Sonicwall Sma Technical manual

SonicWall™SecureMobileAccess

DeploymentPlanningGuide

SonicWallisatrademarkorregisteredtrademarkofSonicWallInc.and/oritsaffiliatesintheU.S.A.and/orothercountries.Allother

trademarksandregisteredtrademarksarepropertyoftheirrespectiveowners

TheinformationinthisdocumentisprovidedinconnectionwithSonicWallInc.and/oritsaffiliates’products.Nolicense,expressorimplied,

byestoppelorotherwise,toanyintellectualpropertyrightisgrantedbythisdocumentorinconnectionwiththesaleofSonicWallproducts.

EXCEPTASSETFORTHINTHETERMSANDCONDITIONSASSPECIFIEDINTHELICENSEAGREEMENTFORTHISPRODUCT,SONICWALLAND/OR

ITSAFFILIATESASSUMENOLIABILITYWHATSOEVERANDDISCLAIMSANYEXPRESS,IMPLIEDORSTATUTORYWARR AN T YRELATINGTOITS

PRODUCTSINCLUDING,BUTNOTLIMITEDTO,THEIMPLIEDWA RR ANT Y OFMERCHANTABILITY,FITNESSFORAPA R TI CU L A R PURPOSE,OR

NON‐INFRINGEMENT.INNOEVENTSHALLSONICWALLAND/ORITSAFFILIATESBELIABLEFORANYDIRECT,INDIRECT,CONSEQUENTIAL,

PUNITIVE,SPECIALORINCIDENTALDAMAGES(INCLUDING,WITHOUTLIMITATION,DAMAGESFORLOSSOFPROFITS,BUSINESS

INTERRUPTIONORLOSSOFINFORMATION)ARISINGOUTOFTHEUSEORINABILITYTOUSETHISDOCUMENT,EVENIFSONICWALLAND/OR

ITSAFFILIATESHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.SonicWalland/oritsaffiliatesmakenorepresentationsor

warrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisdocumentandreservestherighttomakechangesto

specificationsandproductdescriptionsatanytimewithoutnotice.SonicWallInc.and/oritsaffiliatesdonotmakeanycommitmentto

updatetheinformationcontainedinthisdocument.

Formoreinformation,visithttps://www.sonicwall.com/legal/.

SecureMobileAccessDeploymentPlanningGuide

Updated‐May2017

SoftwareVersion‐12.0

232‐003886‐00RevA

Legend

WARNING:AWARNINGiconindicatesapotentialforpropertydamage,personalinjury,ordeath.

CAUTION:ACAUTIONiconindicatespotentialdamagetohardwareorlossofdataifinstructionsarenotfollowed.

IMPORTANT,NOTE,TIP,MOBILE,orVIDEO:Aninformationiconindicatessupportinginformation.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

Contents

AboutthisGuide....................................................................5

OrganizationofthisGuide..............................................................5

GuideConventions....................................................................5

AboutSonicWallSMAConnectTunnel..................................................6

AbouttheSMAAppliance...............................................................6

KeySSLVPNConceptsandSMAFeatures..................................................6

Resources........................................................................7

UsersandGroups..................................................................7

Authentication....................................................................7

Communities.....................................................................8

AccessPolicy......................................................................8

EndPointControl(EPC).............................................................9

SSLandEncryption.................................................................9

SingleSign‐On....................................................................10

SharingConfigurationData.........................................................10

Role‐basedAdministration.........................................................10

SystemMonitoringandLogging.....................................................10

SonicWallSMAComponents...........................................................11

ClientComponentsandAccessMethods..............................................11

WorkPlace.......................................................................11

PlanningYourVPN.................................................................15

AboutDesigningYourVPN.............................................................15

WhoWillAccessYourVPN?........................................................15

WhichTypesofResourcesShouldUsersHaveAccessTo?................................16

SecurityAdministration............................................................18

EndPointControl.....................................................................22

AdvancedEPC....................................................................23

PuttingItAllTogether:UsingRealmsandCommunities.....................................23

CommonVPNConfigurations.........................................................25

AbouttheConfigurations..............................................................25

DeploymentScenario:RemoteAccessforEmployeesandPartners............................25

EstablishinganAuthenticationRealm................................................26

IdentifyingUsers.................................................................30

AddingResources.................................................................31

CreatingZonesofTrust............................................................31

CustomizingWorkPlace................................................................33

CreatinganEmployeeCommunity...................................................35

CreatingaPartnerCommunity......................................................38

AccessControlLists...............................................................39

Testi n gtheDeploymentScenario........................................................40

OtherRemoteAccessVPNScenarios.....................................................40

Contents

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

Contents 4

ProvidingAccesstoWebResources..................................................41

Web‐BasedFileAccesstoEntireNetworks............................................41

BroadAccesstoNetworkResources.................................................42

RemoteAccessforMobileUsers....................................................42

AdditionalPartnerVPNScenarios.......................................................42

AccesstoaSpecificWebResourceUsinganAlias.......................................43

