Anti-Spyware, Content Filtering, Intrusion Prevention Service, and Comprehensive Anti-Spam Service, to scan all incoming and outgoing traffic. The primary interface (X0) on the SonicWall SMA connects to an available segment on the gateway device. The encrypted user session is passed through the gateway to the SMA appliance. The SonicWall SMA appliance decrypts the session and determines the requested resource.
Overview of Scenario B: SMA on an Existing DMZ SonicWall Gateway Appliance 10GE SDHC ALARM TEST SonicWall NSA 3600 CONSOLE MGMT X2, etc Switch Switch Router Network Nodes Remote Users | O | O | Secure Mobile Access 400 SMA Appliance SMA 210/410 Deployment Guide Deployment Scenarios Overview...
Overview of Scenario C: SMA on the LAN Existing Gateway Device or Switch / Hub LAN Port Internet Router Remote Users Secure Mobile Access 400 | O | O | SMA Appliance SMA 210/410 Deployment Guide Deployment Scenarios Overview...
1 Connect one end of an Ethernet cable to an unused port on your SonicWall gateway appliance. 2 Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall Secure Mobile Access 210/410. The X0 Port LED lights up indicating an active connection.
Page 7
4 In the Add Service Group dialog box, create a service group for HTTP and HTTPS: • Enter a Name for the service. • Select both HTTP and HTTPS and click the arrow button to move them to the right column. • Click OK. SMA 210/410 Deployment Guide Connecting the SMA on a New DMZ...
IP range. Click Next. NOTE: The default IP address is the WAN IP address of your SonicWall security appliance. If you accept this default, all HTTP and HTTPS traffic to this IP address will be routed to your SMA appliance.
Page 9
• Click OK to create the group when both objects are in the right column. 11 Navigate to the Firewall > Access Rules page, and select the Matrix view style. 12 Click the SMA > LAN icon. SMA 210/410 Deployment Guide Connecting the SMA on a New DMZ...
Page 10
SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products. Continue to Additional Configuration Testing and Troubleshooting Your Remote Connection. SMA 210/410 Deployment Guide Connecting the SMA on a New DMZ...
SonicWall gateway appliance, to a hub, or to a switch on your DMZ. 2 Connect the other end of the Ethernet cable to the X0 port on your SonicWall SMA 210/410. The X0 Port LED lights up indicating an active connection.
IP range. Click Next. NOTE: The default IP address is the WAN IP address of your SonicWall firewall. If you accept this default, all HTTP and HTTPS traffic to this IP address will be routed to your SMA appliance.
Page 13
13 On the page that displays for DMZ to LAN, click Add. 14 In the Add Rule window, create a rule to allow access to the LAN for the address group you just created: From Service Port Service SMA 210/410 Deployment Guide Connecting the SMA on an Existing DMZ...
Page 14
SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products. Continue to Additional Configuration Testing and Troubleshooting Your Remote Connection. SMA 210/410 Deployment Guide Connecting the SMA on an Existing DMZ...
1 Connect one end of an Ethernet cable to an unused port on your LAN hub or switch. 2 Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall SMA 210/410. The X0 Port LED lights up indicating an active connection.
Page 16
The address group you just created, such as SMA to LAN. Destination Users Allowed Users Excluded None Schedule Always on Select the following Enable Logging check box(es) Allow Fragmented Packets 15 Click OK to create the rule. This completes Scenario C. SMA 210/410 Deployment Guide Deploying SMA on the LAN...
Page 17
SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products. Continue to Additional Configuration Testing and Troubleshooting Your Remote Connection. SMA 210/410 Deployment Guide Deploying SMA on the LAN...
Additional Configuration This section describes some additional configuration settings for your SMA 210/410, depending on the deployment scenario you selected. Topics: • Configuring the X0 IP Address • Adding a NetExtender Client Route • Setting Your NetExtender Address Range •...
To configure a NetExtender client route: 1 Navigate to the NetExtender > Client Routes page. 2 To force all SMA client traffic to pass through the NetExtender tunnel, select Enabled from the Tunnel All Mode drop-down list. SMA 210/410 Deployment Guide Additional Configuration...
3 Click Accept to add the Client Address Range. Scenario A 192.168.200.100 to 192.168.200.200 (default range) Scenario B An unused range within your DMZ subnet. Scenario C An unused range within your LAN subnet. SMA 210/410 Deployment Guide Additional Configuration...
4 Enter SMA in the Name field. 5 Select Public from the Security Type drop-down menu. 6 Clear the Allow Interface Trust check box. 7 Select the following check boxes: • Enable Gateway Anti-Virus Service • Enable IPS SMA 210/410 Deployment Guide Additional Configuration...
Page 22
12 If you want to allow management of the gateway appliance over this interface, select the desired management options. 13 If you want to allow users to log in to the gateway appliance using this interface, select the desired user login options. 14 Click OK to apply changes. SMA 210/410 Deployment Guide Additional Configuration...
Testing and Troubleshooting Your Remote Connection You have now configured your SonicWall gateway appliance and SMA appliance for secure remote access. This section provides information on the following topics: • Verifying a User Connection from the Internet • Firewall > Access Rules Matrix View...
To ensure the SMA zone displays in the matrix view: 1 In the administrative interface of your SonicWall appliance, navigate to the Network > Interfaces page. 2 Click the Configure icon for X2 or the port you assigned as the SMA zone.
SonicWall Support Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract and to customers who have trial versions. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year.
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall products.
Need help?
Do you have a question about the SMA 210 and is the answer not in the manual?
Questions and answers