WANaccel_Logs
WAN Acceleration > Logs
The WAN Acceleration > Log page provides a detailed list of the log event messages. On this page, you can configure how the Logs are viewed.
|
|
WAN Acceleration > Log |
|
Refreshes the WAN Acceleration > Logs page. The refresh interval
can be entered in the box to the right of the Refresh symbol. The interval can be increased to a maximum of 600 seconds. |
|
|
Filters the log messages by entering part of a message in the text field. |
|
|
Filter the results by selecting from the drop-down lists and entering text into the priority, category, and message text fields. |
|
|
Download all logs as comma separated values for the time, priority, category, and message fields. |
Configuring WAN Acceleration
This section includes procedures for configuring the SonicWALL WXA series appliance. All configuration procedures are performed on the SonicWALL NSA/TZ series appliance’s management interface. Refer to “Configuration Task List Overview” section for details on the SonicWALL NSA/TZ management interface.This section includes the following subsections:
Configuring the Network Interface for the SonicWALL WXA Series Appliance
To configure your SonicWALL NSA/TZ to be used with the WXA series appliance, perform the following steps:
|
|
Open a Web browser. |
|
|
Enter
https://nsatzipaddress
. The SonicWALL user interface is displayed. |
|
|
Navigate to the Network > Interfaces page. |
|
|
Click the Edit button in the row for the port you want the SonicWALL WXA series appliance to be connected to. |
The Interface Settings General Tab is displayed.
|
|
Enter and do the following: |
|
|
|
Zone: Drop-down — LAN |
|
|
|
Mode/IP Assignment: Drop-down — Static IP Mode |
|
|
|
IP Address: Text Field — Enter the IP Address for the port. This example uses 10.203.30.162. |
|
|
|
Subnet Mask: Text Field — Enter the subnet mask for the port. |
|
|
|
(Optional) Comment: Text Field
— Enter text that describes the device. For example, WXA connection. |
|
|
|
(Optional) Management: checkboxes — Select the management methods. |
|
|
|
Click OK . |
|
|
Navigate to the Network > DHCP Server page. |
|
|
Navigate to the WAN Acceleration page. |
|
|
Select the Enable WAN Acceleration checkbox. |
|
|
|
This example assumes that the correct DNS server has already been entered in the Network > DNS page. If you have not entered the DNS server, you can overwrite the DNS specified in the Network > DNS Server > Click the Edit button for the lease you want to change, and then click DNS/WINS tab. Enter the DNS IP Addresses in the text fields provided. |
|
|
Under the DCHP Server Lease Scopes, click
Add Dynamic
. The Dynamic Range Configuration window is displayed. |
|
|
Do the following: |
|
|
Select the Enable this DHCP Scope checkbox. |
|
|
Select the
Interface Pre-Populate
checkbox and then select port X5
in the drop-down. The information will be auto populated. |
|
|
Click OK . |
|
|
Connect an Ethernet cable from the SonicWALL WXA series appliance to the X5 port on the SonicWALL NSA/TZ security appliance. |
|
|
Confirm that the SonicWALL NSA/TZ has a DCHP lease for the SonicWALL WXA.
Navigate to the Network > DHCP Server page. |
|
|
Navigate to the WAN Acceleration > Status page. |
|
|
Click
Create static DHCP lease for WXA
. A DHCP lease will be set for the SonicWALL WXA series appliance. |
|
|
Verify that the lease was created. Navigate to the
Network > DHCP Server
page. A dynamic range is set for the WXA appliance. |
Configuring TCP Acceleration
The TCP Acceleration service can be deployed in three different deployment scenarios including: site-to-site VPN, routed mode, and layer 2 bridge mode. This section explains how to configure these deployment scenarios in the following subsections:
Configuring TCP Acceleration on a Site-to-Site VPN
To configure the TCP Acceleration service using a site-to-site Virtual Private Network (VPN), follow the steps listed below:
|
|
|
If you have a site to site VPN, you can use a spare SonicWALL NSA/TZ series appliance in Layer 2 bridge mode with a SonicWALL WXA series appliance connected. Refer to the SonicOS Administrators Guide for Layer 2 bridge mode configuration. |
|
|
Navigate to the VPN > Settings page. |
|
|
VPN > Settings |
|
|
Click the Configure button for the VPN policy you wish to use. |
The Configure VPN Policy pop-up window displays.
|
|
VPN Policy Advanced Configuration |
|
|
Select the Advanced tab. |
|
|
Select the checkbox for Permit TCP Acceleration . |
|
|
Click the OK button. |
Your SonicWALL WXA series appliance is now configured to permit TCP Acceleration, see Configuring the TCP Acceleration Tab to finish configuring the TCP Acceleration service.