Web‐BasedAccesstoaClient/ServerApplication.......................................43

EndPointControlScenarios............................................................43

QuarantiningEmployeesonUntrustedSystems........................................43

DenyingAccess...................................................................44

AccessPolicyScenarios................................................................44

Application‐SpecificScenarios..........................................................44

ProvidingAccesstoOutlookWebAccess(OWA).......................................45

ProvidingAccesstoVoiceOverIP(VoIP)..............................................45

ProvidingAccesstoWindowsTerminalServicesorCitrixResources.......................46

AuthenticationScenarios..............................................................46

AccessComponentProvisioning........................................................46

DeployingtheSameAgentstoAllUsers..............................................47

DeployingDifferentAgentstoDifferentUsers.........................................47

SonicWallSupport..................................................................48

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutthisGuide

TheSonicWall™SecureMobileAccess(SMA)DeploymentPlanningGuidegivesanoverviewofthefeaturesof

theSecureMobileAccessSSLVPNapplianceandsomeofthekeyconceptsassociatedwithplanning,settingup,

andoperatingavirtualprivatenetwork.

Forbasicinstallationinformation,refertotheSMAGettingStartedGuideforyourmodel.Formoredetailed

informationandstep‐by‐stepproceduresdescribinghowtoinstallandconfiguretheappliance,seetheseparate

InstallationandAdministrationGuideoronlinehelpfortheApplianceManagementConsole(AMC).

OrganizationofthisGuide

GuideConventions

Chapter1Aboutthis

Guide

Providesasummaryofthecontentsoftheguideandtheconventionsused.

Chapter2About

SonicWallSMAConnect

Tunnel

GivesabroadoverviewofhowtousetheSonicWallSMADeploymentPlanning

Guide,whichincludesinformationondifferentmethodsofaccessingWorkPlace

andotherresources,howtologinandout,usingbookmarks,workingwithfilesand

folders,andsettingupandusingVirtualAssistant.Alsoprovidedaresectionson

usingacachecleanerandtroubleshooting.

Chapter3PlanningYour

VPN

Coversallofthecriteriaandresourcesyouneedtoconsiderwhensettingupyour

VPN.

Chapter4CommonVPN

Configurations

Takesyouthroughalloftheconfigurationstepsofatypicaldeployment.

Chapter5SonicWall

Support

ProvidesinformationaboutSonicWallTechnica l SupportResources.

Convention Use

Bold Highlightsdialog,window,screenandbuttonandiconnames.

Code Usedforfilenamesandtextorvaluesyouarebeinginstructedtotypeintotheinterface.

Italic Indicatesthenameofatechnicalmanual.Alsoindicatesemphasisoncertainwordsina

sentence.Sometimesindicatesthefirstinstanceofasignificanttermorconcept.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel

AboutSonicWallSMAConnectTunnel

•AbouttheSMAApplianceonpage6

•KeySSLVPNConceptsandSMAFeaturesonpage6

•SonicWallSMAComponentsonpage11

AbouttheSMAAppliance

TheSonicWallSMAapplianceprovidessecureremoteaccessto:

•Webapplications,client/serverapplications,andfileshares

•Employees,businesspartners,andcustomers

AlltrafficisencryptedusingSecureSocketsLayer(SSL)toprotectitfromunauthorizedusers.

Thisappliancemakesapplicationsavailableusingdifferentaccessmethodsanddevicesonawiderangeof

platforms,includingWindows,Macintosh,andLinux.

TheSMAappliancecanbeusedto:

•CreatearemoteaccessVirtualPrivateNetwork(VPN)thatgivesremoteemployeessecureaccessto

privatecompanyapplicationssuchasemail.

•CreateabusinesspartnerVPNthatprovidesdesignatedsupplierswithaccesstoaninternalsupplychain

application.

Astheadministrator,youdeterminetheresourcesthatusershaveaccessto.TheSMAappliancetransparently

anddynamicallyusestheaccessmethodsappropriateforthoseresources.

KeySSLVPNConceptsandSMAFeatures

Thissectiondescribestheessentialconceptsthatyoushouldbecomefamiliarwithbeforeinstalling,

configuring,andmanagingtheSonicWallSMAappliance.

Topics:

•Resourcesonpage7

•UsersandGroupsonpage7

•Authenticationonpage7

•Communitiesonpage8

•AccessPolicyonpage8

•EndPointControl(EPC)onpage9

•SSLandEncryptiononpage9

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel 7

•SingleSign‐Ononpage10

•SharingConfigurationDataonpage10

•Role‐basedAdministrationonpage10

•SystemMonitoringandLoggingonpage10

Resources

TheSonicWallSMAappliancemanagesawidevarietyofcorporateresourcesinthreemaincategories:

•Webresources—ApplicationsorservicesthatrunovertheHTTPorHTTPSprotocolsuchasMicrosoft

OutlookWebAccess

• Client/serverresources—EnterpriseapplicationsthatrunoverTCP/IP,suchasCitrix,andVoiceover

InternetProtocol(VoIP)telephonyapplications

•Fileshares—Networkserversorcomputerscontainingsharedfoldersandfiles

Whenspecifyingaresourcetype,keeptheintendedaudienceinmind.Forexample,youcangivebusiness

partnersnarrowaccesstoaWebapplicationbydefiningaURLasaresource(andevenaliasthehostnamefor

anextrameasureofsecurity).

