The
WAN Acceleration > Log
page provides a detailed list of the log event messages. On this page, you can configure how the Logs are viewed.
This section includes procedures for configuring the SonicWALL WXA series appliance. All
configuration procedures are performed on the SonicWALL NSA/TZ series appliance’s management interface. Refer to “Configuration Task List Overview” section
for details on the SonicWALL NSA/TZ management interface.This section includes the following subsections:
To configure your SonicWALL NSA/TZ to be used with the WXA series appliance, perform the
following steps:
Step 6
|
Enter
https://nsatzipaddress
. The SonicWALL user interface is displayed.
|
Step 8
|
Click the
Edit
button in the row for the port you want the SonicWALL WXA series appliance to be connected to.
|
The
Interface Settings General Tab
is displayed.
Step 12
|
Select the
Enable WAN Acceleration
checkbox.
|
b.
|
Select the
Interface Pre-Populate
checkbox and then select port X5
in the drop-down. The information will be auto populated.
|
Step 18
|
Click
Create static DHCP lease for WXA
. A DHCP lease will be set for the SonicWALL WXA series appliance.
|
The TCP Acceleration service can be deployed in three different deployment scenarios
including: site-to-site VPN, routed mode, and layer 2 bridge mode. This section explains how to configure these deployment scenarios in the following subsections:
To configure the TCP Acceleration service using a site-to-site Virtual Private Network (VPN),
follow the steps listed below:
Step 2
|
Click the
Configure
button for the VPN policy you wish to use.
|
The Configure VPN Policy pop-up window displays.
Your SonicWALL WXA series appliance is now configured to permit TCP Acceleration, see
Configuring the TCP Acceleration Tab
to finish configuring the TCP Acceleration service.
If you do not have a VPN configured on your network and you are using a custom routing policy,
you need to add two routing policies on each site: One for outgoing traffic, and one for incoming traffic. Both routing policies are configured to permit TCP Acceleration. The illustration below displays the configuration between two non-VPN sites. Refer to this Illustration as an example for the following sections:
The steps in this section are configured from the Remote Site. Follow the same steps for
configuring the Data Center.
The
Add Address Object Group pop-up window displays.
Step 3
|
Enter a name (
Data Center
) for the address object in the Name
text field.
|
Step 4
|
Click the
Zone Assignment
drop-down, select WAN
.
|
Step 5
|
Click the
Type
drop-down, select Network
.
|
The Route Policy Settings pop-up window displays.
Step 11
|
Click the
Source
drop-down, select Any
.
|
Step 12
|
Click the
Destination
drop-down, select the address object you created (Data Center
.)
|
Step 13
|
Click the
Service
drop-down, select Any
.
|
Step 14
|
Click the
Gateway
drop-down, select the X1 Default Gateway
.
|
Step 15
|
Click the
Interface
drop-down, select the X1
interface.
|
Step 16
|
Enter
1
in the Metric
text field. This gives the route policy a high priority level. A larger metric number would have a lower priority.
|
Step 17
|
Select the
Permit TCP Acceleration
checkbox.
|
The steps in this section are configured from the Remote Site. Follow the same steps for
configuring the Data Center.
Step 2
|
Click the
Add
button. The
Add Address Object Group pop-up window displays.
|
Step 3
|
Enter a name (
Remote Site
) for the address object in the Name
text field.
|
Step 4
|
Click the
Zone Assignment
drop-down, select LAN
.
|
Step 5
|
Click the
Type
drop-down, select Network
.
|
Step 10
|
Click the
Add
button. The Route Policy Settings pop-up window displays.
|
Step 11
|
Click the
Source
drop-down, select Data Center
.
|
Step 12
|
Click the
Destination
drop-down, select the address object you created (Remote Site
.)
|
Step 13
|
Click the
Service
drop-down, select Any
.
|
Step 14
|
Click the
Gateway
drop-down, select (0.0.0.0
).
|
Step 15
|
Click the
Interface
drop-down, select the X0
interface.
|
Step 16
|
Enter
1
in the Metric
text field. This gives the route policy a high priority level. A larger metric number would have a lower priority.
|
Step 17
|
Select the
Permit TCP Acceleration
checkbox.
|
The Configuration tab gives you the option to select the mode, service object, and address
object that are included or excluded from the TCP Acceleration service. Note: To view a list, create, and edit service objects, navigate to the Network > Address Objects
page. Below is examples of three different TCP Acceleration configurations:
To configure acceleration of all the service objects, except those excluded by default. Follow
the steps below:
Note: The option to choose a
TCP Acceleration Service Object
is read-only in this mode
Step 1
|
Navigate to
WAN Acceleration > TCP Acceleration.
|
Step 3
|
Select the
Enable TCP Acceleration
checkbox.
|
Step 4
|
In the
TCP Acceleration Mode
drop-down, select All TCP services except those excluded
by default
.