Configuring TCP Acceleration on a Non-VPN (Routed Mode)
If you do not have a VPN configured on your network and you are using a custom routing policy, you need to add two routing policies on each site: One for outgoing traffic, and one for incoming traffic. Both routing policies are configured to permit TCP Acceleration. The illustration below displays the configuration between two non-VPN sites. Refer to this Illustration as an example for the following sections:
|
|
|
Once both routing policies have been created and configured to permit TCP Acceleration, see Configuring the TCP Acceleration Tab to finish configuring the TCP Acceleration service. |
|
|
Non-VPN Network Configuration |
Configuring a Routing Policy for Outgoing Traffic
The steps in this section are configured from the Remote Site. Follow the same steps for configuring the Data Center.
|
|
Navigate to the Network > Address Objects page. |
|
|
Network > Address Objects |
|
|
Click the Add button. |
The Add Address Object Group pop-up window displays.
|
|
Add Address Object Group |
|
|
Enter a name ( Data Center ) for the address object in the Name text field. |
|
|
Click the Zone Assignment drop-down, select WAN . |
|
|
Click the Type drop-down, select Network . |
|
|
Enter the LAN IP address of the Data Center ( 192.168.10.0 ) in the Network text field. |
|
|
Enter the netmask IP address ( 255.255.255.0 ) in the Netmask text field. |
|
|
Click the Add button. |
|
|
Navigate to the Network > Routing page. |
|
|
Add Routing Policies |
|
|
Click the Add button. |
The Route Policy Settings pop-up window displays.
|
|
Route Policy Settings |
|
|
Click the Source drop-down, select Any . |
|
|
Click the Destination drop-down, select the address object you created (Data Center .) |
|
|
Click the Service drop-down, select Any . |
|
|
Click the Gateway drop-down, select the X1 Default Gateway . |
|
|
Click the Interface drop-down, select the X1 interface. |
|
|
Enter
1
in the Metric
text field. This gives the route policy a high priority level. A larger metric number would have a lower priority. |
|
|
Select the Permit TCP Acceleration checkbox. |
|
|
Click the OK button. |
Configuring a Routing Policy for Incoming Traffic
The steps in this section are configured from the Remote Site. Follow the same steps for configuring the Data Center.
|
|
Navigate to the Network > Address Objects page. |
|
|
Network > Address Objects |
|
|
Click the
Add
button. The Add Address Object Group pop-up window displays. |
|
|
Add Address Object Group |
|
|
Enter a name ( Remote Site ) for the address object in the Name text field. |
|
|
Click the Zone Assignment drop-down, select LAN . |
|
|
Click the Type drop-down, select Network . |
|
|
Enter the LAN IP address of the Remote Site ( 192.168.20.0 ) in the Network text field. |
|
|
Enter the netmask IP address ( 255.255.255.0 ) in the Netmask text field. |
|
|
Click the Add button. |
|
|
Navigate to the Network > Routing page. |
|
|
Add Routing Policies |
|
|
Click the
Add
button. The Route Policy Settings pop-up window displays. |
|
|
Route Policy Settings |
|
|
Click the Source drop-down, select Data Center . |
|
|
Click the Destination drop-down, select the address object you created (Remote Site .) |
|
|
Click the Service drop-down, select Any . |
|
|
Click the Gateway drop-down, select (0.0.0.0 ). |
|
|
Click the Interface drop-down, select the X0 interface. |
|
|
Enter
1
in the Metric
text field. This gives the route policy a high priority level. A larger metric number would have a lower priority. |
|
|
Select the Permit TCP Acceleration checkbox. |
|
|
Click the OK button. |
Configuring the TCP Acceleration Tab
The Configuration tab gives you the option to select the mode, service object, and address object that are included or excluded from the TCP Acceleration service. Note: To view a list, create, and edit service objects, navigate to the Network > Address Objects page. Below is examples of three different TCP Acceleration configurations:
Example 1