Togiveremoteemployeesbroaderaccess,youcoulddefinethenetworksegmentinwhichtheWebapplication

islocatedasadomain,IPrange,orsubnetresource.EmployeeswouldthenhaveaccesstoalloftheWeb

resourcesinthatdomain.

UsersandGroups

Auserisanindividualwhoneedsaccesstoresourcesonyournetwork,andagroupisacollectionofusers.After

you’vecreatedusersorusergroupsontheappliancethataremappedtoanexternalauthenticationserver,you

canreferencetheminaccesscontrolrulestopermitordenythemaccesstoresources.Youcanevenform

dynamicgroupsifyouwanttoreferenceauserpopulationthatisn’talreadydefinedintheexternaldirectory.

Authentication

Authenticationistheprocessofverifyingauser’sidentity.Tomanageuserauthenticationwiththeappliance,

useAMCtodefineoneormoreexternalauthenticationservers(alsoknownasdirectoryserversoruserstores)

thatcontainthecredentialsforyouruserpopulation.Theactualmanagementoftheuserinformationisstill

doneonyourauthenticationservers;theappliancemakesuseofthatinformationtoauthenticateusers.

CreatinganauthenticationrealminAMCalsoinvolvesspecifyinganauthenticationmethod

(username/passwordorone‐timepassword,tokenorsmartcard,ordigitalcertificate).

TheSMAappliancesupportsthesedirectoriesandauthenticationmethods:

•LDAPwithusername/passwordsupportsLDAPCertificate

•DellDefender

•SAMLCASiteMinder

•RADIUSPhoneFactorwithusername/passwordortoken‐basedauthenticationsuchasSecurIDorSoftID

•MicrosoftActiveDirectorywithusername/password,configuredwitheitherasinglerootdomain,orone

ormoresubordinate(child)domains

•PublicKeyInfrastructure(PKI)withdigitalcertificate

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel 8

•RSAAuthenticationManagerserverauthenticationusingtoken‐basedusercredentials

•RSAClearTrustwithcredentials

•Localuserswithusername/password(usedprimarilyfortestingpurposesandnotrecommendedina

productionenvironment)

Anauthenticationrealmiswhatuserslogintoontheappliancetogainaccesstoyourresources.Ifyour

organizationhasonlyoneauthenticationserver,youwouldcreateonerealmontheappliance.Ifyouhave

severalauthenticationservers,youcancreatearealmforeachofthem,orsetuppairsofserversforchained

authentication.Totakeamoregranularapproachtodeploymentandsecurity,youcanfurthersubdividethe

userpopulationofarealmintocommunities.

Communities

Communitiesareacornerstoneoftheappliance’sapproachtodeploymentandsecurity.Theyareusedto

aggregateusersandgroupsforthepurposeofdeployingaccessagentsandcontrollingtheendpoint,andcan

alsobereferencedinaccesscontrolrules.

Youcancreatecommunitiesforspecifictypesofusers,suchasremoteemployeesorbusinesspartners,ortake

amoregranularapproachandcreatecommunitiesofusersinaparticulardepartmentorlocation.

Forexample,employeeswhorequirebroadaccesstoresourcesandapplicationsonyournetworkcouldbe

assignedtoacommunitythatoffersthenetworktunnelclientasanaccessmethod.Tomakesurethattheyare

usinglaptopsmanagedbyyourITdepartment,specifywhichEndPointControlzonesareavailabletousersin

thiscommunity.

Youmayhaveanothergroupofuserswhorequireonlylimitedaccesstoresourcesbecausethey’reloggingin

frompublickiosksorothernon‐securelocations.Togivethesetwodifferentgroupsaccesstoyournetwork

resources,youcouldcreateseparatecommunities,eachconfiguredtodeploytheappropriateaccessagents,

and(inthecaseofuserswithnon‐securedevices)useEndPointControl(EPC)topreventsensitivedatafrom

beingleftonadevice.

AccessPolicy

Anaccesspolicyisasetofrulesthatdefinestheapplicationsornetworkresourcesthatusersorgroupsare

givenaccesstothroughtheappliance.

Accesstoaresourcecanbebasedonseveralcriteria.Mostrulescontrolaccessbasedonwhotheuseris—that

is,theuser’snameorgroupmembership—andthedestinationresource.Youcanuseothercriteriainaccess

controlrules,suchastheaccessmethodforaresource,theuser’snetworkaddress,thezoneoftrust,orthe

dateandtimeoftheconnectionrequest.

