Secure Mobile Access 12.4 Administration Guide

Network Architecture

This section shows where the appliance fits into your network environment, provides installation and cabling instructions, and explains how to use the Web-based Setup Wizard (or alternatively use the command-line Setup Tool) to perform basic network configuration.

All SonicWall SMA appliances can be set up in either a dual interface or single interface configuration:

The SMA 8200v, 7200, 7210 and SMA 6200, 6210 appliances include network interfaces that can be set up to use an external load balancer.

  • Dual-homed Configuration (Internal and External Interfaces – see Dual-homed interface configuration) — One network interface is used for external traffic (that is, to and from the Internet), and the other interface is used for internal traffic (to and from your corporate network).

    Dual-homed interface configuration

  • Single-homed interface configuration (internal interface – see Single-Single-homed interface configuration) — A single network interface is used for both internal and external traffic. The appliance is usually installed in the demilitarized zone (or DMZ, also known as a perimeter network).

    Single-homed interface configuration

In both configurations, incoming requests to the Secure Mobile Access services—including HTTP/S traffic for the Web proxy service—are sent over port 80 (HTTP) and port 443 (HTTPS). Traffic from the OnDemand agent is always sent over port 443. Because most networks are configured to enable traffic over these ports, you shouldn’t need to reconfigure firewalls on your network.

You should install the appliance in a location where it can connect to resources on your network, including:

  • Application servers and file servers, including Web or Windows servers, and client/server applications.
  • External authentication repositories (such as an LDAP, Microsoft Active Directory, or RADIUS server).
  • One or more Domain Name System (DNS) servers.
  • Optionally, a Windows Internet Name Service (WINS) server. This is required for browsing Windows networks using WorkPlace.

The SonicWall SMA appliance does not provide full firewall capabilities and should be secured behind a firewall. Running without a firewall makes the appliance vulnerable to attacks that can compromise security and degrade performance.

Although not required, enabling the appliance to communicate with these additional resources provides greater functionality and ease of use:

  • Network Time Protocol (NTP) server for synchronizing the time on the appliance.
  • External server for storing syslog output.
  • Administrator’s workstation for secure shell (SSH) access.

For enhanced security, you can obtain a certificate from a commercial certificate authority (CA). For more information, see Obtaining a Certificate from a Commercial CA.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.