SonicWALL SMA 210 Deployment Manual

SonicWALL SMA 210 Deployment Manual

Secure mobile access
Hide thumbs Also See for SMA 210:

Advertisement

®
SonicWall
Secure Mobile
Access 210/410
Deployment Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SMA 210 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for SonicWALL SMA 210

  • Page 1 ® SonicWall Secure Mobile Access 210/410 Deployment Guide...
  • Page 2: Table Of Contents

    SMA 210/410 Deployment Scenarios ........
  • Page 3: Deployment Scenarios Overview

    Anti-Spyware, Content Filtering, Intrusion Prevention Service, and Comprehensive Anti-Spam Service, to scan all incoming and outgoing traffic. The primary interface (X0) on the SonicWall SMA connects to an available segment on the gateway device. The encrypted user session is passed through the gateway to the SMA appliance. The SonicWall SMA appliance decrypts the session and determines the requested resource.
  • Page 4: Overview Of Scenario A: Sma On A New Dmz

    Overview of Scenario B: SMA on an Existing DMZ SonicWall Gateway Appliance 10GE SDHC ALARM TEST SonicWall NSA 3600 CONSOLE MGMT X2, etc Switch Switch Router Network Nodes Remote Users | O | O | Secure Mobile Access 400 SMA Appliance SMA 210/410 Deployment Guide Deployment Scenarios Overview...
  • Page 5: Overview Of Scenario C: Sma On The Lan

    Overview of Scenario C: SMA on the LAN Existing Gateway Device or Switch / Hub LAN Port Internet Router Remote Users Secure Mobile Access 400 | O | O | SMA Appliance SMA 210/410 Deployment Guide Deployment Scenarios Overview...
  • Page 6: Connecting The Sma On A New Dmz

    1 Connect one end of an Ethernet cable to an unused port on your SonicWall gateway appliance. 2 Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall Secure Mobile Access 210/410. The X0 Port LED lights up indicating an active connection.
  • Page 7 4 In the Add Service Group dialog box, create a service group for HTTP and HTTPS: • Enter a Name for the service. • Select both HTTP and HTTPS and click the arrow button to move them to the right column. • Click OK. SMA 210/410 Deployment Guide Connecting the SMA on a New DMZ...
  • Page 8: Allowing An Sma To Lan Connection

    IP range. Click Next. NOTE: The default IP address is the WAN IP address of your SonicWall security appliance. If you accept this default, all HTTP and HTTPS traffic to this IP address will be routed to your SMA appliance.
  • Page 9 • Click OK to create the group when both objects are in the right column. 11 Navigate to the Firewall > Access Rules page, and select the Matrix view style. 12 Click the SMA > LAN icon. SMA 210/410 Deployment Guide Connecting the SMA on a New DMZ...
  • Page 10 SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products. Continue to Additional Configuration Testing and Troubleshooting Your Remote Connection. SMA 210/410 Deployment Guide Connecting the SMA on a New DMZ...
  • Page 11: Connecting The Sma On An Existing Dmz

    SonicWall gateway appliance, to a hub, or to a switch on your DMZ. 2 Connect the other end of the Ethernet cable to the X0 port on your SonicWall SMA 210/410. The X0 Port LED lights up indicating an active connection.
  • Page 12: Allowing Dmz To Lan Connection

    IP range. Click Next. NOTE: The default IP address is the WAN IP address of your SonicWall firewall. If you accept this default, all HTTP and HTTPS traffic to this IP address will be routed to your SMA appliance.
  • Page 13 13 On the page that displays for DMZ to LAN, click Add. 14 In the Add Rule window, create a rule to allow access to the LAN for the address group you just created: From Service Port Service SMA 210/410 Deployment Guide Connecting the SMA on an Existing DMZ...
  • Page 14 SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products. Continue to Additional Configuration Testing and Troubleshooting Your Remote Connection. SMA 210/410 Deployment Guide Connecting the SMA on an Existing DMZ...
  • Page 15: Deploying Sma On The Lan

    1 Connect one end of an Ethernet cable to an unused port on your LAN hub or switch. 2 Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall SMA 210/410. The X0 Port LED lights up indicating an active connection.
  • Page 16 The address group you just created, such as SMA to LAN. Destination Users Allowed Users Excluded None Schedule Always on Select the following Enable Logging check box(es) Allow Fragmented Packets 15 Click OK to create the rule. This completes Scenario C. SMA 210/410 Deployment Guide Deploying SMA on the LAN...
  • Page 17 SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products. Continue to Additional Configuration Testing and Troubleshooting Your Remote Connection. SMA 210/410 Deployment Guide Deploying SMA on the LAN...
  • Page 18: Additional Configuration

    Additional Configuration This section describes some additional configuration settings for your SMA 210/410, depending on the deployment scenario you selected. Topics: • Configuring the X0 IP Address • Adding a NetExtender Client Route • Setting Your NetExtender Address Range •...
  • Page 19: Configuring A Default Route

    To configure a NetExtender client route: 1 Navigate to the NetExtender > Client Routes page. 2 To force all SMA client traffic to pass through the NetExtender tunnel, select Enabled from the Tunnel All Mode drop-down list. SMA 210/410 Deployment Guide Additional Configuration...
  • Page 20: Setting Your Netextender Address Range

    3 Click Accept to add the Client Address Range. Scenario A 192.168.200.100 to 192.168.200.200 (default range) Scenario B An unused range within your DMZ subnet. Scenario C An unused range within your LAN subnet. SMA 210/410 Deployment Guide Additional Configuration...
  • Page 21: Adding A New Sma Custom Zone

    4 Enter SMA in the Name field. 5 Select Public from the Security Type drop-down menu. 6 Clear the Allow Interface Trust check box. 7 Select the following check boxes: • Enable Gateway Anti-Virus Service • Enable IPS SMA 210/410 Deployment Guide Additional Configuration...
  • Page 22 12 If you want to allow management of the gateway appliance over this interface, select the desired management options. 13 If you want to allow users to log in to the gateway appliance using this interface, select the desired user login options. 14 Click OK to apply changes. SMA 210/410 Deployment Guide Additional Configuration...
  • Page 23: Testing And Troubleshooting Your Remote Connection

    Testing and Troubleshooting Your Remote Connection You have now configured your SonicWall gateway appliance and SMA appliance for secure remote access. This section provides information on the following topics: • Verifying a User Connection from the Internet • Firewall > Access Rules Matrix View...
  • Page 24: Firewall > Access Rules Matrix View

    To ensure the SMA zone displays in the matrix view: 1 In the administrative interface of your SonicWall appliance, navigate to the Network > Interfaces page. 2 Click the Configure icon for X2 or the port you assigned as the SMA zone.
  • Page 25: Sonicwall Support

    SonicWall Support Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract and to customers who have trial versions. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year.
  • Page 26: About This Document

    The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall products.

This manual is also suitable for:

Sma 410

Table of Contents