|
Step 5
|
In the
Address Object always excluded from TCP Acceleration
drop-down, select None
.
|
To configure acceleration of only the HTTP web traffic. Follow the steps below:
Step 1
|
Navigate to
WAN Acceleration > TCP Acceleration.
|
Step 3
|
Click the
Enable TCP Acceleration
checkbox.
|
Step 4
|
In the
TCP Acceleration Mode
drop-down, select Only TCP Services Specified in TCP
Acceleration Service Object
.
|
Step 5
|
In the
TCP Acceleration Service Object
drop-down, select HTTP
.
|
Step 6
|
In the
Address Object always excluded from TCP Acceleration
, select None
.
|
To configure acceleration of everything except Microsoft SQL database traffic or traffic to the
Guest Authentication Servers. Follow the steps below:
Step 1
|
Navigate to
WAN Acceleration > TCP Acceleration.
|
Step 3
|
Select the
Enable TCP Acceleration
checkbox.
|
Step 4
|
In the
WFS Acceleration Mode
drop-down, select All TCP services except those specified
in TCP Acceleration Service Object
and those excluded by default
.
|
Step 5
|
In the
TCP Acceleration Service Object
, select Microsoft Structured Query Language
(MS
SQL)
.
|
Step 6
|
In the
Address Object always excluded from TCP Acceleration
drop-down, select Guest
Authentication Servers
.
|
This section provides details on configuring WFS Acceleration. The SonicWALL WXA series
appliance must be connected to a SonicWALL NSA or TZ series appliance on a port other than X0 and X1. In this example, X5 is used as the connection to the SonicWALL WXA series appliance.
The SonicWALL WXA series appliance allows the user to reach such speeds because WFS
Acceleration is implemented between the two devices. This is how it works:
Once you have configured the network interface for the port you want to connect the
SonicWALL WXA series appliance to the SonicWALL NSA or TZ series appliance, you can configure WFS Acceleration.
Before you chose how you want to join the SonicWALL WXA series appliance to the domain,
you must enable WFS Acceleration on your SonicWALL NSA/TZ security appliance.
To configure WFS Acceleration on the SonicWALL NSA/TZ security appliance, perform the
following steps:
Step 2
|
Enter
https://nsatzipaddress
. The SonicWALL user interface is displayed.
|
Step 5
|
Click
Enable WFS Acceleration
, select X5 IP
in the ‘Public’ WFS Acceleration Address:
drop-down, and then click Apply Changes
.
|
After you have configured the network interface, enabled WFS Acceleration, and created a
DHCP Scope, you can configure the local and remote domains.
You can join the domain for WFS Acceleration using one of the following methods:
To join the domain manually, perform the following steps on the WXA series appliance at each
site:
Step 1
|
In the
WAN Acceleration > WFS Acceleration
page, select the Domain Details
Tab.
|
Step 4
|
Click
Join Domain
.
|
The
Join Domain
pop-up window displays.
Step 4
|
Click
Add New Server...
. The Add Server Pop-up window is displayed.
|
|
•
|
Local Device Name:
Text Field — Enter the domain name of the SonicWALL WXA series appliance on the local site or one of its SPN Aliases and must resolve to the public WFS IP address or select a local device name from the drop-down list.
|
|
•
|
Select the
Add All Shares:
Checkbox. Deselect this to add shares manually.
|
Step 4
|
Click
Add New Server...
.
|
Step 7
|
Explore the path
\\fastbox\
on the PC located at the remote site. After the first download of files, connection speed will improve because files are now cached on the WXA series appliance.
|
To auto-join the SonicWALL WXA series appliances, perform the following steps:
Step 3
|
In the
Enter the object name to select
text field, enter SELF
, and then click OK
.
|
Step 4
|
Click
Domain Details
. The Autodiscovered Domain Panel is populated with the information added in previous pages. If you do not see all checkboxes, refer to the Troubleshooting section of this document.
|
Step 6
|
Click
Add New Server...
. The Add Server Pop-up window is displayed.
|
|
•
|
Local Device Name:
Text Field — Enter the domain name of the SonicWALL WXA series appliance on the local site or one of its SPN Aliases and must resolve to the public WFS IP address or select a local device name from the drop-down list.
|
|
•
|
Select the
Add All Shares:
Checkbox. Deselect this to add shares manually.
|
Step 4
|
Click
Add New Server...
.
|
Step 7
|
Explore the path
\\fastbox\
on the PC located at the remote site. After the first download of files, connection speed will improve because files are now cached on the WXA series appliance
|
|
Note
|
If
Add All Shares
is not selected, the same local device name can have each manual share forwarded to a different server.
|
SonicWALL recommends that the zone properties of the interface that the WXA appliance is
connected to is a LAN zone. Setting the WXA appliance to a LAN zone is recommended because the default access rules associated with that zone allow traffic between the WXA appliances at both locations; therefore, there is no need for additional configuration to the access rules.
