SonicWALL 4000

Page 4

Selecting a SonicWALL Recommended

Deployment Scenario

The deployment scenarios described in this section are based on actual customer

deployments and are SonicWALL-recommended deployment best practices. This

section describes three common deployments of the SonicWALLSSL VPN 4000.

In Table 1, select the scenario that most closely matches your deployment.



Table 1: SonicWALLSSL VPN 4000 Deployment Scenarios

Gateway Device SonicWALL Recommended

Deployment Scenarios Conditions or Requirements

SonicOS Standard 3.1 or higher:

TZ 170

TZ 180 Series

PRO 1260

PRO 2040

PRO 3060

Scenario A: SSL VPN on a New DMZ • OPT or X2 interface is unused

• A new DMZ configured for either NAT or

Transparent Mode operation.

• (Optional) Plan to provide SonicWALL deep

packet inspection security services such as

GAV, IPS, and Anti-Spyware.

Scenario B: SSL VPN on Existing DMZ • OPT or X2 interface is in use with an

existing DMZ

• (Optional) Plan to provide SonicWALL deep

packet inspection security services such as

GAV, IPS, and Anti-Spyware.

SonicOS Enhanced 3.1 or higher:

TZ 170 Series

TZ 180 Series

TZ 190 Series

PRO Series

NSA E-Class (SonicOS 5.0+)

NSA Series (SonicOS 5.0+)

Scenario A: SSL VPN on a New DMZ • OPT or unused interface

• A new DMZ configured for either NAT or

Transparent Mode operation.

Scenario B: SSL VPN on Existing DMZ • No unused interfaces

• One dedicated interface in use as an

existing DMZ

Scenario C: SSL VPN on the LAN • No unused interfaces

• No dedicated interfac e for a DMZ

SonicOS Standard 3.1 or higher:

TZ 150 Series

TZ 170 Wireless

TZ 170 SP

SonicWALL devices running

legacy firmware

Third-Party Gateway Device

Scenario C: SSL VPN on the LAN • Not planning to use SonicWALL deep

packet inspection security services such as

GAV, IPS, and Anti-Spyware.

• Interoperability with a third-party gateway

device

Gateway

Device Switch/

Hub

SonicWALL

SSL-VPN 4000

on LAN

Remote Users

in Internet Zone

SonicWALL

SSL-VPN 4000

on Existing DMZ

SonicWALL

UTM Appliance

LAN

Resources

Router

Switch/

Hub

Switch/

Hub

Remote Users

in Internet Zone

SonicWALL

UTM Appliance

SonicWALL

SSL-VPN 4000

on DMZ LAN

Resources

Router

Switch/

Hub

Remote Users

in Internet Zone

SonicWALL 4000 manual - page 5

Selecting a SonicWALL Recommended

Deployment Scenario

The deployment scenarios described in this section are based on actual customer

deployments and are SonicWALL-recommended deployment best practices. This

section describes three common deployments of the SonicWALLSSL VPN 4000.

In Table 1, select the scenario that most closely matches your deployment.

Table 1: SonicWALLSSL VPN 4000 Deployment Scenarios

Gateway Device SonicWALL Recommended

Deployment Scenarios Conditions or Requirements

Scenario A

SSL VPN on a New DMZ Scenario B Scenario C

SSL VPN on an Existing DMZ SSL VPN on the LAN