• Secure Mobile Access 10.2 for the SMA 100 Series
• Deployment Scenarios Overview
  • Selecting a Deployment Scenario
  • SMA 210/410 and 500v Deployment Scenarios
• Connecting the SMA on a New DMZ
  • Connecting the SMA to the Gateway
  • Allowing a WAN to SMA Connection
  • Allowing an SMA to LAN Connection
• Connecting the SMA on an Existing DMZ
  • Connecting the SMA to the Gateway
  • Allowing WAN to DMZ Connection
  • Allowing DMZ to LAN Connection
• Deploying SMA on the LAN
  • Connecting the SMA to the Gateway
  • Configuring SMA to LAN Connectivity
• Additional Configuration
  • Configuring the X0 IP Address
  • Configuring a Default Route
  • Adding a NetExtender Client Route
  • Setting Your NetExtender Address Range
  • Adding a New SMA Custom Zone
• Testing and Troubleshooting Your Remote Connection
  • Verifying a User Connection from the Internet
  • Policy > Access Rules Matrix View
• SonicWall Support
  • About This Document

Selecting a Deployment Scenario

The deployment scenarios described in this guide are based on actual customer deployments and are SonicWall-recommended deployment best practices for SMA appliances.

An SMA appliance is commonly deployed in one-arm mode over the DMZ interface on an accompanying gateway appliance, such as a SonicWall NSa 3600. This method of deployment offers additional layers of security control, plus the ability to use SonicWall’s security services, including Gateway Anti-Virus, Anti-Spyware, Content Filtering, Intrusion Prevention Service, and Comprehensive Anti-Spam Service, to scan all incoming and outgoing traffic.

The primary interface (X0) on the SonicWall SMA connects to an available segment on the gateway device. The encrypted user session is passed through the gateway to the SMA appliance. The SonicWall SMA appliance decrypts the session and determines the requested resource.

The session traffic then traverses the gateway appliance to reach the internal network resources. The gateway appliance applies security services as data traverses the gateway. The internal network resource then returns the requested content to the SonicWall SMA appliance through the gateway, where it is encrypted and sent to the client.