Theappliancegivesyouwidelatitudeincreatingaccesscontrolrules,dependingonwhetheryourorganization’s

securitypolicyisrelativelypermissiveordemandsstringentcontrol.Forexample,ifyourVPNisaccessedonly

byhighlytrustedemployeeswhoareusingcomputersmanagedbyyourITdepartment,youcouldcreatean

openaccesspolicythatdefinesyourentirenetworkdomainasaresourceandgrantsbroadaccesstoyour

employees.

Conversely,ifyouareprovidingaccesstoadiversegroupofuserswithvaryingdegreesofaccessprivileges,or

whoconnectfromless‐securedevicessuchaspublickiosks,youmightuseanaccesspolicythatdefines

individualresourcesandestablishesmoregranularaccessrequirements.

Asthenetworkchangesovertime,soshouldyouraccesscontrolrules.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel 9

EndPointControl(EPC)

TraditionalVPNsolutionstypicallyprovideaccessonlyfromtherelativesafetyofanIT‐manageddevice.Inthat

environment,themajorsecurityconcernisunauthorizednetworkaccess.BecauseanSSLVPNenablesaccess

fromanyWeb‐enabledsystem,itmaybringtheadditionalriskofcomputersinuntrustedenvironments,suchas

akioskatanairportorhotel,oranemployee‐ownedcomputer.

Theappliance’sEPCconfigurationoptionsgiveyougranularcontroloverVPNaccessusingprofilesandzonesto

protectsensitivedataandensurethatyournetworkisnotcompromised:

•Adeviceprofileisasetofattributesthatcharacterizethedevicerequestingtheconnection,suchasa

Windowsdomainname,thepresenceofacertainsoftwareprogram,aregistryentry,orotherunique

characteristics.

•AnapplicationaccesszoneisasetofattributesusedtoestablishatrustrelationshipwithaclientiOSor

Androiddevice.

•AnEndPointControlzoneclassifiesaconnectionrequestbasedonthepresenceorabsenceofadevice

profile.Thezoneinwhichadeviceisthenplacedcontrolstheprovisioningofdataprotection

componentsandcanbeusedtodeterminewhichresourcesareavailable.Adevicecanbeplacedina

Standardzone,aQuarantinezone(withinstructionsoninstallingtherequiredsecurityprograms),orina

Denyzone,wheretheuserisdeniedaccesstothenetwork.

SSLandEncryption

TheSonicWallSMAapplianceencryptsinformationusingtheSecureSocketsLayer(SSL)protocol.SSLprotocolis

anauthenticationandencryptionprotocolthatusesakeyexchangemethodtoestablishasecureenvironment

inwhichalldataexchangedisencryptedtoprotectitfromeavesdroppingandalteration.

TheapplianceusesSSLcertificatestovalidatetheappliance’sidentitytoconnectingusers,andtoprovidea

publickeytosecureinformationthattheclientcomputersendstotheserver.Theappliancerequiresa

minimumoftwoSSLcertificates:

•Theapplianceservicesuseacertificatetosecureusertraffic.

•TheApplianceManagementConsole(AMC)usesacertificatetosecuremanagementtraffic.

Therearetwotypesofcertificates:self‐signedandcommercial.Withaself‐signedSSLcertificate,theappliance

identifiesitselfwithacertificatethathasnotbeensignedbyacommercialCA,andtheassociatedprivatekey

dataisencryptedusingapassword.AMCusesaself‐signedcertificate.

Aself‐signedcertificatecanalsobeawildcardcertificate,allowingittobeusedbymultipleserverswhichshare

thesameIPaddressandcertificate,buthavedifferentFQDNs.Forexample,awildcardcertificatesuchas

*.company.comcouldbeusedforiPhoneaccessatandforVPNaccessatvpn.company.com.

YoucanalsoconfigureanauthenticationservertotrustanintermediateCA.Forexample,youcouldcreatea

rootcertificatesigningauthorityonasystemthatisnotconnectedtothecorporatenetwork.Youcanthenissue

asetoftrustedintermediatesigningauthoritycertificatestobedeployedinvarioussectorsofthenetwork

(oftenbydepartmentororganizationalunit).

Althoughaself‐signedSSLcertificateissecure,youmaywanttosecureusertrafficwithacertificatefroma

commercialcertificateauthority(CA)suchasVeriSign.

Whendecidingwhichtypeofcertificatetousefortheservers,considerwhowillbeconnectingtotheappliance

andhowtheywilluseresourcesonyournetwork:

•IfbusinesspartnersareconnectingtoWebresourcesthroughtheappliance,theywilllikelywantsome

assuranceofyouridentitybeforeperformingatransactionorprovidingconfidentialinformation.Inthis

case,youwouldprobablywanttoobtainacertificatefromacommercialCAfortheappliance.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel 10

•Ontheotherhand,employeesconnectingtoWebresourcesmaytrustaself‐signedcertificate.Even

then,youmaywanttoobtainathird‐partycertificatesothatusersarenotpromptedtoaccepta

self‐signedcertificateeachtimetheyconnect.Or,addtheself‐signedcertificatetotheuser’slistof

TrustedRootCertificateAuthoritiesintheWebbrowser.

