Secure Mobile Access 12.4 CMS Administration Guide

Additional Deployment Notes

Notes on SMA Appliances

It is recommended that you configure a minimum of two SMA appliances, and that you delegate them in DNS as authoritative servers to minimize the likelihood that your users ever lose DNS resolution of the GTO service.

You must enable UDP 53 on your firewall for all traffic that is sent to CMS-managed appliances that are configured as authoritative servers.

Web Limitations if an Appliance Fails

Web users may face some limitations with GTO if an appliance fails. GTO services should DNS-resolve to more than one MA node, and web browsers given a multi-address DNS response should connect to the first address that works. When CMS finds an MA unresponsive for a minute, it instructs the DNS authoritative server nodes to reconfigure around the broken MA, but during that reconfiguration time, the broken MA node can still appear in DNS responses. If this situation occurs and the user’s Workplace session fails, the user sees what looks like a typical failure of a website. The user needs to reconnect by retyping the GTO service name. They are redirected through a different node and can access that web site again.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.