If you need to customize a zone for WFS acceleration, make sure VPN remote users are
allowed to access the WXA appliance. If additional domain controllers and file servers are located in any zone other than the LAN, necessary access rules must be configured to allow traffic from and to the WXA appliance to those zones as well as from and to the SonicWALL security appliance.
For example consider, at the data center, if the WXA appliance is deployed in the DMZ sone,
the access rules must be configured to allow traffic from VPN>DMZ and LAN>DMZ so that traffic to the WXA appliance from the VPN and from the LAN zones are allowed to the WXA appliance.
After both WXA appliances are added to the domain, corresponding Computer Accounts for
WXA appliances, DNS Host name, and PTR records are automatically created on the DC and DNS servers. For PTR records to be updated, relevant Reverse Lookup Zones must be configured on the DNS servers. Networks used for Reverse Lookup Zones depend on whether WFS acceleration is using NAT. If using NAT, the WXA appliance uses the NAT IP for WFS services and only the X0 subnets are used as networks in Reverse Lookup Zones. If the WXA appliances are not using NAT, the Reverse Lookup Zone network must also be configured for WXA subnets on both locations.
To add a PTR record, perform the following steps:
If you are adding shares that are hosted on two file servers at the data center, make sure you
configure the following:
When adding subsequent shares that are hosted on different file servers, you must create
SPNs on Active Directory (AD). These SPNs are used as Common Internet File System (CIFS) service names to map and access file server shares. CIFS is the file server protocol for Windows which was designed to operate over a LAN.
To add or configure shares that are hosted on FileServer2, perform the following steps:
setspn -A CIFS/WXA-4000-GMS WXA-4000
setspn -A CIFS/WXA-4000-GMS.utm.soniclab.us WXA-4000
setspn -L WXA-4000
setspn -A CIFS/WXA-2000-GMS WXA-2000
setspn -A CIFS/WXA-2000-GMS.utm.soniclab.us WXA-2000
setspn -L WXA-2000
Step 7
|
Configure FileServer1 on the data center as follows:
On the NSA/TZ security appliance, navigate to the WAN Acceleration > WFS Acceleration > Click the Shares tab, expand Shares in the Configuration column, and then click the Add New Shares.... The Add Server window appears.
|
Step 9
|
Configure FileServer2 on the data center as follows:
On the NSA/TZ security appliance, navigate to the WAN Acceleration > WFS Acceleration > Click the Shares tab, expand Shares in the Configuration column, and then click the Add New Shares.... The Add Server window appears.
|
If for some reason the creation on is unsuccessful, the domain admin can manually add the
SPN.
To manually add SPN hostnames in DNS, perform the following steps:
The WXA-4000 will resolve to X.X.1.100 and the WXA-2000 will resolve to A.A.240.1.
On the NSA/TZ security appliance, the
WAN Acceleration>WFS Acceleration>Shares
tab will display similar content as follows.
This section details how to verify if the TCP Acceleration and WFS Acceleration on your
SonicWALL WXA series appliance is configured correctly.
After you complete the TCP Acceleration configuration procedures, verify TCP Acceleration is
working by checking the WAN Acceleration > Statistics
Tab.
If the Statistics tab data and graphs do not display any information, TCP Acceleration is not
configured correctly or is disabled.
After completing the step-by-step WFS Acceleration configuration procedures. Verify WFS
Acceleration is working by two different methods:
|
•
|
Click the
Test Configuration
button in the WFS Acceleration > Domain Details
tab.
|
|
•
|
Click the
Run WFS Configuration Tests
button
in the WFS Acceleration > Tools
tab.
|
To verify that the WFS Acceleration was successful using the
WFS Acceleration > Domain
Details
tab, perform the following steps:
To verify that the WFS Acceleration service was successful using the WFS Acceleration > Tools
tab, perform the following steps:
Step 3
|
In the
Diagnostic Tools
drop-down, select Test WFS Configuration
.
|
Step 4
|
Click
Run WFS Configuration Test
. The results display when the test is complete.
|
Problem:
The Joined Domains checkbox is not selected in the Domain Details tab.
Solution:
Click
Join Domain
at the bottom of the page. When the Join Domain pop-up window is displayed, leave the fields empty, and then click Apply
.
This action will force the WXA series appliance to join the domain.
Problem:
When I click Create static DHCP lease for WXA
on the WAN Acceleration > Status page, I get an error message.
Solution:
If you changed any of the interface settings for the WXA series appliance, you must navigate to the WAN Acceleration > Advanced > Interface Settings tab and click Renew DHCP
Lease
.
If this does not work, click Reboot
on the WAN Acceleration > Advanced > Device Settings tab to reboot the WXA series appliance.