Adding a New SMA Custom Zone Testing and Troubleshooting Your Remote Connection Verifying a User Connection from the Internet Policy > Access Rules Matrix View SonicWall Support About This Document SMA 10.2 Deployment Guide for the SMA 100 Series Contents...
Spyware, Content Filtering, Intrusion Prevention Service, and Comprehensive Anti-Spam Service, to scan all incoming and outgoing traffic. The primary interface (X0) on the SonicWall SMA connects to an available segment on the gateway device. The encrypted user session is passed through the gateway to the SMA appliance. The SonicWall SMA appliance decrypts the session and determines the requested resource.
NSsp Series NSv Series SMA on LAN None For a full list of the supported SonicWall firewall and firmware versions, see https://www.sonicwall.com/support/product-lifecycle-tables/ The following illustrations provide an overview of each deployment scenario: Overview of Scenario A: SMA on a New DMZ...
1. Connect one end of an Ethernet cable to an unused port on your SonicWall gateway appliance. 2. Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall Secure Mobile Access 210/410. The X0 Port LED lights up indicating an active connection.
Page 6
IP range. Click Next. NOTE: The default IP address is the WAN IP address of your SonicWall security appliance. If you accept this default, all HTTP and HTTPS traffic to this IP address will be routed to your SMA appliance.
7. Click Save to create the object. Once added, click Close. 8. On the OBJECT | Match Objects > Addresses page, click the Address Groups tab. SMA 10.2 Deployment Guide for the SMA 100 Series Connecting the SMA on a New DMZ...
Page 8
SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products. Continue to Additional Configuration Testing and Troubleshooting Your Remote Connection. SMA 10.2 Deployment Guide for the SMA 100 Series Connecting the SMA on a New DMZ...
SonicWall gateway appliance, to a hub, or to a switch on your DMZ. 2. Connect the other end of the Ethernet cable to the X0 port on your SonicWall SMA 210/410. The X0 Port LED lights up indicating an active connection.
IP range. Click Next. NOTE: The default IP address is the WAN IP address of your SonicWall firewall. If you accept this default, all HTTP and HTTPS traffic to this IP address is routed to your SMA appliance.
Page 11
13. In the Add Rule window, create a rule to allow access to the LAN for the address group you just created: Source Zone/Interface Source Destination Source Port Service SMA 10.2 Deployment Guide for the SMA 100 Series Connecting the SMA on an Existing DMZ...
Page 12
SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products. Continue to Additional Configuration Testing and Troubleshooting Your Remote Connection. SMA 10.2 Deployment Guide for the SMA 100 Series Connecting the SMA on an Existing DMZ...
To connect the SMA on the LAN: 1. Connect one end of an Ethernet cable to an unused port on your LAN hub or switch. 2. Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall SMA 210/410.
Page 14
13. On the page that displays for SMA to LAN, click +Add. 14. In the Add Rule window, create a rule to allow access to the LAN for the address group you just SMA 10.2 Deployment Guide for the SMA 100 Series Deploying SMA on the LAN...
Page 15
SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products. Continue to Additional Configuration Testing and Troubleshooting Your Remote Connection. SMA 10.2 Deployment Guide for the SMA 100 Series Deploying SMA on the LAN...
, you could set your computer to 10.1.1.10 10.1.1.20 8. Log into the SMA management interface again, using the IP address you just configured for the X0 interface. For example, point your browser to https://10.1.1.10 SMA 10.2 Deployment Guide for the SMA 100 Series Additional Configuration...
Default IPv6 Gateway field. 3. Select X0 as the interface and click Accept. Adding a NetExtender Client Route NetExtender allows remote clients to have seamless access to resources on your local network. SMA 10.2 Deployment Guide for the SMA 100 Series Additional Configuration...
Page 18
192.168.168.0 5. Enter the subnet mask of the destination network in the Subnet Mask field. Continuing the example, enter 255.255.255.0 6. Click Submit to finish adding this client route. SMA 10.2 Deployment Guide for the SMA 100 Series Additional Configuration...
Transparent range, such as , and configure your NetExtender range as 67.115.118.80 . Then, on your gateway device, configure a static route to 192.168.10.100 192.168.10.200 , using 192.168.10.0 67.115.118.80 SMA 10.2 Deployment Guide for the SMA 100 Series Additional Configuration...
5. Select Public from the Security Type drop-down menu. 6. Clear the Allow Interface Trust toggle. 7. Select the following check boxes: • Enable Gateway Anti-Virus Service • Enable IPS • Enable Anti-Spyware Service SMA 10.2 Deployment Guide for the SMA 100 Series Additional Configuration...
Page 21
13. If you want to allow users to log in to the gateway appliance using this interface, select the desired user login options. 14. Click OK to apply changes. SMA 10.2 Deployment Guide for the SMA 100 Series Additional Configuration...
Testing and Troubleshooting Your Remote Connection You have now configured your SonicWall gateway appliance and SMA appliance for secure remote access. This section provides information on the following topics: Verifying a User Connection from the Internet Policy > Access Rules Matrix View...
2. Click the Configure icon for X2 or the port you assigned as the SMA zone. 3. Select SMA as the Zone from the drop-down menu. 4. Click OK. SMA 10.2 Deployment Guide for the SMA 100 Series Testing and Troubleshooting Your Remote Connection...
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support. The Support Portal enables you to: View knowledge base articles and technical documentation View and participate in the Community forum discussions at https://community.sonicwall.com/technology-and-support.
Open Source Code SonicWall Inc. is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:...