Name: SonicWALL SMA
Brand: SonicWALL
Rating: 5 (1 reviews)

To Next Page

To Previous Page

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel

EndPointControl(EPC)

TraditionalVPNsolutionstypicallyprovideaccessonlyfromtherelativesafetyofanIT‐manageddevice.Inthat

environment,themajorsecurityconcernisunauthorizednetworkaccess.BecauseanSSLVPNenablesaccess

fromanyWeb‐enabledsystem,itmaybringtheadditionalriskofcomputersinuntrustedenvironments,suchas



akioskatanairportorhotel,oranemployee‐ownedcomputer.

Theappliance’sEPCconfigurationoptionsgiveyougranularcontroloverVPNaccessusingprofilesandzonesto

protectsensitivedataandensurethatyournetworkisnotcompromised:

• Adeviceprofileisasetofattributesthatcharacterize

thedevicerequestingtheconnection,suchasa

Windowsdomainname,thepresenceofacertainsoftwareprogram,aregistryentry,orotherunique

characteristics.

• AnapplicationaccesszoneisasetofattributesusedtoestablishatrustrelationshipwithaclientiOSor

Androiddevice.

• AnEndPointControl

zoneclassifiesaconnectionrequestbasedonthepresenceorabsenceofadevice

profile.Thezoneinwhichadeviceisthenplacedcontrolstheprovisioningofdataprotection

componentsandcanbeusedtodeterminewhichresourcesareavailable.Adevicecanbeplacedina

Standardzone,

aQuarantinezone(withinstructionsoninstallingtherequiredsecurityprograms),orina

Denyzone,wheretheuserisdeniedaccesstothenetwork.

SSLandEncryption

TheSonicWallSMAapplianceencryptsinformationusingtheSecureSocketsLayer(SSL)protocol.SSLprotocolis

anauthenticationandencryptionprotocolthatusesakeyexchangemethodtoestablishasecureenvironment

inwhichalldataexchangedisencryptedtoprotectitfromeavesdroppingandalteration.

TheapplianceusesSSLce rtificates

tovalidatetheappliance’sidentitytoconnectingusers,andtoprovidea

publickeytosecureinformationthattheclientcomputersendstotheserver.Theappliancerequiresa

minimumoftwoSSLcertificates:

• Theapplianceservicesuseacertificatetosecureusertraffic.

• TheApplianceManagementConsole(AMC)uses

acertificatetosecuremanagementtraffic.

Therearetwotypesofcertificates:self‐signedand commercial.Withaself‐signed SSLcertificate,theappliance

identifiesitselfwithacertificatethathasnotbeensignedbyacommercialCA,andtheassociatedprivatekey

dataisencryptedusingapassword.AMC uses

aself‐signedcertificate.

Aself‐signedcertificatecanalsobeawi ldcardcertificate,allowingittobeusedbymultipleserverswhichshare

thesameIPaddressandcertificate,buthavedifferentFQDNs.Forexample,awildcardcertificatesuchas

*.company.comcouldbeusedforiPhoneaccessatand

forVPNaccessatvpn.company.com.

YoucanalsoconfigureanauthenticationservertotrustanintermediateCA.Forexample,youcouldcreatea

rootcertificatesigningauthorityonasystemthatisnotconnectedtothecorporatenetwork.Youcanthenissue

asetoftrustedintermediatesigningauthoritycertificatesto

bedeployedinvarioussectorsofthenetwork

(oftenbydepartmentororganizationalunit).

Althoughaself‐signedSSLcertificateissecure,youmaywanttosecureusertr afficwithacertificatefroma

commercialcertificateauthority(CA)suchasVeriSign.

Whendecidingwhichtype ofcertificatetousefor

theservers,considerwhowi llbeconnectingtotheappliance

andhowtheywilluseresourcesonyournetwork:

• IfbusinesspartnersareconnectingtoWebresourcesthroughtheappliance,theywilllikelywantsome

assuranceofyouridentitybeforeperformingatransactionorprovidingconfidentialinformation.Inthis

case,you

wouldprobablywanttoobtainacertificatefromacommercialCAfortheappliance.

Firewall Throughput	Varies by model
VPN Throughput	Varies by model
Max Concurrent Connections	Varies by model
New Connections Per Second	Varies by model
SSL VPN Throughput	Varies by model
SSL Inspection Throughput	Varies by model
IPS Throughput	Varies by model
Anti-Malware Throughput	Varies by model
Interface Options	Multiple Gigabit Ethernet ports, SFP+ ports
Form Factor	Varies by model
Power Supply	Varies by model
Authentication Methods	Varies by model
High Availability	Active/Passive, Active/Active
User Capacity	Varies by model

SonicWALL SMA User Manual

Table of Contents

Questions and Answers:

SonicWALL SMA Specifications

Related product manuals