SonicWall WAN Acceleration (WXA) Deployment Modes

03/26/2020 37 11693

DESCRIPTION:

Configure DHCP scope for SonicWall WXA to obtain IP address ( Static IP address is not supported), Domain Name, Internal DNS Server for SonicWall WXA to use for provisioning; joining the domain, setting up File Shares

Make sure that proper access rules are in place for SonicWall WXA Appliance to talk to internal Domain Controllers, DNS Servers, File Servers and other servers

SonicWall WXA Supports :
a) TCP Acceleration - Need to explicitly define what networks' traffic should be accelerated in the below described deployment modes
b ) WFS   Windows File Sharing Acceleration - When doing Windows File Sharing, user EXPLICITLY accesses Share name that is Mapped to SonicWall WXA Appliance and not the real File Share
Ex: \WXA-Test instead of \FileServer1

 Following are the deployment modes where SonicWall WAN Acceleration devices can be deployed in conjunction with SonicWall UTM Appliances to optimize TCP Acceleration

Typical deployment involves two Appliances between Headquarters and remote offices to accelerate traffic

1. Site-Site VPN - IPsec/Tunnel Mode

 --- Most common deployments use Site-Site VPN Traffic to be accelerated and involve 2 SonicWall WXA Appliances (one at each end of Site-Site VPN ) and 2 Managing SonicWall UTM appliances

 2. Routed Mode - Using Route Statements

 ---Involves 2 SonicWall WXA Appliances  and 2 Managing SonicWall UTM appliances. In this mode, Source and Destination traffic that is specified in the Route Statements are accelerated. This type of TCP acceleration is typically used in a private MPLS scenario .Each end requires that these route statements are in place.

3. Layer 2 Bridge Mode

 -- In this mode, typically route statements with source and destination networks with TCP acceleration needs to be enabled.

TCP Acceleration uses transparent TCP Proxy. User has to tell the managing SonicWall Appliance what Network traffic needs to be sent to SonicWall WXA Appliance for TCP acceleration
If using Site-Site IPSec VPN, by default if you enable TCP Acceleration on a VPN Policy, UTM  chooses the local and destination network defined for TCP acceleration
If using Site-Site Tunnel Interface VPN, when defining route statements, you can specify if the traffic should  be subjected to TCP Acceleration
If using regular Layer 2 bridge or route mode, when defining route statements, you can specify if the traffic should  be subjected to TCP Acceleration

NOTE: In Site-Site VPN Policy, Route Mode or Layer 2 bridge mode, there is no need to include SonicWall WXA Appliance Subnets in VPN policy or route statements. This is true for both TCP acceleration and WFS Acceleration (Windows File Sharing).