Products
- Network Security
  - Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
  - Security ServicesComprehensive security for your network security solution
  - Capture Security applianceAdvanced Threat Protection for modern threat landscape
  - Network Security ManagerModern Security Management for today’s security landscape
- Access Security
  - Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
  - Secure Mobile AccessRemote, best-in-class, secure access
  - Wireless Access PointsEasy to manage, fast and secure Wi-FI
  - SwitchesHigh-speed network switching for business connectivity
- Email Security
  - Email SecurityProtect against today’s advanced email threats
- Cloud Security
  - Cloud App SecurityVisibility and security for Cloud Apps
  - Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
  - Capture ClientStop advanced threats and rollback the damage caused by malware
  - Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
  - Product Menu Right Image
  - Capture Cloud Platform
    Capture Cloud Platform
    A security ecosystem to harness the power of the cloud
- Button Widgets
  - Products A-Z
    all products A–Z FREE TRIALS
Solutions
- Industries
- Use Cases
- Solutions Widgets
  - Solutions Content Widgets
    Federal
    Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
  - Solutions Image Widgets
Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
  - Custom HTML : Partners Content WIdgets
    Partner Portal
    Access to deal registration, MDF, sales and marketing tools, training and more
  - Partners Image Widgets
Support
- Support
- Resources
- Support Widget
  - Custom HTML : Support Content WIdgets
    Support Portal
    Find answers to your questions by searching across our knowledgebase, community, technical documentation and video tutorials
  - Support Image Widgets
COMPANY
PROMOTIONS
MANAGED SERVICES
Contact Sales

English English en

Support on SonicWall Products, Services and Solutions

Browse Knowledgebase by Category

Capture Security Center

Management and Reporting

FAQ: DNS and SAN certificate requirements for CMS/GTO deployment

10/22/2020 21 4083

DESCRIPTION:

This Knowledgebase article provides you the necessary information on how to setup DNS and what type of certificate is required for the GTO (Global Traffic Optimizer) service

CAUSE:

This Knowledgebase article provides you the necessary information on how to setup DNS and what type of certificate is required for the GTO (Global Traffic Optimizer) service.

RESOLUTION:

FAQ: DNS and SAN cert requirements for CMS/GTO deployment

Below is an example guide for the DNS and SAN setup,

DNS Requirements:

GTO name: remote.example.com (FQDN an end-user is going to use to connect to the device)

If there are two SMA devices under the CMS, then we need to add below name server (NS) records and A records to customer's public DNS servers,

remote.example.com NS sma1.ns.remote.example.com

remote.example.com NS sma2.ns.remote.example.com

sma1.ns.remote.example.com A 15.2.2.2

sma2.ns.remote.example.com A 11.1.2.4

Note: You should configure a minimum of two SMA appliances and delegate them in DNS as authoritative servers.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

SAN Certificate:

Subject Name: remote.example.com

Alternative name: sma1.remote.example.com; remote.example.com; sma2.remote.example.com

Why a SAN certificate?

If your organization has multiple domains, a single SSL SAN certificate can help you secure multiple domains along with their respective subdomains. Unlike Wildcard certificate, which allows us to add only one level of subdomain, In a SAN certificate, It allows encrypting multiple levels of subdomains.

Note: We do support both wildcard and SAN certificate but a SAN is highly recommended.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note: sma1 and sma2 are the name of each appliance. This could be found on each appliance dashboard.

Click the below link for SMA 1000 series default assigned ports,

https://www.sonicwall.com/support/knowledge-base/what-are-the-sma-1000-series-default-assigned-ports/180524191604517/

Refer the CMS/GTO Admin Guide for more detailed setup,

https://www.sonicwall.com/support/technical-documentation/?language=English&category=Secure%20Remote%20Access&product=SMA%201000%20Series&resources=Administration%20Guide

Stay In Touch

Email Address*
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time at Manage Subscriptions.
Country
Company
States
Dnb- ZIP
Dnb- Phone
elqCampaignId
elqTrackId
utm_campaign
utm_medium
utm_source
utm_term
utm_content
gclid
sfdc_campaign_id
DnB - Address
DnB - First Name
DnB - Last Name
DnB - Duns
DnB - Global Ult (HQ) DUNS
DnB - Global Ult (HQ) Company
DnB - Employee Count
DnB - Trade Name
DnB - Currency
DnB - Vanity Title
DnB - Country
DnB - State
DnB - Zip
DnB - City
DnB - Global Employee Count
DnB - SIC Code
DnB - SIC Description
DnB - NAICS Code
DnB - NAICS Description
DnB - Revenue
DnB - Domain
DnB - Business Phone
DnB - Company
DnB - DataSource
DnB - DMACode
DnB - EmployeeRange
DnB - Fortune1000
DnB - Fortune200
DnB - Industry
DnB - Postal Code
DnB - PrimarySIC
DnB - SubIndustry
DnB - PrimaryNAICS
DnB - StockTicker
DnB - Revenue Range
DnB - State or Province
DnB - Website
Email
This field is for validation purposes and should be left unchanged.

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Capture Cloud Platform

Federal

Partner Portal

Support Portal

FAQ: DNS and SAN certificate requirements for CMS/GTO deployment

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch

FAQ: DNS and SAN certificate requirements for CMS/GTO deployment

Categories

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch