SonicWALL SMA - Denying Access; Application-Specific Scenarios

To Next Page

To Previous Page

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

CommonVPNConfigurations

4CreateacommunitythatreferencestheStandardzoneyoucreated,andidentifytheQuarantinezoneas

yourfallbackoption.Connectionrequestsfromdevicesthatdon’tmatchthetrustedprofileare

automaticallyassignedtotheQuarantinezone.

DenyingAccess

Theremaybesituationsinwhichyouwanttodenyaccesstoanemployeeusingadevicethathasan

unacceptableprofile.Forexample,followtheseconfigurationstepstodenyaccesstoanemployeewhologsin

usingadevicethatisrunningGoogleDesktop.

Todenyaccess:

1DefineadeviceprofilewithanattributereferencingtheGoogleDesktopapplication.

2 ReferencethedeviceprofileinaDenyzone.

3 ReferencetheDenyzoneinthecommunityusedbyyouremployees.

4TheappliancedeterminesthatthedeviceisrunningGoogleDesktop,makingitamatchforaDenyzone.

Denyzonesare

alwaysevaluatedfirst:ifGoogleDesktopisrunning,nootherzonesareevaluate d,the

accessrequestisdenied,andtheuserisloggedout.

AccessPolicyScenarios

Accesscontrolrulesdeterminewhatresourcesareavailabletousersorgroups.Rulescanbedefinedbroadlyto

provideaccessfromanyaccessmethod,ordefinednarrowlysothatonlyaspecificaccessmethodispermitted.

VPNconnectionstypicallyinvolvewhatarecalledforwardconnections—theseareinitiatedbyauserto

a

networkresource.Allaccessmethodssupportforwardconnections.However,ifyouarerunningthenetwork

tunnelserviceandyoudeploythenetworktunnelclientstoyourusers,youcanalsocreateaccesscontrolrules

forbi‐directionalconnections.

AccesscontrolrulesfortheSecureMobileAccessVPN,bi‐directional

connectionsencompassthefollowing:

•ReverseconnectionsfromanetworkresourcetoaVPNusersuchasanSMSserverthatpu shesa

softwareupdatetousers’computers.

•Cross‐connectionsusingVoiceoverInternetProtocol(VoIP)applicationsthatenableoneVPNuserto

telephoneanotherVPNuser.Theseconnectionsrequireapairof

accesscontrolrules:oneforthe

forwardconnectionandoneforthereverseconnection.ForinformationonVoIPscenarios,seeProviding

AccesstoVoiceOverIP(VoIP)onpage45.

• Othertypesofbi‐directionalconnectionsincludeFTPserversthatdownloadfilestooruploadfilesfroma

VPNuser,

andremoteHelpDeskapplications.

Application‐SpecificScenarios

Herearesomeex amplesofhowtoconfigurethe appliancetopermitremoteuserstoaccesssomecommonly

usedapplicationssuchasMicrosoftOutlookWebAccessandCitrix.

Topics:

• ProvidingAccesstoOutlookWebAccess(OWA)onpage45

• ProvidingAccesstoVoiceOverIP(VoIP)onpage45

Main Page

SonicWALL SMA - Denying Access; Application-Specific Scenarios

Table of Contents

Related product manuals