To configure acceleration of all the service objects, except those excluded by default. Follow the steps below:
Note: The option to choose a TCP Acceleration Service Object is read-only in this mode
|
|
Navigate to WAN Acceleration > TCP Acceleration. |
|
|
Select the Configuration tab. |
|
|
Configuring TCP Acceleration Example 1 |
|
|
Select the Enable TCP Acceleration checkbox. |
|
|
In the TCP Acceleration Mode drop-down, select All TCP services except those excluded by default . |
|
|
In the Address Object always excluded from TCP Acceleration drop-down, select None . |
|
|
Click the Apply Changes button. |
Example 2
To configure acceleration of only the HTTP web traffic. Follow the steps below:
|
|
Navigate to WAN Acceleration > TCP Acceleration. |
|
|
Select the Configuration tab. |
|
|
 Configuring TCP Acceleration Example 2
|
|
|
Click the Enable TCP Acceleration checkbox. |
|
|
In the TCP Acceleration Mode drop-down, select Only TCP Services Specified in TCP Acceleration Service Object . |
|
|
In the TCP Acceleration Service Object drop-down, select HTTP . |
|
|
In the Address Object always excluded from TCP Acceleration , select None . |
|
|
Click the Apply Changes button. |
Example 3
To configure acceleration of everything except Microsoft SQL database traffic or traffic to the Guest Authentication Servers. Follow the steps below:
|
|
Navigate to WAN Acceleration > TCP Acceleration. |
|
|
Select the Configuration tab. |
|
|
Configuring TCP Acceleration Example 3 |
|
|
Select the Enable TCP Acceleration checkbox. |
|
|
In the WFS Acceleration Mode drop-down, select All TCP services except those specified in TCP Acceleration Service Object and those excluded by default . |
|
|
In the TCP Acceleration Service Object , select Microsoft Structured Query Language (MS SQL) . |
|
|
In the Address Object always excluded from TCP Acceleration drop-down, select Guest Authentication Servers . |
|
|
Click the Apply Changes button. |
Configuring WFS Acceleration
This section provides details on configuring WFS Acceleration. The SonicWALL WXA series appliance must be connected to a SonicWALL NSA or TZ series appliance on a port other than X0 and X1. In this example, X5 is used as the connection to the SonicWALL WXA series appliance.
|
|
SonicWALL WXA Connection |
The SonicWALL WXA series appliance allows the user to reach such speeds because WFS Acceleration is implemented between the two devices. This is how it works:
|
|
The SonicWALL WXA series appliances join the data center domain.
For example, mydomain.local . This step allows the WXA series appliances to talk to each other. |
|
|
A hostname is assigned to each SonicWALL WXA series appliance.
This example uses fastboxhq for the data center and fastbox for the remote site. This step allows the two hostnames be accessible across the domain. |
|
|
The SonicWALL WXA fastboxhq is configured to share All Shares on the File Server. |
|
|
The SonicWALL WXA fastbox is configured to share
All Shares
on fastboxhq. Steps 3 and 4 allow the domain users to access shares on the data center. |
Enabling WFS Acceleration
Once you have configured the network interface for the port you want to connect the SonicWALL WXA series appliance to the SonicWALL NSA or TZ series appliance, you can configure WFS Acceleration.
Before you chose how you want to join the SonicWALL WXA series appliance to the domain, you must enable WFS Acceleration on your SonicWALL NSA/TZ security appliance.
To configure WFS Acceleration on the SonicWALL NSA/TZ security appliance, perform the following steps:
|
|
Open a Web browser. |
|
|
Enter
https://nsatzipaddress
. The SonicWALL user interface is displayed. |
|
|
Navigate to the WAN Acceleration > WFS Acceleration page. |
|
|
Select the Configuration tab. |
|
|
Click Enable WFS Acceleration , select X5 IP in the ‘Public’ WFS Acceleration Address: drop-down, and then click Apply Changes . |
Joining the Domain
After you have configured the network interface, enabled WFS Acceleration, and created a DHCP Scope, you can configure the local and remote domains.
