SonicWALL SMA - Access Policy; Communities; Sonicwall SMA Connect Tunnel 12.0 Deployment Planning Guide

To Next Page

To Previous Page

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel

• RSAAuthenticationManagerserverauthenticationusingtoken‐basedusercredentials

• RSAClearTrustwithcredentials

• Localuserswithusername/password(usedprimari lyfortestingpu rposesandnotrecommendedina

productionenvironment)

Anauthenticationrealmiswhatuserslogintoontheappliancetogainaccesstoyourresources.Ifyour

organization

hasonlyoneauthenticationserver,youwouldcreateonerealmontheappliance.Ifyouhave

severalauthenticationservers,youcancreatearealmforeachofthem,orsetuppairsofserversforchained

authentication.Totakeamoregranularapproachtodeploymentand security,youcanfurther

subdividethe

userpopulationofarealmintocommunities.

Communities

Communitiesareacornerstoneoftheappliance’sapproachtodeploymentandsecurity.Theyareusedto

aggregateusersandgroupsforthepurposeofdeployingaccessagentsandcontrollingtheendpoint,andcan

alsobereferencedin accesscontrolrules.

Youcancreatecommunitiesforspecifictypesofusers,such

asremoteemployeesorbusinesspartners,ortake

amoregranularapproachandcreatecommunitiesofusersinaparticulardepartmentorlocation.

Forexample,employeeswhorequirebroadaccesstoresourcesandapplicationsonyournetworkcouldbe

assignedtoacommunitythatoffersthenetworktunnelclientas

anaccessmethod.Tomakesurethattheyare

usinglaptopsmanagedbyyourITdepartment,specifywhichEndPointControlzonesareavailabletousersin

thiscommunity.

Youmayhaveanothergroupofuserswhorequireonlylimitedaccesstoresourcesbecausethey’reloggingin

frompublickiosksor

othernon‐securelocations.Togivethesetwodifferentgroupsaccesstoyournetwork

resources,youcouldcreateseparatecommunities,eachconfiguredtodeploytheappropriateaccessagents,

and(inthecaseofuserswithnon‐securedevices)useEndPointControl(EPC)topreventsensitivedatafrom

beingleft

onadevice.

AccessPolicy

Anaccesspolicyisasetofrulesthatdefinestheapplicationsornetworkresourcesthatusersorgroupsare

givenaccesstothroughtheappliance.

Accesstoaresourcecanbebasedonseveralcriteria.Mostrulescontrolaccessbasedonwhotheuseris—that

is,theuser’snameor

groupmembership—andthedestinationresource.Youcanuseothercriteriainaccess

controlrules,suchastheaccessmethodforaresource,theuser’snetworkaddress,thezoneoftrust,orthe

dateandtimeoftheconnectionrequest.

Theappliancegivesyouwidelatitudeincreatingaccesscontrolrules,depending

onwhetheryourorganization’s

securitypolicyisrelativelypermissiveordemandsstringentcontrol.Forexample,ifyourVPNisaccessedonly

byhighlytrustedemployeeswhoareusingcomputersmanagedbyyourITdepartment,youcouldcreatean

openaccesspolicythatdefinesyourentirenetworkdomainasaresource

andgrantsbroadaccesstoyour

employees.

Conversely,ifyouareprovidingaccesstoadiversegroupofuserswithvaryingdeg reesofaccessprivileges,or

whoconnectfromless‐securedevicessuchaspublickiosks,youmightuseanaccesspolicythatdefines

individualresourcesand establishesmoregranularaccess

requirements.

Asthenetworkchangesovertime,soshouldyouraccesscontrolrules.

Main Page

SonicWALL SMA - Access Policy; Communities; Sonicwall SMA Connect Tunnel 12.0 Deployment Planning Guide

Table of Contents

Related product manuals