Selecting a Deployment
Scenario
The deployment scenarios described in this section are based
on actual customer deployments and are SonicWall‐
recommended deployment best practices for SMA appliances.
An SMA appliance is commonly deployed in one‐arm mode
over the DMZ interface on an accompanying gateway
appliance, such as a SonicWall NSA 3600. This method of
deployment offers additional layers of security control, plus
the ability to use SonicWall's security services, including
Gateway Anti‐Virus, Anti‐Spyware, Content Filtering, Intrusion
Prevention Service, and Comprehensive Anti‐Spam Service, to
scan all incoming and outgoing traffic.
The primary interface (X0) on the SonicWall SMA connects to
an available segment on the gateway device. The encrypted
user session is passed through the gateway to the SMA
appliance. The SonicWall SMA appliance decrypts the session
and determines the requested resource.
The session traffic then traverses the gateway appliance to
reach the internal network resources. The gateway appliance
applies security services as data traverses the gateway. The
internal network resource then returns the requested content
to the SonicWall SMA appliance through the gateway, where it
is encrypted and sent to the client.
32
SonicWall Secure Mobile Access 200/400 Getting Started Guide
SMA 200/400 Deployment Scenarios
Gateway
Deployment
Appliance
Scenario
SonicOS 5.8.1 or
SMA on New DMZ
higher:
• TZ Series
• NSA E-Class
SMA on Existing
• NSA Series
• SM 9000 Series
DMZ
(SonicOS 6.1+)
SMA on LAN
The following illustrations provide an overview of each
deployment scenario:
•
Overview of Scenario A: SMA on a New DMZ on page 33
• Overview of Scenario B: SMA on an Existing DMZ on
page 33
•
Overview of Scenario C: SMA on the LAN on page 34
Requirements on
Gateway Appliance
• An unused interface
• New DMZ configured for NAT
or Transparent Mode
• One dedicated interface in use
as an existing DMZ
• None