DELL Dell SonicWALL WXA 1.3 사용자 설명서
Introduction | 17
Deployment Prerequisites
The pre-requisites for deploying the WAN Acceleration service are as follows:
•
A NSA/TZ series appliance is required to deploy the Dell SonicWALL WXA series
appliance.
appliance.
•
Traffic passing through the Dell SonicWALL WXA series appliance requires Internet
Protocol version 4 (IPv4). The WAN Acceleration service is not compatible with IPv6.
Protocol version 4 (IPv4). The WAN Acceleration service is not compatible with IPv6.
Deployment Considerations
Consider the following when deploying the Dell SonicWALL WXA series appliance:
•
The WXA series appliance is supported to work with Dell SonicWALL E-class NSA, NSA,
or TZ series appliances running SonicOS 5.8.1.0 or higher firmware. Some WXA features
are not supported unless running SonicOS 5.8.1.11 or higher firmware.
or TZ series appliances running SonicOS 5.8.1.0 or higher firmware. Some WXA features
are not supported unless running SonicOS 5.8.1.11 or higher firmware.
•
The WFS Acceleration service and Web Cache feature are not supported when running the
WXA 500 Live CD in Memory mode.
WXA 500 Live CD in Memory mode.
•
Typically the WXA series appliances are deployed in a site-to-site VPN configuration
through their respective NSA/TZ series appliances. However, you can also use routing or
L2 Bridge Mode, refer to the SonicOS 5.8.1 Administrators Guide for details.
through their respective NSA/TZ series appliances. However, you can also use routing or
L2 Bridge Mode, refer to the SonicOS 5.8.1 Administrators Guide for details.
•
If a WXA series appliance is used in a high availability configuration, a switched connection
to both appliances high availability pairs is required.
to both appliances high availability pairs is required.
•
The initial configuration of the WXA series appliance should be performed by using the
WXA Setup Wizard, which is available by clicking the Wizards button in the top-right corner
of the NSA/TZ series appliance’s management interface. However, this is currently only
available if running SonicOS 5.9 firmware. If your NSA/TZ series appliance is using 5.8.1.x
or 6.1.x firmware use the procedures in this chapter for the initial configuring of the WXA
series appliance. For more information on the WXA Setup Wizard refer to the SonicOS 5.9
Administrator’s Guide.
WXA Setup Wizard, which is available by clicking the Wizards button in the top-right corner
of the NSA/TZ series appliance’s management interface. However, this is currently only
available if running SonicOS 5.9 firmware. If your NSA/TZ series appliance is using 5.8.1.x
or 6.1.x firmware use the procedures in this chapter for the initial configuring of the WXA
series appliance. For more information on the WXA Setup Wizard refer to the SonicOS 5.9
Administrator’s Guide.
•
Encrypted traffic is highly randomized and does not materially benefit from the WXA series
appliance’s WAN Acceleration service. Therefore, SSL and TLS traffic types are not
accelerated.
appliance’s WAN Acceleration service. Therefore, SSL and TLS traffic types are not
accelerated.
•
WFS Acceleration using Signed SMB supports Windows file services using Active
Directory, Kerberos, and NTLM for authentication and authorization.
Directory, Kerberos, and NTLM for authentication and authorization.
•
WFS Acceleration using Signed SMB supports NTLM clients which provide credentials to
the Dell SonicWALL WXA series appliance and are valid in the domain. The Dell
SonicWALL WXA series appliance obtains the Kerberos credentials through the Domain
Controller. This permits client devices which have not joined the domain to be used by
users, who on behalf of the client, have valid domain credentials.
the Dell SonicWALL WXA series appliance and are valid in the domain. The Dell
SonicWALL WXA series appliance obtains the Kerberos credentials through the Domain
Controller. This permits client devices which have not joined the domain to be used by
users, who on behalf of the client, have valid domain credentials.
•
Create a DHCP scope on the managing NSA/TZ security appliance before the WXA series
appliance is physically connected.
appliance is physically connected.
•
If the branch offices have Domain Controllers and DNS Servers, it is recommended that you
use those DNS server addresses and domain DNS name in the DHCP scope. Configure
the Domain Name and Domain DNS server IP addresses in the configured DHCP scope.
The WXA appliance will auto-discover Kerberos, LDAP, and NTP servers based on this type
of information to assist in joining the appliance to the domain.
use those DNS server addresses and domain DNS name in the DHCP scope. Configure
the Domain Name and Domain DNS server IP addresses in the configured DHCP scope.
The WXA appliance will auto-discover Kerberos, LDAP, and NTP servers based on this type
of information to assist in joining the appliance to the domain.
•
Review the LDAP, Kerberos, and NTP services. In a multi-site domain where sites and
services are not explicitly configured, the WXA series appliance might not choose the
closest servers.
services are not explicitly configured, the WXA series appliance might not choose the
closest servers.