- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
FAQ: DNS and SAN certificate requirements for CMS/GTO deployment
10/22/2020 
27 People found this article helpful
86,565 Views
Description
This Knowledgebase article provides you the necessary information on how to setup DNS and what type of certificate is required for the GTO (Global Traffic Optimizer) service
Cause
This Knowledgebase article provides you the necessary information on how to setup DNS and what type of certificate is required for the GTO (Global Traffic Optimizer) service.
Resolution
FAQ: DNS and SAN cert requirements for CMS/GTO deployment
Below is an example guide for the DNS and SAN setup,
DNS Requirements:
GTO name: remote.example.com (FQDN an end-user is going to use to connect to the device)
If there are two SMA devices under the CMS, then we need to add below name server (NS) records and A records to customer's public DNS servers,
remote.example.com NS sma1.ns.remote.example.com
remote.example.com NS sma2.ns.remote.example.com
sma1.ns.remote.example.com A 15.2.2.2
sma2.ns.remote.example.com A 11.1.2.4
Note: You should configure a minimum of two SMA appliances and delegate them in DNS as authoritative servers.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SAN Certificate:
Subject Name: remote.example.com
Alternative name: sma1.remote.example.com; remote.example.com; sma2.remote.example.com
Why a SAN certificate?
If your organization has multiple domains, a single SSL SAN certificate can help you secure multiple domains along with their respective subdomains. Unlike Wildcard certificate, which allows us to add only one level of subdomain, In a SAN certificate, It allows encrypting multiple levels of subdomains.
Note: We do support both wildcard and SAN certificate but a SAN is highly recommended.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Note: sma1 and sma2 are the name of each appliance. This could be found on each appliance dashboard.
Click the below link for SMA 1000 series default assigned ports,
Refer the CMS/GTO Admin Guide for more detailed setup,
Related Articles
- CT with Device Guard is stuck on Identifying when GVC Client is installed
- SMA1000: CT compatibility with 3rd party VPN clients like GVC, Citrix and Fortinet
- How can I upgrade firmware in SMA 1000 series appliance?
YES
NO