Secure Mobile Access 100 10.2 Administration Guide

Two-armed Deployment

The SMA appliances also support two-armed deployment scenarios, using one external (DMZ or WAN side) interface and one internal (LAN) interface. However, two-armed mode introduces routing issues that need to be considered before deployment. The SMA appliance does not route packets across interfaces, as there are IP tables rules preventing that, and therefore cannot be used as a router or default gateway. Any other machines connected to an internal interface of the SMA appliance in two-armed mode would need to access the Internet or other network resources (DNS, NTP) through a different gateway.

If you have an internal router as well as an Internet router, you can use a two-armed deployment to leverage your internal router to access your internal resources.

Sample Scenario: Company A has resources and several subnets on their internal network, and they already have a robust routing system in place. With two-armed deployment of the SMA appliance, client requests destined for internal resources on the corporate network can be delivered to an internal router.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.