SingleSign‐On

SingleSign‐On(SSO)isanoptionthatcontrolswhetherusercredentialsareforwardedtoback‐endWeb

resources.ConfiguringtheappliancetouseSSOpreventstheuserfromhavingtologinmultipletimes(onceto

gettotheappliance,andagaintoaccessanapplicationresource).Theappliancesupportsseveraltypesof

Web‐basedSSO:

•Basicauthenticationforwardingisawidelysupportedformofauthenticationforwarding,butisnotvery

securebecauseitsendspasswordsintheclearacrossthenetwork.Theappliancecanbeconfiguredto

sendeachuser’suniqueauthenticationcredentials,orstaticcredentials(thatis,thesamecredentialsfor

allusers).BasicauthenticationforwardingisconfiguredwithinaWebapplicationprofile,whichis

assignedtooneormoreapplicationresourcesinAMC.

•DomainauthenticationforwardingprovidesasecuremethodforsendingWindowsnetworkcredentials

toaMicrosoftIIS(InternetInformationServices)Webserver.NTLM(WindowsNTLANManager,also

knownasWindowsNTchallenge/responseauthentication)usesachallenge/responsemechanismto

securelyauthenticateuserswithoutsendingpasswordsintheclearacrossthenetwork.Domain

authenticationforwardingpassesaWindowsdomainnamealongwiththeuser’sauthentication

credentials.

• RSAClearTrustisathird‐partyproductthatprovidesacentralizedmechanismforadministering

authenticationandsinglesign‐on.Youcanconfiguretheappliancetoreceiveuserauthentication

credentialsandforwardthemtoanyback‐endWebresourcesitisprotecting.

SharingConfigurationData

Tokeepsettingsmatchedup,youcanreplicateanddistributeconfigurationdatatoagroupofSonicWall

appliances.Forexample,youmighthaveappliancesindifferentlocationsthatmustshareconfigurations.Thisis

notamergingofdata:someofthesettingsonthereceivingappliancesareoverwritten(securitypolicyandCA

certificates,forexample),andothersarenot(networksettings).

Whenyoudefineacollectionofappliancesthatwillsharesettings,thenodesinthecollectioncommunicate

overtheinternalinterfaceusingSSL.Theyoperateinpeer‐to‐peermode:replicationcanbeinitiatedfromany

systemthatknowsthesharedsecretforacollection.Thisisincontrasttothesynchronizationthatoccursina

high‐availabilityclusterofSonicWallappliances,inwhichonenodeisdesignatedthemaster.

Role‐basedAdministration

PermissiontomanagetheapplianceandperformspecificadministrationfunctionsusingAMCisassignedin

AMC.Theprimaryadministratordefinestherolesandidentitiesofallsecondaryadministrators,settingthe

permissionlevelsforeachadministrativerole,andcreatingapassword‐protectedaccountforeach

administrator.

SystemMonitoringandLogging

Systemmonitoringandloggingfeaturesallowadministratorstoviewbothreal‐timeandhistoricaldataabout

theperformanceoftheapplianceanditsaccessservices,aswellasuseractivity.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel 11

TheAMChomepagedisplaysagraphicalsummaryofthecurrentnumberofactiveusers,networkbandwidth,

diskspaceusage,andCPUusage.Moredetailedviewsofthisgraphicaldataareavailableinhourly,daily,

weekly,andmonthlyincrements.

Ifauserisexperiencingtrouble—forexample,heisloggedinbutcannotestablishaconnectionorisdenied

accesstoresources—youcanviewhissessiondetailstodiagnosetheproblem.Youcanquicklyseewhyauser’s

deviceisclassifiedintoaparticularzone,andwhatpolicyrulesareapplied,editingthemasneeded.

IfyouhaveanSNMP(SimpleNetworkManagementProtocol)tool,youcanuseittomonitortheapplianceasan

SNMPagent.TheapplianceprovidesavarietyofmanagementdatainMIB(ManagementInformationBase)

format.

TheAMClogviewerprovidesadetailedviewofappliance,useraccess,andotheractivitiescontainedinaseries

oflogfiles.Theviewerallowsyoutocustomizethedisplayoflogmessagedatausingsorting,searching,and

filteringoptions.Ifyouneedtoperformadditionalanalysisofthelogmessagedata,ordisplaythedata

differentlythanhowitappearsinthelogviewer,youcanexportdatatocomma‐separatedvalues(.csv)files

forusebyanotherapplicationsuchasMicrosoftExcel.

SonicWallSMAComponents

YourSonicWallSMAapplianceconsistsofseveraladministratorandclientcomponents.ForWeb‐basedaccess,

whenauserlogsintoWorkPlaceforthefirsttime,theapplianceautomaticallyprovisionstheagentthatwill

providethebroadestrangeofaccessbasedontheuser’sprivileges,operatingsystem,browserconfiguration,

andanyotherconstraintsontheuser’ssystem.Stand‐aloneclients,suchasConnectTunnel,canbeprovisioned

fromtheapplianceordistributedmanually.

