SonicWALL SMA 210 Deployment Manual Download | Manualshive

Page: 21 / 26

background image

SMA 210/410 Deployment Guide

Additional Configuration

21

If you do not have enough available addresses to support your desired number of concurrent NetExtender
users, you may use a new subnet for NetExtender. This condition may occur if your existing DMZ or LAN is
configured in NAT mode with a small subnet space, such as 255.255.255.224, or more commonly if your DMZ or
LAN is configured in Transparent mode and you have a limited number of public addresses from your ISP. In
either case, you may assign a new, unallocated IP range to NetExtender (such as 192.168.10.100 to
192.168.10.200) and configure a route to this range on your gateway appliance.

For example, if your current Transparent range is 67.115.118.75 through 67.115.118.80, and you wish to
support 50 concurrent NetExtender clients, configure your SMA X0 interface with an available IP address in the
Transparent range, such as 67.115.118.80, and configure your NetExtender range as 192.168.10.100 to
192.168.10.200. Then, on your gateway device, configure a static route to 192.168.10.0, using 67.115.118.80.

Adding a New SMA Custom Zone

Adding a new SMA custom zone on your gateway appliance is a necessary step in deploying your SMA appliance
using Scenarios A and C. For more information, see the following sections:

•

Connecting the SMA on a New DMZ

•

Deploying SMA on the LAN

To add a new SMA custom zone on the gateway appliance:

1 Log into your gateway appliance as an administrator and navigate to the

Network > Interfaces

page.

2 Click the Configure icon for the interface connected to your SMA, such as X2.

3 Select

Create new zone

in the Zone field.

The Add Zone window opens.

4 Enter SMA in the

Name

field.

5 Select

Public

from the

Security Type

drop-down menu.

6 Clear the

Allow Interface Trust

check box.

7 Select the following check boxes:

• Enable Gateway Anti-Virus Service

• Enable IPS

«
...
19
20
21
22
23
...
»

Summary of Contents for SMA 210

Page 1: ...SonicWall Secure Mobile Access 210 410 Deployment Guide...

Page 2: ...MA on an Existing DMZ 11 Connecting the SMA to the Gateway 11 Allowing WAN to DMZ Connection 11 Allowing DMZ to LAN Connection 12 Deploying SMA on the LAN 15 Connecting the SMA to the Gateway 15 Confi...

Page 3: ...ll s security services including Gateway Anti Virus Anti Spyware Content Filtering Intrusion Prevention Service and Comprehensive Anti Spam Service to scan all incoming and outgoing traffic The primar...

Page 4: ...Z Secure Mobile Access 400 O O X2 X3 X0 X1 WAN DMZ LAN SMA Appliance X2 etc X1 X0 X0 Remote Users Switch Router Network Nodes SonicWall Gateway Appliance CONSOLE SDHC MGMT X17 X16 X14 X12 X10 X8 X6 X4...

Page 5: ...nt Guide Deployment Scenarios Overview 5 Overview of Scenario C SMA on the LAN LAN WAN LAN Port X0 Remote Users Existing Gateway Device or Switch Hub Internet Router SMA Appliance Secure Mobile Access...

Page 6: ...et cable to an unused port on your SonicWall gateway appliance 2 Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall Secure Mobile Access 210 410 The X0 Port LED...

Page 7: ...d then click Next 3 On the Public Server Guide select these options 4 In the Add Service Group dialog box create a service group for HTTP and HTTPS Enter a Name for the service Select both HTTP and HT...

Page 8: ...an SMA to LAN connection 1 Navigate to the Network Address Objects page on the gateway appliance 2 In the Address Objects tab click Add 3 In the Add Address Object dialog box create an address object...

Page 9: ...dress of your SMA appliance and the NetExtender IP range Enter a name for the group In the left column select the address objects you created and click the right arrow button Click OK to create the gr...

Page 10: ...bleshooting Your Remote Connection From SMA To LAN Source Port Any Service Any Source The address group you just created such as SMA and NetExtender Destination Any Users Allowed All Users Excluded No...

Page 11: ...cating an active connection 3 Configure the SMA X0 with an IP address in the DMZ subnet Refer to Configuring the X0 IP Address for more information Allowing WAN to DMZ Connection If you are already fo...

Page 12: ...nnection 1 On your gateway appliance navigate to the Network Address Objects page 2 In the Address Objects tab click Add 3 In the Add Object dialog box create an address object for the X0 interface IP...

Page 13: ...are in the right column 10 On the Network Interfaces page verify that the assigned zone is DMZ for the interface connected to your SMA appliance 11 Navigate to the Firewall Access Rules page and sele...

Page 14: ...oup you just created such as SMA and NetExtender 2 Destination Any Users Allowed All Users Excluded None Schedule Always on Select the following check box es Enable Logging Allow Fragmented Packets NO...

Page 15: ...uring SMA to LAN Connectivity In order for users to access local resources through the SMA appliance you must configure your gateway device to allow an outside connection through the SMA into your LAN...

Page 16: ...the right column 11 Navigate to the Firewall Access Rules page and select the Matrix view style 12 Click the SMA LAN icon 13 On the page that displays for SMA to LAN click Add 14 In the Add Rule wind...

Page 17: ...nd Testing and Troubleshooting Your Remote Connection NOTE Some gateway appliances have a default zone named SSLVPN Do not select this zone when configuring for the SMA appliance The SSLVPN zone is in...

Page 18: ...the SMA appliance by navigating to https 192 168 200 1 on your Web browser 2 Navigate to the Network Interfaces page 3 In the Interfaces table click the Configure icon for the X0 interface 4 In the In...

Page 19: ...nterface and click Accept Adding a NetExtender Client Route NetExtender allows remote clients to have seamless access to resources on your local network To configure a NetExtender client route 1 Navig...

Page 20: ...lap or collide with any assigned addresses if other hosts are on the same segment as the SMA appliance Determine the correct subnet based on your network scenario selection To set your NetExtender add...

Page 21: ...an available IP address in the Transparent range such as 67 115 118 80 and configure your NetExtender range as 192 168 10 100 to 192 168 10 200 Then on your gateway device configure a static route to...

Page 22: ...hich is the WAN address of the gateway appliance 12 If you want to allow management of the gateway appliance over this interface select the desired management options 13 If you want to allow users to...

Page 23: ...er Connection from the Internet You can verify your connection using a remote client on the WAN To verify a User Connection from the Internet 1 From a WAN connection outside of your corporate network...

Page 24: ...liance To ensure the SMA zone displays in the matrix view 1 In the administrative interface of your SonicWall appliance navigate to the Network Interfaces page 2 Click the Configure icon for X2 or the...

Page 25: ...ndependently 24 hours a day 365 days a year To access the Support Portal go to https www sonicwall com support The Support Portal enables you to View knowledge base articles and technical documentatio...

Page 26: ...OF INFORMATION ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT EVEN IF SONICWALL AND OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SonicWall and or its affiliates mak...

Reviews:

No comments

Related manuals for SMA 210

Brand: Lightning SA Pages: 172

ENTERPRISE NETWORK CENTER

Brand: ZyXEL Communications Pages: 6

Brand: Fujitsu Pages: 72

Brand: IOGear Pages: 1

NetGuardian 216T

Brand: DPS Telecom Pages: 4

Brand: DPtech Pages: 277

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands