SonicWALL SMA - Page 19

To Next Page

To Previous Page

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

PlanningYourVPN

WebResources

AnyWebresource—suchasaWebapplication,aWebportal,oraWebserver—canbedefinedasaURL

resource(theyarespecifiedinAMCusingthestandardhttp://orhttps://URLsyntax).Examplesinclude

MicrosoftOutlookWebAccessandotherWeb‐basede‐mailprograms,Webportals,corporateintranets,and



standardWebservers.

DefiningaWebresourceasaURLprovidesseveraladvantages:

• YoucancreateaWebshortcutonWorkPlacetogiveusersquickaccess.

• Youcandefineverys pec ificaccessrulestocontrolwhichuserscanaccesstheURL.

• Youhavetheoptionofobscuring(or“ aliasing”)the

internalhostnamesoitisnotpubliclyexposed.

• Youcanblockattachmentsfrombeingdownloadedtountrusteddevices,orpreventaWeb‐based

applicationfromdisplayingrestricteddatatountrusteddevices.

WebtrafficisproxiedthroughtheWebproxyservice,asecuregatewaythroughwhichuserscanaccessprivate

WebresourcesfromtheInternet.

Client/ServerResources

Client/serverresourcesencompassapplications,fileservers,andmultiple Webresourcesandarespecifiedin

AMCusingeitheradomain,subnet,IPrange,hostname,orIPaddress:

• Client/serverapplicationsinclude“traditional”applicationsdevelopedforaparticularoperatingsystem,

orthin‐clientapplicationsthatareWeb‐based.

•NetworksharesincludeWindowsfile

serversorfileshares.Networksharesareaccessibleusingeither

OnDemandorConnectTunnel.(ToaccessanetworkshareusingaWebbrowser,youmustinsteaddefine

itasafi lesystemresource.)

•Sourcenetworksarereferencedinanaccessruletopermitordenyaconnectiontoadestination

resource

basedonthelocationfromwhichtherequestoriginates.Forexample,youmightpermit

connectionsonlyfromaparticulardomain,orpermitthemonlyfromaspecificIPaddress.

•GraphicalterminalagentscanbeaddedtoWorkPlaceasshortcutsthatprovideaccesstoaterminal

server(orCitrixserverfarm)using

aWindowsTerminalServicesorCitrixcl ient.

•MultipleWebresourcesonyournetwork—whetherinadomain,subnet,orIPrange—canbedefined.

ThisisaconvenientwayforyoutoadministermultipleWebserversfromasingleresourceinAMC.For

example,ifyouspecifyadomain(andcreatetheappropriate

accessrule),usersareabletousetheir

WebbrowserstoaccessanyWebresourcescontainedwithinthatdomain.TheycanalsouseOnDemand

orConnectTunneltogettothoseresources.

Onthedownside,however,youruserscannotaccessthoseresourcesfromashortcutonWorkPlace;

instead,theymustknow

theinternalhostnameoftheresource.IftheWebproxyagentisrunning,they

canenteranyURLdirectlyinthebrowser.However,intranslatedmode,usersmustmanuallytypeURLs

intheIntranetAddressboxinWorkPlace.

Withsuchawidescopeofresourcedefinitions—frombroadresourcessuchas

adomainorsubnet,downtoa

singlehostorIPaddress—youmaywonderhowbesttodefineyournetworkresources.Broadresource

definitionssimplifyyourjobassystemadministrator,andaretypicallyusedwhenmanagingaremoteaccess

VPNwithanopenaccesspolicy.Forexample,youcoulddefine

yourinternalDNSnamespaceasadomainand

createasinglepolicyrulegrantingemployeesaccessprivileges.

Ontheotherhand,amorerestrictivesecuritypolicyrequiresyoutodefinenetworkresourcesmorenarrowly.

ThisapproachistypicallyusedwhenadministeringapartnerVPN.Forexample,toprovideanexternalsupplier



withaccesstoaninventoryapplication,youmightspecifyitshostnameasaresourceandcreateapolicyrule

specificallygrantingthesupplieraccessprivileges.

Main Page

SonicWALL SMA - Page 19

Table of Contents

Related product manuals