Topics:

•ClientComponentsandAccessMethodsonpage11

•WorkPlaceonpage11

ClientComponentsandAccessMethods

TheSMAapplianceincludesseveralcomponentsthatprovideuserswithaccesstoresourcesonyournetwork.

WorkPlace

TheWorkPlaceportalprovidesyouruserswithaccesstoWeb‐basedresources.Youcancreatecustomized

WorkPlacesites,eachwithauniqueURLandappearance(colors,logo,andgreetingtext).Thisenablesyouto

configureanddeployuniqueportalsfordifferentaudiencessuchaspartnersandemployees.

ForWindowsusers,AccessManagertakescareofinstallingagentsandclientsthroughthebrowser,andclient

installationlogfilesmaketheprocesseasytotroubleshoot.OnceAccessManagerisinstalledonauserdevice,

mostuserswillbeabletoreceiveclientupdateswithoutrequiringadministratorprivileges.

AfterauserlogsintoWorkPlace,aWebpagepresentsanadministrator‐definedlistofshortcuts.These

shortcutsreferencetheWeb‐basedresources,Windowsfilesystemresources,andterminalserverstowhichthe

userhasaccessprivileges.UserscanalsoaddtheirownWorkPlacebookmarkstoWebsitesornetworkshares.

Themeansofaccesstotheseresourcesdependsontheuser’sbrowser:

•WebresourcesandfilesystemresourcescanbeaccessedfromanyWebbrowserthatsupportsJavaScript

andSSL.Bydefault,theapplianceisconfiguredtodeployaMicrosoftActiveXcontrol(theWebproxy

agent)onMicrosoftWindowssystemsrunningInternetExplorer.TheWebproxyagentproxiesWeb

contentdirectlythroughtheappliance.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel 12

•Forusersrunningotherbrowsers,theapplianceautomaticallyprovidesTranslatedWebaccess.Ifyou

wouldrathernotinstallanagentoryourusers’systemsdon’tsupportActiveX,youcanconfigurethe

appliancetoprovideTranslatedWebaccess.

•AsanalternativetoTranslatedWebaccess,whichmayhavelimitationswithsomeWebapplicationssuch

asAJAX,customportmappingorcustomFQDNmappingcanbeused.Thesemethodsinvolvemapping

thebackendresourceeithertoaportontheEX‐Seriesappliance,ortoanexternalfullyqualifieddomain

name.

TheSMAappliancealsosupportsWeb‐basedaccesstoWindowsTer m inalServices(WTS)andCitrixhosts.These

hostsareaccessedbyWeb‐basedterminalagentsthatuseproprietaryprotocolstocommunicatewiththe

terminalserver.

Topics:

•NetworkExploreronpage12

•ConnectTunnelClientonpage12

•OnDemandTunnelAgentonpage12

•MobileConnectApponpage12

•WebProxyAgentonpage13

•TranslatedWebAccessonpage13

•CustomPortMappingonpage13

•CustomFQDNMappingonpage13

•EndPointControlComponentsonpage13

•VirtualAdministratorComponentsonpage13

NetworkExplorer

NetworkExplorerisaWeb‐basedextension,accessiblefromWorkPlace,thatprovidesaccesstoanyWindows

filesystemresourcesthattheuserhaspermissiontouse(evenfromdesktopbrowsersonnon‐Windows

platforms).Theseresourcescanincludeservers,computers,workgroups,folders,andfiles.

ConnectTunnelClient

ConnectTunnelisanapplicationthatprovidesbroadaccesstonetworkresourcesfromdevicesrunninga

Windows,Macintosh,orLinuxoperatingsystem.ItprovidesaccesstoanyIP‐basedtypeofapplicationprotocol

andICMP,anditwillrouteVoIP(VoiceOverInternetProtocol)overTCP/IP.ConnectTunnelisinitiallyinstalled

fromtheWorkPlaceportalorfromaseparateinstallerpackage.

OnDemandTunnelAgent

TheOnDemandTunnelagentislightweight,Web‐based,andprovidesthesamebroadaccesstoapplications

andprotocolsasConnectTunnel.ItissimilarinallrespectstoConnectTunnelexceptthatitisactivatedeach

timeauserlogsintotheWorkPlaceportalfromanActiveXorJava‐enableddevice.

MobileConnectApp

SonicWallMobileConnectprovidesfast,safe,easy‐to‐usesecuremobileaccesstoresourcesfromarangeof

deviceplatforms,includingiOS,Android,MacOSX,andWindowsonbothsmartphonesandtablets.Mobile

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel 13

ConnectestablishesencryptedSSLVPNconnectionstoprivatenetworksthatareprotectedbySonicWallSMAor

otherSonicWallsecurityappliances.TheMobileConnectappisdownloadedtoauser'smobiledevicefromthe

AppStore,GooglePlay,AmazonAppstore,orWindowsStore.