You can join the domain for WFS Acceleration using one of the following methods:
Manually Joining the Domain with Administrator Account Credentials
To join the domain manually, perform the following steps on the WXA series appliance at each site:
|
|
In the WAN Acceleration > WFS Acceleration page, select the Domain Details Tab. |
|
|
If this is the first time setting up WFS Acceleration, enter the following in the Enter Domain Details... panel: |
|
|
Enter your settings, and then click
Apply Changes
. The page will be populated with the Configured Domain settings. |
|
|
Click Join Domain . |
The Join Domain pop-up window displays.
|
|
Enter the username and password for the administrator of the domain. It will be an account on
the domain controller. The WXA series appliance will create a computer account on the domain controller, using the hostname that was used in step 2. |
|
|
Navigate to the WAN Acceleration > WFS Acceleration page. |
|
|
Click the Shares tab. |
|
|
Click
Add New Server...
. The Add Server Pop-up window is displayed. |
|
|
Enter and do the following: |
|
|
|
Remote Server Name: Text Field — Enter the host name of the DC/Share server. |
|
|
|
Local Device Name: Text Field — Enter the domain name of the SonicWALL WXA series appliance on the local site or one of its SPN Aliases and must resolve to the public WFS IP address or select a local device name from the drop-down list. |
|
|
|
Select the
Add All Shares:
Checkbox. Deselect this to add shares manually. |
|
|
|
Click Apply . |
|
|
Navigate to the WAN Acceleration > WFS Acceleration page. |
|
|
Click the Shares tab. |
|
|
Click Add New Server... . |
|
|
Make sure the Remote Server Name and the Local Device Name (from step 4 for the data center site) text fields match. |
|
|
Enter the information for this server, and then click Apply . |
|
|
Explore the path
\\fastbox\
on the PC located at the remote site. After the first download of files, connection speed will improve because files are now cached on the WXA series appliance. |
Automatically Joining the Domain for WFS Acceleration
To auto-join the SonicWALL WXA series appliances, perform the following steps:
|
|
Access the domain controller and create a computer account. The computer account must use the default hostname or a hostname specified in the Domain Details tab (the name of the WXA series appliance). If a new hostname is entered in the Domain Details tab, it overrides the default hostname. The authentication code is the password for the computer account. |
|
|
Click Change... . |
|
|
In the Enter the object name to select text field, enter SELF , and then click OK . |
|
|
Right click on the computer account, go to Properties and select the setting Trusted for Delegation . |
|
|
Open a cmd.exe window. |
|
|
Set the password for the computer account, where ABCD-EFGH is the auth code. |
|
|
|
The password for the computer account must be the auth code found on the WAN Acceleration > Status page on the SonicWALL NSA/TZ security appliance. |
|
|
On the SonicWALL NSA/TZ security appliance, navigate to the WAN Acceleration > WFS Acceleration page. |
|
|
Navigate to the WAN Acceleration > WFS Acceleration page. |
|
|
Click
Domain Details
. The Autodiscovered Domain Panel is populated with the information added in previous pages. If you do not see all checkboxes, refer to the Troubleshooting section of this document. |
|
|
Click the Shares tab. |
|
|
Click
Add New Server...
