SMB SSL-VPN: What is the recommended SRA deployment
03/26/2020 9 12541
DESCRIPTION: What is the recommended and most common deployment of SRA appliances ?
One-port mode (one arm deployment), where only the X0 interface is utilized, and the appliance is placed in a separated, protected “DMZ” network/interface of a SonicWall security appliance, such as the SonicWall TZ appliance or NSA appliance.
This method of deployment offers additional layers of security control plus the ability to use SonicWall’s Unified Threat Management (UTM) services, including Gateway Anti-Virus, Anti-Spyware, Content Filtering and Intrusion Prevention, to scan all incoming and outgoing NetExtender traffic.
SRA can be deployed in either a new DMZ zone or an existing one:
SRA can also be deployed in the LAN (this method is less common and less recommended). All three recommended deployments are covered by the getting started guides: