• Secure Mobile Access
• About this Guide
  • Organization of this Guide
  • Guide Conventions
• About SonicWall Secure Mobile Access
  • About the SMA Appliance
  • Key SSL VPN Concepts and SMA Features
    • Resources
    • Users and Groups
    • Authentication
    • Communities
    • Access Policy
    • End Point Control (EPC)
    • SSL/TLS and Encryption
    • Single Sign-On
    • Sharing Configuration Data
    • Role-based Administration
    • System Monitoring and Logging
  • SonicWall SMA Components
    • Client Components and Access Methods
      • WorkPlace
      • Network Explorer
      • Connect Tunnel Clients
      • Mobile Connect App
      • Translated Web Access
      • Custom Port Mapping
      • Custom FQDN Mapping
    • End Point Control Components
    • Administrator Components
      • Setup Wizard
      • Appliance Management Console (AMC)
      • Access Services
  • Managing Multiple Appliances
    • Central Management Server
    • Global Traffic Optimizer
• Planning Your VPN
  • About Designing Your VPN
    • Who Will Access Your VPN?
    • Which Types of Resources Should Users Have Access To?
      • How Will Users Access Your Resources?
      • Tunnel, Proxy, or Web: Which Access Method is Best?
    • Security Administration
      • Defining Resources
        • Web Resources
        • Client/Server Resources
        • File Shares
      • Managing Access Control with an Access Policy
      • Access Control for Bi-Directional Connections
      • Design Guidelines for Access Rules
  • End Point Control
    • Advanced EPC
  • Putting It All Together: Using Realms and Communities
• Common VPN Configurations
  • About the Configurations
  • Deployment Scenario: Remote Access for Employees and Partners
    • Establishing an Authentication Realm
    • Identifying Users
    • Adding Resources
    • Creating Zones of Trust
      • Creating a Device Zone for Trusted Users
      • Creating a Device Zone for Partners
      • Creating a Quarantine Zone for Untrusted Users
  • Customizing WorkPlace
    • Modifying the Default Style and Layout
    • Creating a New WorkPlace Style and Layout
      • Creating a WorkPlace Style
      • Creating a Workplace Layout
    • Creating an Employee Community
      • Specifying Access Methods for Employees
      • Configuring End Point Control for Employees
      • Configuring the WorkPlace Appearance for Employees
    • Creating a Partner Community
      • Specifying an Access Method for Partners
      • Configuring End Point Control for Partners
      • Configuring WorkPlace Appearance for Partners
    • Access Control Lists
      • Adding a Rule for Limited Resources
      • Adding an Unrestricted Rule
  • Testing the Deployment Scenario
  • Other Remote Access VPN Scenarios
    • Providing Access to Web Resources
      • Defining Specific Web Resources
      • Web Resources on a Portion of Your Network
      • All Web Resources on Your Network
    • Web-Based File Access to Entire Networks
    • Broad Access to Network Resources
    • Remote Access for Mobile Users
  • Additional Partner VPN Scenarios
    • Access to a Specific Web Resource Using an Alias
    • Web-Based Access to a Client/Server Application
  • End Point Control Scenarios
    • Quarantining Employees on Untrusted Systems
    • Denying Access
  • Access Policy Scenarios
  • Application-Specific Scenarios
    • Providing Access to Outlook Web Access (OWA)
    • Providing Access to Voice Over IP (VoIP)
    • Providing Access to Windows Terminal Services or Citrix Resources
  • Authentication Scenarios
    • Using Multiple Realms vs Single Realm
  • Access Component Provisioning
    • Deploying the Same Agents to All Users
    • Deploying Different Agents to Different Users
• SonicWall Support
  • About This Document

Specifying Access Methods for Employees

For each community of users, you can configure which access methods are available: Smart Tunnel Access (IP Protocol), Web-based proxy access (TCP Protocol), or Web access (HTTP).

For the Employees community, it’s likely that you will want to grant open access so that a user can establish remote access using whatever method is appropriate for his or her device. By contrast, the Partners community, in this example, will have only Web access.

The tunnel clients give users an “in-office” experience, with full VPN access to their applications. In the following steps you’ll grant Employees the ability to use OnDemand Tunnel, and set up an IP address pool for the client.

To specify open, tunnel access for employees

1. Navigate to the Access Methods tab on the User Access > Realms page.

2. In the Tunnel (IP Protocol) section on the Configure Community page, select the Network tunnel client (OnDemand) checkbox. If you don’t have an IP address pool configured yet, a warning will be displayed.

3. Click Configure. The Network Tunnel Client Settings page is displayed.

4. In the IP Address Pools section, click Edit next to Address pools.

5. On the Address Pools page, click the + (New) icon.

6. In the Name field, enter a label for the IP address pool that will be used to allocate addresses to the network tunnel clients.

7. Select an address pool type.

   There are several ways to specify an address pool. If you’re not sure which one to choose, select Translated address pool (Source NAT) so that the appliance will assign non-routable IP addresses to clients and use Source NAT to translate them to a single address. The drawback is that applications that require reverse connections, such as VoIP or active-mode FTP, may not function properly.

8. Click Save. The address pool appears in the Address Pools list.

9. Select the checkbox next to the address pool you just configured.

10. Click Save.

11. Click OK. The Access Methods tab on Configure Community page should display.

12. Click Next to define the zone of trust for employees. Go to Creating Zones of Trust.