Selecting a SonicWALL Recommended

Deployment Scenario

The deployment scenarios described in this section are based on actual customer deployments and are SonicWALL-recommended deployment best practices. This section describes three common deployments of the SonicWALL SSL VPN 4000. In Table 1, select the scenario that most closely matches your deployment.

Scenario A SSL VPN on a New DMZ

 

SonicWALL

 

 

UTM Appliance

Switch/

 

 

Router

 

Hub

 

SonicWALL

 

Remote Users

SSL-VPN 4000

LAN

on DMZ

Resources

in Internet Zone

 

 

 

Scenario B

SSL VPN on an Existing DMZ

 

SonicWALL

 

 

UTM Appliance

Switch/

 

 

Router

 

Hub

 

 

 

 

Switch/

 

 

Hub

Remote Users

SonicWALL

LAN

in Internet Zone

SSL-VPN 4000

Resources

 

on Existing DMZ

 

Scenario C SSL VPN on the LAN

Gateway

Device

Switch/

Hub

Remote Users

SonicWALL

SSL-VPN 4000

in Internet Zone

on LAN

 

Table 1: SonicWALL SSL VPN 4000 Deployment Scenarios

Gateway Device

SonicWALL Recommended

Conditions or Requirements

 

Deployment Scenarios

 

 

 

 

 

 

SonicOS Standard 3.1 or higher:

Scenario A: SSL VPN on a New DMZ

OPT or X2 interface is unused

TZ 170

 

A new DMZ configured for either NAT or

TZ 180 Series

 

 

Transparent Mode operation.

PRO 1260

 

(Optional) Plan to provide SonicWALL deep

PRO 2040

 

 

packet inspection security services such as

 

 

GAV, IPS, and Anti-Spyware.

PRO 3060

 

 

 

 

 

 

Scenario B: SSL VPN on Existing DMZ

OPT or X2 interface is in use with an

 

 

 

existing DMZ

 

 

(Optional) Plan to provide SonicWALL deep

 

 

 

packet inspection security services such as

 

 

 

GAV, IPS, and Anti-Spyware.

 

 

 

 

SonicOS Enhanced 3.1 or higher:

Scenario A: SSL VPN on a New DMZ

OPT or unused interface

TZ 170 Series

 

A new DMZ configured for either NAT or

TZ 180 Series

 

 

Transparent Mode operation.

TZ 190 Series

Scenario B: SSL VPN on Existing DMZ

No unused interfaces

PRO Series

 

One dedicated interface in use as an

NSA E-Class (SonicOS 5.0+)

 

 

 

existing DMZ

NSA Series (SonicOS 5.0+)

 

 

 

Scenario C: SSL VPN on the LAN

No unused interfaces

 

 

 

No dedicated interface for a DMZ

 

 

 

 

SonicOS Standard 3.1 or higher:

Scenario C: SSL VPN on the LAN

Not planning to use SonicWALL deep

TZ 150 Series

 

 

packet inspection security services such as

TZ 170 Wireless

 

GAV, IPS, and Anti-Spyware.

TZ 170 SP

 

Interoperability with a third-party gateway

 

 

device

 

 

 

SonicWALL devices running

 

 

 

legacy firmware

 

 

 

Third-Party Gateway Device

 

 

 

 

 

 

 

Page 4

Page 5
Image 5
SonicWALL 4000 manual Selecting a SonicWALL Recommended  Deployment Scenario, Scenario a SSL VPN on a New DMZ, Scenario B