-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
FAQ: DNS and SAN certificate requirements for CMS/GTO deployment
10/22/2020 
66 People found this article helpful
476,235 Views
Description
This Knowledgebase article provides you the necessary information on how to setup DNS and what type of certificate is required for the GTO (Global Traffic Optimizer) service
Cause
This Knowledgebase article provides you the necessary information on how to setup DNS and what type of certificate is required for the GTO (Global Traffic Optimizer) service.
Resolution
FAQ: DNS and SAN cert requirements for CMS/GTO deployment
Below is an example guide for the DNS and SAN setup,
DNS Requirements:
GTO name: remote.example.com (FQDN an end-user is going to use to connect to the device)
If there are two SMA devices under the CMS, then we need to add below name server (NS) records and A records to customer's public DNS servers,
remote.example.com NS sma1.ns.remote.example.com
remote.example.com NS sma2.ns.remote.example.com
sma1.ns.remote.example.com A 15.2.2.2
sma2.ns.remote.example.com A 11.1.2.4
Note: You should configure a minimum of two SMA appliances and delegate them in DNS as authoritative servers.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SAN Certificate:
Subject Name: remote.example.com
Alternative name: sma1.remote.example.com; remote.example.com; sma2.remote.example.com
Why a SAN certificate?
If your organization has multiple domains, a single SSL SAN certificate can help you secure multiple domains along with their respective subdomains. Unlike Wildcard certificate, which allows us to add only one level of subdomain, In a SAN certificate, It allows encrypting multiple levels of subdomains.
Note: We do support both wildcard and SAN certificate but a SAN is highly recommended.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Note: sma1 and sma2 are the name of each appliance. This could be found on each appliance dashboard.
Click the below link for SMA 1000 series default assigned ports,
Refer the CMS/GTO Admin Guide for more detailed setup,
Related Articles
- How to Set Timeout for Inactive Tunnel Connections
- Commands for silent installation of NetExtender via CMD line
- Users on Netextender 10.3.0 version failing to connect with the following error message " Cannot get a response from the server "
YES
NO