SonicWALL SMA 210, Deployment Manual

Page 1: ...SonicWall Secure Mobile Access 210 410 Deployment Guide...

Page 2: ...MA on an Existing DMZ 11 Connecting the SMA to the Gateway 11 Allowing WAN to DMZ Connection 11 Allowing DMZ to LAN Connection 12 Deploying SMA on the LAN 15 Connecting the SMA to the Gateway 15 Confi...

Page 3: ...ll s security services including Gateway Anti Virus Anti Spyware Content Filtering Intrusion Prevention Service and Comprehensive Anti Spam Service to scan all incoming and outgoing traffic The primar...

Page 4: ...Z Secure Mobile Access 400 O O X2 X3 X0 X1 WAN DMZ LAN SMA Appliance X2 etc X1 X0 X0 Remote Users Switch Router Network Nodes SonicWall Gateway Appliance CONSOLE SDHC MGMT X17 X16 X14 X12 X10 X8 X6 X4...

Page 5: ...nt Guide Deployment Scenarios Overview 5 Overview of Scenario C SMA on the LAN LAN WAN LAN Port X0 Remote Users Existing Gateway Device or Switch Hub Internet Router SMA Appliance Secure Mobile Access...

Page 6: ...et cable to an unused port on your SonicWall gateway appliance 2 Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall Secure Mobile Access 210 410 The X0 Port LED...

Page 7: ...d then click Next 3 On the Public Server Guide select these options 4 In the Add Service Group dialog box create a service group for HTTP and HTTPS Enter a Name for the service Select both HTTP and HT...

Page 8: ...an SMA to LAN connection 1 Navigate to the Network Address Objects page on the gateway appliance 2 In the Address Objects tab click Add 3 In the Add Address Object dialog box create an address object...

Page 9: ...dress of your SMA appliance and the NetExtender IP range Enter a name for the group In the left column select the address objects you created and click the right arrow button Click OK to create the gr...

Page 10: ...bleshooting Your Remote Connection From SMA To LAN Source Port Any Service Any Source The address group you just created such as SMA and NetExtender Destination Any Users Allowed All Users Excluded No...

Page 11: ...cating an active connection 3 Configure the SMA X0 with an IP address in the DMZ subnet Refer to Configuring the X0 IP Address for more information Allowing WAN to DMZ Connection If you are already fo...

Page 12: ...nnection 1 On your gateway appliance navigate to the Network Address Objects page 2 In the Address Objects tab click Add 3 In the Add Object dialog box create an address object for the X0 interface IP...

Page 13: ...are in the right column 10 On the Network Interfaces page verify that the assigned zone is DMZ for the interface connected to your SMA appliance 11 Navigate to the Firewall Access Rules page and sele...

Page 14: ...oup you just created such as SMA and NetExtender 2 Destination Any Users Allowed All Users Excluded None Schedule Always on Select the following check box es Enable Logging Allow Fragmented Packets NO...

Page 15: ...uring SMA to LAN Connectivity In order for users to access local resources through the SMA appliance you must configure your gateway device to allow an outside connection through the SMA into your LAN...

Page 16: ...the right column 11 Navigate to the Firewall Access Rules page and select the Matrix view style 12 Click the SMA LAN icon 13 On the page that displays for SMA to LAN click Add 14 In the Add Rule wind...

Page 17: ...nd Testing and Troubleshooting Your Remote Connection NOTE Some gateway appliances have a default zone named SSLVPN Do not select this zone when configuring for the SMA appliance The SSLVPN zone is in...

Page 18: ...the SMA appliance by navigating to https 192 168 200 1 on your Web browser 2 Navigate to the Network Interfaces page 3 In the Interfaces table click the Configure icon for the X0 interface 4 In the In...

Page 19: ...nterface and click Accept Adding a NetExtender Client Route NetExtender allows remote clients to have seamless access to resources on your local network To configure a NetExtender client route 1 Navig...

Page 20: ...lap or collide with any assigned addresses if other hosts are on the same segment as the SMA appliance Determine the correct subnet based on your network scenario selection To set your NetExtender add...

Page 21: ...an available IP address in the Transparent range such as 67 115 118 80 and configure your NetExtender range as 192 168 10 100 to 192 168 10 200 Then on your gateway device configure a static route to...

Page 22: ...hich is the WAN address of the gateway appliance 12 If you want to allow management of the gateway appliance over this interface select the desired management options 13 If you want to allow users to...

Page 23: ...er Connection from the Internet You can verify your connection using a remote client on the WAN To verify a User Connection from the Internet 1 From a WAN connection outside of your corporate network...

Page 24: ...liance To ensure the SMA zone displays in the matrix view 1 In the administrative interface of your SonicWall appliance navigate to the Network Interfaces page 2 Click the Configure icon for X2 or the...

Page 25: ...ndependently 24 hours a day 365 days a year To access the Support Portal go to https www sonicwall com support The Support Portal enables you to View knowledge base articles and technical documentatio...

Page 26: ...OF INFORMATION ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT EVEN IF SONICWALL AND OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SonicWall and or its affiliates mak...