manualshive.com logo in svg

SonicWALL SMA 210, Deployment Manual

The SonicWALL SMA 210 Deployment Manual is a comprehensive guide for setting up and configuring your security appliance. This manual covers everything from initial installation to advanced troubleshooting techniques. Download your free copy from 88.208.23.73:8080 today to get the most out of your SonicWALL SMA 210.

Share
Download
background image

SMA 210/410 Deployment Guide

Deployment Scenarios Overview

1

3

Deployment Scenarios Overview

Welcome to the 

SonicWall SMA Deployment Guide

. SonicWall

®

 Secure Mobile Access 210/410 provides a unified 

secure gateway to access all network and cloud resources. This guide contains configuration guidelines for 
deployment scenarios involving new DMZ, existing DMZ, and LAN deployments, along with basic configuration 
settings for those scenarios.

Topics: 

Selecting a Deployment Scenario

SMA 210/410 Deployment Scenarios

Selecting a Deployment Scenario

The deployment scenarios described in this guide are based on actual customer deployments and are 
SonicWall-recommended deployment best practices for SMA appliances.

An SMA appliance is commonly deployed in one-arm mode over the DMZ interface on an accompanying 
gateway appliance, such as a SonicWall NSA 3600. This method of deployment offers additional layers of 
security control, plus the ability to use SonicWall’s security services, including Gateway Anti-Virus, 
Anti-Spyware, Content Filtering, Intrusion Prevention Service, and Comprehensive Anti-Spam Service, to scan all 
incoming and outgoing traffic.

The primary interface (X0) on the SonicWall SMA connects to an available segment on the gateway device. The 
encrypted user session is passed through the gateway to the SMA appliance. The SonicWall SMA appliance 
decrypts the session and determines the requested resource. 

The session traffic then traverses the gateway appliance to reach the internal network resources. The gateway 
appliance applies security services as data traverses the gateway. The internal network resource then returns 
the requested content to the SonicWall SMA appliance through the gateway, where it is encrypted and sent to 
the client.

SMA 210/410 Deployment Scenarios

Gateway Appliance

Deployment Scenario

Requirements on Gateway Appliance

SonicOS 5.8.1 or higher:

TZ Series

NSA E-Class

NSA Series

SM 9000 Series 
(SonicOS 6.1+)

SMA on New DMZ

An unused interface

NEW DMZ configured for NAT or Transparent 
Mode

SMA on Existing DMZ

One dedicated interface in use as an existing 

DMZ

SMA on LAN

None

Summary of Contents for SMA 210

Page 1: ...SonicWall Secure Mobile Access 210 410 Deployment Guide...

Page 2: ...MA on an Existing DMZ 11 Connecting the SMA to the Gateway 11 Allowing WAN to DMZ Connection 11 Allowing DMZ to LAN Connection 12 Deploying SMA on the LAN 15 Connecting the SMA to the Gateway 15 Confi...

Page 3: ...ll s security services including Gateway Anti Virus Anti Spyware Content Filtering Intrusion Prevention Service and Comprehensive Anti Spam Service to scan all incoming and outgoing traffic The primar...

Page 4: ...Z Secure Mobile Access 400 O O X2 X3 X0 X1 WAN DMZ LAN SMA Appliance X2 etc X1 X0 X0 Remote Users Switch Router Network Nodes SonicWall Gateway Appliance CONSOLE SDHC MGMT X17 X16 X14 X12 X10 X8 X6 X4...

Page 5: ...nt Guide Deployment Scenarios Overview 5 Overview of Scenario C SMA on the LAN LAN WAN LAN Port X0 Remote Users Existing Gateway Device or Switch Hub Internet Router SMA Appliance Secure Mobile Access...

Page 6: ...et cable to an unused port on your SonicWall gateway appliance 2 Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall Secure Mobile Access 210 410 The X0 Port LED...

Page 7: ...d then click Next 3 On the Public Server Guide select these options 4 In the Add Service Group dialog box create a service group for HTTP and HTTPS Enter a Name for the service Select both HTTP and HT...

Page 8: ...an SMA to LAN connection 1 Navigate to the Network Address Objects page on the gateway appliance 2 In the Address Objects tab click Add 3 In the Add Address Object dialog box create an address object...

