Secure Mobile Access 12.4 Administration Guide

About Access Services

Users can access VPN resources secured by the SMA appliance using three primary methods, or access services. This section describes each of the access services and the types of resources they provide access to.

  • The network tunnel service is a network routing technology that provides secure network tunnel access to a wide range of client/server applications, including those that use non-TCP protocols such as VoIP and ICMP, reverse-connection protocols, and bi-directional protocols, such as those used by remote Help Desk applications. It works in conjunction with the Connect Tunnel client and the OnDemand Tunnel agent to provide authenticated and encrypted access. The network tunnel service can traverse firewalls, NAT devices, and other proxy servers that can interfere with traditional VPN devices.

    When Web resource filtering is enabled for the network tunnel service, policies for tunnel sessions can use URL-based rules in addition to IP-based rules.

  • The WorkPlace service controls access to network file shares accessed from a Web browser. The WorkPlace service communicates with Windows file servers and network shares (including Microsoft Distributed file system, or Dfs, resources) using the Server Message Block (SMB) file-sharing protocol. For information about configuring the WorkPlace service, see Configuring WorkPlace General Settings.

The below table illustrates the relationships between the Secure Mobile Access access services and the user access components that they control.

Relationships between SMA access services and user access components
ServiceUser access componentsDescription
Network tunnel service
  • OnDemand Tunnel agent

  • Connect Tunnel client

  • Manages TCP/IP and non-TCP (such as VoIP and ICMP) connections from the network tunnel clients.

  • Provides network-level access to all resources, effectively making the user’s computer a node on your network.

  • Includes support for mapped network drives, native email clients, and applications that make reverse connections, such as VoIP.

Web proxy service
  • Translated Web access

  • Custom port mapped Web access

  • Custom FQDN mapped Web access

  • Manages HTTP and TCP/IP connections from Web browsers.
WorkPlace service
  • WorkPlace portal

  • Provides a Web-based portal that is available from any Web browser.

  • Provides access to file-system resources.

  • Provisions and deploys all user access components.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.