SonicWALL SMA - Planning Your VPN; Who Will Access Your VPN?

To Next Page

To Previous Page

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

PlanningYourVPN

• WhoWillAccessYourVPN?onpage15

• WhichTypesofResourcesShouldUsersHaveAccessTo?onpage16

• SecurityAdministrationonpage18

• EndPointControlonpage22

• PuttingItAllTogether:UsingRealmsandCommunitiesonpage23

AboutDesigningYourVPN

ToeffectivelydesignyourVPN,youmustidentifywhowilluseit,whattypesofresourcestomakeavailable,and

whichaccessmethodstoprovidetouserssotheycanreachyournetwork.

Topics:

• WhoWillAccessYourVPN?onpage15

• WhichTypesofResourcesShouldUsersHaveAccessTo?onpage16

• HowWillUsersAccessYourResources?onpage16

WhoWillAccessYourVPN?

AkeyconsiderationinplanningyourVPNisidentifyingtheuserswhoneedtoaccessyournetworkresources.

YourusercommunitywillhaveamajorimpactonhowyoudesignandadministeryourVPN.

MostVPNusersgenerallyfallintooneoftwomajorcategories:

•Remoteemployees.Whenservingremoteand

mobileemployees,you’llprobablygivethemrelatively

openaccesstoenterpriseresources.Ofcourse,youcanalsodefineamoregranularaccesspolicyfor

specificresourcesthatcontainsensitiveinformation(suchasapayrollapplication).

EmployeecomputersystemsunderITcontrolprovidetheflexibilitytoinstallclientsoftware—suchasthe

ConnectTunnelclient—onthedesktop.

•Businesspartners.Suppliers,vendors,contractors,andotherpartnersgenerallyhaverestrictedaccessto

resourcesonyournetwork.Thisrequiresyoutoadministermoregranular resourcedefinitionsand

accesscontrolrulesthanthosetypicallyusedforaremoteaccessVPN.

Forexample,insteadofsimplydefininga

domainresourceandgrantingopenaccessprivileges,you’ll

oftenneedtodefinespecifichostresourcesandmanageamorecomplexaccesspolicy.Whendefininga

Webresourceyoumayalsowanttoobscureitsinternalhostnametomaintaintheprivacyofyour

network.

Becauseoftheadministrativeandsupportissues

associatedwithinstallingclientsoftwareoncomputers

outsidethecontrolofyourITorganization,aWeb‐basedaccessmethodisoftenbestforbusiness

partners.

Related product manuals