. The Add Server Pop-up window is displayed. |
|
|
|
Remote Server Name: Text Field — Enter the host name of the DC/Share server. |
|
|
|
Local Device Name: Text Field — Enter the domain name of the SonicWALL WXA series appliance on the local site or one of its SPN Aliases and must resolve to the public WFS IP address or select a local device name from the drop-down list. |
|
|
|
Select the
Add All Shares:
Checkbox. Deselect this to add shares manually. |
|
|
|
Click Apply . |
|
|
Navigate to the WAN Acceleration > WFS Acceleration page. |
|
|
Click the Shares tab. |
|
|
Click Add New Server... . |
|
|
Make sure the Remote Server Name and the Local Device Name (from step 4 for the data center site) text fields match. |
|
|
Enter the information for this server, and then click Apply . |
|
|
Explore the path
\\fastbox\
on the PC located at the remote site. After the first download of files, connection speed will improve because files are now cached on the WXA series appliance |
|
|
|
In this configuration example, you may have more than one remote server in the data center. If Add All Shares is selected, there must be a new service principal name (SPN) Alias for each additional server. The SonicWALL WXA series appliance attempts to create the DNS entries automatically for each alias created. If DNS entries are not automatically created, they need to be added manually. Add new SPN Aliases in the domain controller by issuing setspn – A cifs/alias realname and setspn – A cifs/alias.fq.dn realname CLI commands. See “ Manually Adding SPN Hostnames in the DNS ” for configuration details. |
|
|
|
If Add All Shares is not selected, the same local device name can have each manual share forwarded to a different server. |
Configuring Custom Zones for WXA
SonicWALL recommends that the zone properties of the interface that the WXA appliance is connected to is a LAN zone. Setting the WXA appliance to a LAN zone is recommended because the default access rules associated with that zone allow traffic between the WXA appliances at both locations; therefore, there is no need for additional configuration to the access rules.
|
|
|
Access rules are necessary for the traffic coming from VPN>LAN and LAN>VPN to be open for WXA associated traffic and the default zone properties of the LAN takes care of handling traffic without manually adding or modifying any access rules. Both WXA appliances deployed at each location should be able to communicate with each other without being blocked by access rules or firewall policies. |
If you need to customize a zone for WFS acceleration, make sure VPN remote users are allowed to access the WXA appliance. If additional domain controllers and file servers are located in any zone other than the LAN, necessary access rules must be configured to allow traffic from and to the WXA appliance to those zones as well as from and to the SonicWALL security appliance.
For example consider, at the data center, if the WXA appliance is deployed in the DMZ sone, the access rules must be configured to allow traffic from VPN>DMZ and LAN>DMZ so that traffic to the WXA appliance from the VPN and from the LAN zones are allowed to the WXA appliance.
Configuring Reverse Lookup
After both WXA appliances are added to the domain, corresponding Computer Accounts for WXA appliances, DNS Host name, and PTR records are automatically created on the DC and DNS servers. For PTR records to be updated, relevant Reverse Lookup Zones must be configured on the DNS servers. Networks used for Reverse Lookup Zones depend on whether WFS acceleration is using NAT. If using NAT, the WXA appliance uses the NAT IP for WFS services and only the X0 subnets are used as networks in Reverse Lookup Zones. If the WXA appliances are not using NAT, the Reverse Lookup Zone network must also be configured for WXA subnets on both locations.
To add a PTR record, perform the following steps:
|
|
Select New Pointer (PTR)... in the pop-up menu.
The New Resource Record window appears. |
Adding File Shares
If you are adding shares that are hosted on two file servers at the data center, make sure you configure the following:
|
|
|
For WFS, you must assess the share name that is mapped to the WXA appliance and not the actual file share. For example, //WXA-Test rather than //FileServer1. |
When adding subsequent shares that are hosted on different file servers, you must create SPNs on Active Directory (AD). These SPNs are used as Common Internet File System (CIFS) service names to map and access file server shares. CIFS is the file server protocol for Windows which was designed to operate over a LAN.
To add or configure shares that are hosted on FileServer2, perform the following steps:
|
|
|
For this example, WXA-4000-GMS is used as the hostname for the data center WXA and WXA-2000-GMS is used as the hostname for the remote WXA. |
setspn -A CIFS/WXA-4000-GMS WXA-4000
setspn -A CIFS/WXA-4000-GMS.utm.soniclab.us WXA-4000
setspn -A CIFS/WXA-2000-GMS WXA-2000
setspn -A CIFS/WXA-2000-GMS.utm.soniclab.us WXA-2000
|
|
Configure FileServer1 on the data center as follows:
On the NSA/TZ security appliance, navigate to the WAN Acceleration > WFS Acceleration > Click the Shares tab, expand Shares in the Configuration column, and then click the Add New Shares.... The Add Server window appears. |
|
|
Enter and do the following: |
|
|
Click Apply. |
|
|
Configure FileServer2 on the data center as follows:
On the NSA/TZ security appliance, navigate to the WAN Acceleration > WFS Acceleration > Click the Shares tab, expand Shares in the Configuration column, and then click the Add New Shares.... The Add Server window appears. |
|
|
Enter and do the following: |
|
|
Click Apply. |
Manually Adding SPN Hostnames in the DNS
If for some reason the creation on is unsuccessful, the domain admin can manually add the SPN.