Page 9: ...dress of your SMA appliance and the NetExtender IP range Enter a name for the group In the left column select the address objects you created and click the right arrow button Click OK to create the gr...

Page 10: ...bleshooting Your Remote Connection From SMA To LAN Source Port Any Service Any Source The address group you just created such as SMA and NetExtender Destination Any Users Allowed All Users Excluded No...

Page 11: ...cating an active connection 3 Configure the SMA X0 with an IP address in the DMZ subnet Refer to Configuring the X0 IP Address for more information Allowing WAN to DMZ Connection If you are already fo...

Page 12: ...nnection 1 On your gateway appliance navigate to the Network Address Objects page 2 In the Address Objects tab click Add 3 In the Add Object dialog box create an address object for the X0 interface IP...

Page 13: ...are in the right column 10 On the Network Interfaces page verify that the assigned zone is DMZ for the interface connected to your SMA appliance 11 Navigate to the Firewall Access Rules page and sele...

Page 14: ...oup you just created such as SMA and NetExtender 2 Destination Any Users Allowed All Users Excluded None Schedule Always on Select the following check box es Enable Logging Allow Fragmented Packets NO...

Page 15: ...uring SMA to LAN Connectivity In order for users to access local resources through the SMA appliance you must configure your gateway device to allow an outside connection through the SMA into your LAN...

Page 16: ...the right column 11 Navigate to the Firewall Access Rules page and select the Matrix view style 12 Click the SMA LAN icon 13 On the page that displays for SMA to LAN click Add 14 In the Add Rule wind...

Page 17: ...nd Testing and Troubleshooting Your Remote Connection NOTE Some gateway appliances have a default zone named SSLVPN Do not select this zone when configuring for the SMA appliance The SSLVPN zone is in...

Page 18: ...the SMA appliance by navigating to https 192 168 200 1 on your Web browser 2 Navigate to the Network Interfaces page 3 In the Interfaces table click the Configure icon for the X0 interface 4 In the In...

Page 19: ...nterface and click Accept Adding a NetExtender Client Route NetExtender allows remote clients to have seamless access to resources on your local network To configure a NetExtender client route 1 Navig...

Page 20: ...lap or collide with any assigned addresses if other hosts are on the same segment as the SMA appliance Determine the correct subnet based on your network scenario selection To set your NetExtender add...

Page 21: ...an available IP address in the Transparent range such as 67 115 118 80 and configure your NetExtender range as 192 168 10 100 to 192 168 10 200 Then on your gateway device configure a static route to...

Page 22: ...hich is the WAN address of the gateway appliance 12 If you want to allow management of the gateway appliance over this interface select the desired management options 13 If you want to allow users to...

Page 23: ...er Connection from the Internet You can verify your connection using a remote client on the WAN To verify a User Connection from the Internet 1 From a WAN connection outside of your corporate network...

Page 24: ...liance To ensure the SMA zone displays in the matrix view 1 In the administrative interface of your SonicWall appliance navigate to the Network Interfaces page 2 Click the Configure icon for X2 or the...

Page 25: ...ndependently 24 hours a day 365 days a year To access the Support Portal go to https www sonicwall com support The Support Portal enables you to View knowledge base articles and technical documentatio...

Page 26: ...OF INFORMATION ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT EVEN IF SONICWALL AND OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SonicWall and or its affiliates mak...

Reviews:

No comments

Related manuals for SMA 210

Watchguard Firebox V60 Addendum preview
Firebox V60
Brand: Watchguard Pages: 2
Mackie FireWire User Manual preview
FireWire
Brand: Mackie Pages: 40
ZyXEL Communications ZyXEL ZyWALL 35 User Manual preview
ZyXEL ZyWALL 35
Brand: ZyXEL Communications Pages: 704
H3C SecPath T9000 IPS Series Installation, Quick Start preview
SecPath T9000 IPS Series
Brand: H3C Pages: 17
Watchguard Firebox SOHO 6 Wireless Client Manual preview
Firebox SOHO 6 Wireless
Brand: Watchguard Pages: 50
Trend Micro viruswall enforcer 1500i Installation & Deployment Manual preview
viruswall enforcer 1500i
Brand: Trend Micro Pages: 78

Brands by name

Popular brands

Load more brands