Scenario a SSL VPN on a New DMZ, Scenario B

Selecting a SonicWALL Recommended

Deployment Scenario

The deployment scenarios described in this section are based on actual customer deployments and are SonicWALL-recommended deployment best practices. This section describes three common deployments of the SonicWALL SSL VPN 4000. In Table 1, select the scenario that most closely matches your deployment.

Scenario A SSL VPN on a New DMZ

	SonicWALL
	UTM Appliance	Switch/
		Switch/
Router		Hub
	SonicWALL
Remote Users	SSL-VPN 4000	LAN
	on DMZ	LAN
	on DMZ	Resources
in Internet Zone		Resources
in Internet Zone

Scenario B

SSL VPN on an Existing DMZ

	SonicWALL
	UTM Appliance	Switch/
		Switch/
Router		Hub
Router
		Switch/
		Hub
Remote Users	SonicWALL	LAN
in Internet Zone	SSL-VPN 4000	Resources
	on Existing DMZ

Scenario C SSL VPN on the LAN

Gateway

Device

Switch/

Hub

	Remote Users	SonicWALL
		SSL-VPN 4000
	in Internet Zone
		on LAN

Table 1: SonicWALL SSL VPN 4000 Deployment Scenarios

Gateway Device	SonicWALL Recommended	Conditions or Requirements
	Deployment Scenarios

SonicOS Standard 3.1 or higher:	Scenario A: SSL VPN on a New DMZ	•	OPT or X2 interface is unused
TZ 170		•	A new DMZ configured for either NAT or
TZ 180 Series			Transparent Mode operation.
PRO 1260		•	(Optional) Plan to provide SonicWALL deep
PRO 2040			packet inspection security services such as
PRO 2040			GAV, IPS, and Anti-Spyware.
PRO 3060			GAV, IPS, and Anti-Spyware.
PRO 3060
	Scenario B: SSL VPN on Existing DMZ	•	OPT or X2 interface is in use with an
			existing DMZ
		•	(Optional) Plan to provide SonicWALL deep
			packet inspection security services such as
			GAV, IPS, and Anti-Spyware.

SonicOS Enhanced 3.1 or higher:	Scenario A: SSL VPN on a New DMZ	•	OPT or unused interface
TZ 170 Series		•	A new DMZ configured for either NAT or
TZ 180 Series			Transparent Mode operation.
TZ 190 Series	Scenario B: SSL VPN on Existing DMZ	•	No unused interfaces
PRO Series	Scenario B: SSL VPN on Existing DMZ	•	No unused interfaces
PRO Series		•	One dedicated interface in use as an
NSA E-Class (SonicOS 5.0+)		•	One dedicated interface in use as an
NSA E-Class (SonicOS 5.0+)			existing DMZ
NSA Series (SonicOS 5.0+)
NSA Series (SonicOS 5.0+)	Scenario C: SSL VPN on the LAN	•	No unused interfaces
	Scenario C: SSL VPN on the LAN	•	No unused interfaces
		•	No dedicated interface for a DMZ

SonicOS Standard 3.1 or higher:	Scenario C: SSL VPN on the LAN	•	Not planning to use SonicWALL deep
TZ 150 Series			packet inspection security services such as
TZ 170 Wireless		•	GAV, IPS, and Anti-Spyware.
TZ 170 SP		•	Interoperability with a third-party gateway
TZ 170 SP			device
			device
SonicWALL devices running
legacy firmware
Third-Party Gateway Device

Page 4

SonicWALL 4000 manual Selecting a SonicWALL Recommended Deployment Scenario, Scenario B

Models: 4000

Selecting a SonicWALL Recommended

Deployment Scenario

Scenario A SSL VPN on a New DMZ

Scenario B

SSL VPN on an Existing DMZ

Scenario C SSL VPN on the LAN

Table 1: SonicWALL SSL VPN 4000 Deployment Scenarios

Scenario A: SSL VPN on a New DMZ

Scenario B: SSL VPN on Existing DMZ

Selecting a SonicWALL Recommended

Deployment Scenario

Scenario A SSL VPN on a New DMZ

Scenario B

SSL VPN on an Existing DMZ

Scenario C SSL VPN on the LAN

Table 1: SonicWALL SSL VPN 4000 Deployment Scenarios

Scenario A: SSL VPN on a New DMZ

Scenario B: SSL VPN on Existing DMZ

Deployment Scenario