WebProxyAgent

TheWebproxyagentprovidesaccessthroughWorkPlacetoanyWebresource,includingWeb‐based

applications,Webportals,andWebservers.WebproxyaccesseliminatestheneedforWebcontenttranslation

andprovidesbroadaccesstoenterpriseWebapplicationsforMicrosoftWindowsuserswhoarerunning

InternetExplorerwithActiveXenabled.

TranslatedWebAccess

TranslatedWebaccessprovidesaccesstoWebresourcesandWindowsnetworkshares.Itisavailablefromany

WebbrowserthatsupportsSSLandhasJavaScriptenabled.

CustomPortMapping

CustomportmappingprovidesWeb‐basedaccessbymappingthebackendresourceorservertoaportnumber

attheSonicWallSMAorEX‐Seriesappliance.Customportmappingdoesnotrequireinstallationofaclient

agent,andworkswithanyWebbrowser.

CustomFQDNMapping

CustomFQDNmappingprovidesWeb‐basedaccessbymappingthebackendresourceorservertoanexternal

fullyqualifieddomainname(hostanddomain).TheFQDNnameshouldberesolvabletoanIPaddressinthe

publicdomain.CustomFQDNmappingdoesnotrequireinstallationofaclientagent,andworkswithanyWeb

browser.

EndPointControlComponents

EndPointControl(EPC)componentsensurethatyournetworkisnotcompromisedwhenaccessedfromPCsin

untrustedenvironments.Asdevicesattempttoconnecttotheappliance,EPCinterrogatesthemtodetermine

whethertheyarerunningtheprogramsthatyourequire.YoucanalsouseEPCtospecifythatadataprotection

agent,suchasCacheCleaner,automaticallyremovessessiondatafromthePC.

AdvancedEPCprovidesanextendedanddetailedlistofpersonalfirewall,antivirus,andspywareprogramsto

checkforindeviceprofilesforclientsrunningonMicrosoftWindowsandMacOSX.AdvancedEPCisincluded

ontheSMA6200,SMA7200,EX7000,andEX9000applianceaswellwiththeVirtualAppliance.Theonly

optionalpurchasesfortheseproductsareuserlicensesandsupport.

VirtualAdministratorComponents

Thissectionhighlightsthekeycomponentsthatyou’llusetosetupandmanagetheSMAapplianceand

services.

Topics:

•SetupWizardonpage14

•ApplianceManagementConsole(AMC)onpage14

•AccessServicesonpage14

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

AboutSonicWallSMAConnectTunnel 14

SetupWizard

SetupWizardstreamlinestheinitialconfigurationoftheappliance.Itguidesyouthroughtheprocessof

selectingbasicnetworksettings,configuringapplianceoptions,definingresources,creatinglocalusersfor

testingpurposes.

ApplianceManagementConsole(AMC)

TheAMCisaWeb‐basedadministrativetoolformanagingtheappliance.Itprovidescentralizedaccessfor

managingsecuritypolicies,configuringthesystem(includingnetworkingandcertificateconfiguration),

distributingconfigurationdata,monitoring,troubleshooting,andsettingupadministratoraccounts.

AccessServices

Theapplianceusesvariousaccessservicestomanagetheaccessclientsandagentsthatusersemployto

connecttoyournetworkresources:

•Thenetworktunnelserviceisanetworkroutingtechnologythatprovidessecurenetworktunnelaccess

toawiderangeofapplicationsandprotocols,includingnon‐TCPprotocolssuchasVoIP(VoiceoverIP)

andICMP,reverse‐connectionprotocolslikeSMS,andbi‐directionalprotocolssuchasFTP.Itworksin

conjunctionwiththeConnectTunnelclientandtheOnDemandTunnelagenttoprovideauthenticated

andencryptedaccess.

•TheWebproxyserviceprovidesuserswithsecureaccesstoWeb‐basedapplicationsandserversfroma

Webbrowser,orWeb‐basedapplicationsandserversfromaWindowsMobile‐powereddeviceusingthe

MobileConnectclient.TheWebproxyservicecontainsasecureHTTPreverseproxythatbrokersand

encryptsaccesstoWeb‐basedresources.

•TheWorkPlaceservicecontrolsaccesstoWorkPlaceresourcesaccessedfromaWebbrowser.The

WorkPlaceservicecommunicateswithWindowsfileserversandnetworkshares(includingMicrosoft

Distributedfilesystem,orDFS,resources)usingtheServerMessageBlock(SMB)file‐sharingprotocol.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

PlanningYourVPN

•WhoWillAccessYourVPN?onpage15

•WhichTypesofResourcesShouldUsersHaveAccessTo?onpage16

•SecurityAdministrationonpage18

•EndPointControlonpage22

•PuttingItAllTogether:UsingRealmsandCommunitiesonpage23

AboutDesigningYourVPN

ToeffectivelydesignyourVPN,youmustidentifywhowilluseit,whattypesofresourcestomakeavailable,and

whichaccessmethodstoprovidetouserssotheycanreachyournetwork.

