The SMA appliance is commonly deployed in tandem in one-armed mode over the DMZ or Opt interface on an accompanying gateway appliance, for example, a SonicWall Inc. network security appliance.
This method of deployment offers additional layers of security control plus the ability to use SonicWall Inc.’s Unified Threat Management (UTM) services, including Gateway Anti-Virus, Anti-Spyware, Content Filtering and Intrusion Prevention, to scan all incoming and outgoing NetExtender traffic. SonicWall Inc. recommends
one-armed mode deployments over two-armed for the ease-of-deployment and for use in conjunction with UTM GAV/IPS for clean VPN.
As shown in the following figure, in one-armed mode the primary interface (X0) on the SMA appliance connects to an available segment on the gateway device. The encrypted user session is passed through the gateway to the SMA appliance (step 1). The SMA appliance decrypts the session and determines the requested resource. The Secure Mobile Access session traffic then traverses the gateway appliance (step 2) to reach the internal network resources. While traversing the gateway, security services, such as Intrusion Prevention, Gateway Anti-Virus and Anti-Spyware inspection can be applied by appropriately equipped gateway appliances. The internal network resource then returns the requested content to the SMA appliance through the gateway (step 3) where it is encrypted and returned to the client.
Was This Article Helpful?
Help us to improve our support portal