To manually add SPN hostnames in DNS, perform the following steps:
|
|
Select New Host (A)... in the pop-up menu.
The New Host window is displayed. |
|
|
|
The newly created hostname for the data center and remote office should be updated with the NAT IP of the X0 interface on the NSA/TZ security appliance that is located at the data center and remote office, respectively. |
The WXA-4000 will resolve to X.X.1.100 and the WXA-2000 will resolve to A.A.240.1.
On the NSA/TZ security appliance, the WAN Acceleration>WFS Acceleration>Shares tab will display similar content as follows.
|
|
Data Center |
|
|
Remote Office |
Verifying WAN Acceleration Configurations
This section details how to verify if the TCP Acceleration and WFS Acceleration on your SonicWALL WXA series appliance is configured correctly.
Verifying the TCP Acceleration Configuration
After you complete the TCP Acceleration configuration procedures, verify TCP Acceleration is working by checking the WAN Acceleration > Statistics Tab.
|
|
On the SonicWALL NSA/TZ series appliance user interface, navigate to the WAN Acceleration > Statistics Tab. |
|
|
Verifying TCP Acceleration |
|
|
View the statistics data and graphs to verify TCP Acceleration.
This indicates if the SonicWALL WXA series appliance is using TCP Acceleration for data transfer. |
If the Statistics tab data and graphs do not display any information, TCP Acceleration is not configured correctly or is disabled.
|
|
Refer to the “ Configuring WAN Acceleration ” and check the TCP Acceleration panel on the Status page for details. |
Verifying the WFS Acceleration Configuration
After completing the step-by-step WFS Acceleration configuration procedures. Verify WFS Acceleration is working by two different methods:
|
|
|
Click the Test Configuration button in the WFS Acceleration > Domain Details tab. |
|
|
|
Click the Run WFS Configuration Tests button in the WFS Acceleration > Tools tab. |
Verify Using the WFS Acceleration > Domain Details Tab
To verify that the WFS Acceleration was successful using the WFS Acceleration > Domain Details tab, perform the following steps:
|
|
Navigate to the WAN Acceleration > WFS Acceleration page. |
|
|
Select the Domain Details tab. |
|
|
Click
Test Configuration
. If the WFS Acceleration service is not functioning properly, refer to “Configuring WFS Acceleration” section and check the configuration settings. |
Verify Using the WFS Acceleration > Tools Tab
To verify that the WFS Acceleration service was successful using the WFS Acceleration > Tools tab, perform the following steps:
|
|
Navigate to the WAN Acceleration > WFS Acceleration . |
|
|
Click the Tools tab. |
|
|
In the Diagnostic Tools drop-down, select Test WFS Configuration . |
|
|
Click
Run WFS Configuration Test
. The results display when the test is complete. |
Troubleshooting WFS Acceleration
Problem: The Joined Domains checkbox is not selected in the Domain Details tab.
Click
Join Domain
at the bottom of the page. When the Join Domain pop-up window is displayed, leave the fields empty, and then click Apply
.
This action will force the WXA series appliance to join the domain.
Troubleshooting WAN Acceleration
Problem: When I click Create static DHCP lease for WXA on the WAN Acceleration > Status page, I get an error message.
Solution:
If you changed any of the interface settings for the WXA series appliance, you must navigate to the WAN Acceleration > Advanced > Interface Settings tab and click Renew DHCP
Lease
.
If this does not work, click Reboot
on the WAN Acceleration > Advanced > Device Settings tab to reboot the WXA series appliance.