device Profile PC New Microsoft Windows Device Profile Definition c 2007 Aventail Corporation. All rights reserved. 29
Name Description Operation System Windows Type Application Application notepad.exe Add to Current Attributes Device Profile 7.3 EPC EPC EndPointControl End Point Control zones New Standard Zone Name Description Device Profile c 2007 Aventail Corporation. All rights reserved. 30
AND OR 7.4 Comm2 Realms EPC Comm2 End Point Control restrictions Standard zones In Use c 2007 Aventail Corporation. All rights reserved. 31
Comm2 7.5 ASD Default Zone Default Zone Aventail Secure Desktop Default Zone End Point Control Default Zone Required data protection tool Aventail Secure Desktop Save c 2007 Aventail Corporation. All rights reserved. 32
7.6 Access Control End Point Control zones Edit Default Zone 2 Save Any Default Zone c 2007 Aventail Corporation. All rights reserved. 33
3 2: From: Any@ EPC To: Zones: 3: From: Any@ EPC To: Zones: Default Zone, 4: From: Any@ EPC To: Zones: 2 3 4 Default Zone 3 c 2007 Aventail Corporation. All rights reserved. 34
7.7 WorkPlace 3 WorkPlace 2 EPC WorkPlace Aventail Secure Desktop WorkPlace Default Zone EPC 7.8 Aventail Secure Desktop PC PC WorkPlace VPN ASD c 2007 Aventail Corporation. All rights reserved. 35
Aventail STv 評価ガイド す 先ほどクライアント PC 上に保存したファイルが削除されていることを確認します 図 3 ASD がダウンロードしたデータを消去 8 工場出荷状態に戻す すべての設定を消去し 工場出荷状態に戻して一から設定を始めるには シリアル経由で EX にログインし 以下のコマンドを実行します AventailSSLVPN:/# config_reset お問い合わせ先 ³ 製品のご購入に関するお問い合わせは 弊社パートナー様 または Japan@SonicWALL.com までお問い合わせ下さい µ c 2007 SonicWALL,Inc. SonicWALL は SonicWALL,Inc. の登録商標です Aventail Aventail EX-2500 Aventail EX1600 Aventail EX-750 Aventail ASAP WorkPlace Aventail OnDemand Aventail Connect およびそれに対応するロゴ は SonicWALL,Inc. の商標 サービスマーク または登録商標です また このガイドに記載されているその他の製品名 および会社名は 各社の商標です c 2007 Aventail Corporation. All rights reserved. 36