Topics:

•WhoWillAccessYourVPN?onpage15

•WhichTypesofResourcesShouldUsersHaveAccessTo?onpage16

•HowWillUsersAccessYourResources?onpage16

WhoWillAccessYourVPN?

AkeyconsiderationinplanningyourVPNisidentifyingtheuserswhoneedtoaccessyournetworkresources.

YourusercommunitywillhaveamajorimpactonhowyoudesignandadministeryourVPN.

MostVPNusersgenerallyfallintooneoftwomajorcategories:

•Remoteemployees.Whenservingremoteandmobileemployees,you’llprobablygivethemrelatively

openaccesstoenterpriseresources.Ofcourse,youcanalsodefineamoregranularaccesspolicyfor

specificresourcesthatcontainsensitiveinformation(suchasapayrollapplication).

EmployeecomputersystemsunderITcontrolprovidetheflexibilitytoinstallclientsoftware—suchasthe

ConnectTunnelclient—onthedesktop.

•Businesspartners.Suppliers,vendors,contractors,andotherpartnersgenerallyhaverestrictedaccessto

resourcesonyournetwork.Thisrequiresyoutoadministermoregranularresourcedefinitionsand

accesscontrolrulesthanthosetypicallyusedforaremoteaccessVPN.

Forexample,insteadofsimplydefiningadomainresourceandgrantingopenaccessprivileges,you’ll

oftenneedtodefinespecifichostresourcesandmanageamorecomplexaccesspolicy.Whendefininga

Webresourceyoumayalsowanttoobscureitsinternalhostnametomaintaintheprivacyofyour

network.

Becauseoftheadministrativeandsupportissuesassociatedwithinstallingclientsoftwareoncomputers

outsidethecontrolofyourITorganization,aWeb‐basedaccessmethodisoftenbestforbusiness

partners.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

PlanningYourVPN 16

WhichTypesofResourcesShouldUsersHaveAccess

To?

TheSonicWallSMAappliancemanagesawidevarietyofcorporateresources,whichfallintothecategories

describedinTypesofuserresources.

Topics:

•HowWillUsersAccessYourResources?onpage16

•Tunnel,Proxy,orWeb:WhichAccessMethodisBest?onpage16

HowWillUsersAccessYourResources?

UserscanaccessVPNresourcessecuredbytheapplianceusingavarietyofagentsandclients.Yourdeployment

optionscanrangeanywherefrom“managed”desktopscontrolledbyyourITdepartment,tosystemsoutsideof

yourcontrol,includingemployees’homecomputers,partnerdesktops,andothersystemssuchaskiosksor

handhelddevices.

Howusersgainaccesstoyournetworkresourcesdependsonwhatthoseresourcesare.TheConnectTunnel

client,forexample,isinstalledontheuser’sdeviceandprovidesthebroadestnetworkaccessandsupport,and

greatesteaseofadministration.TheOnDemandagentalsoprovidesbroadcross‐platformsupport,butdoesnot

handlebi‐directionalapplicationslikeVoIP.

Tunnel,Proxy,orWeb:WhichAccessMethodisBest?

TheSMAaccessservicesandclientsofferawidearrayofmethodswithdifferentdegreesofcapabilityfor

reachingyourorganization’sresources.Usethetablebelowtodeterminewhichonesarebestforyouandyour

users.

Otherfactorstoconsider,asidefromtechnicalrequirements,are:

•Securityrequirementssuchasthesafeguardsyouwanttoputinplaceonthedesktop.

•Userprofiles,includingthelevelsoftechnicalsophisticationamongyourusers.

Typesofuserresources

Resourcetype Examples Planningconsiderations

Web MicrosoftOutlookWeb

Access

Web‐basedapplications

Webportals

Webservers

•WhenspecifyingURLstoWebresources,includethe

http://orhttps://prefix.

•Usealiasestoobscurehostnamesonprivate

networks.

Client/server Terminalservers(suchas

CitrixorWTS)

MicrosoftOutlookLotus

Notes

•Identifyresourcesbyhostname,IPaddressorIP

range,subnetIPaddress,ordomainname.

FileShares Networkfolders

Sharedfolders

Networkbrowsing

Windowsdomains

•Aspecificfilesystemresourcecanbeanentireserver

(forexample,\\ginkgo),asharedfolder

(\\john\public),oranetworkfolder

(\\ginkgo\news).

•DefiningaWindowsdomaingivesauthorizedusers

accesstoallnetworkfileresources.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

PlanningYourVPN 17

• AdministrativeresourcesavailabletomanageandsupportaVPN.

Accessmethodadvantagessummarizestheaccessmethodsandtheiradvantages.

Accessmethodadvantages

AccessMethod ProvidesAccessto Advantages

ConnectTunnel Fullnetworkaccessto

client/serverapplications,

Webresources,network

shares,andbi‐directional

applicationssuchasVoIP,

SMS,andFTP.

•Stand‐aloneclientinstalledfromWorkPlaceportalor

fromcustominstallerpackage,withnorebooting

required.

•Enhancedsecurityoptionsincludingsplittunneling,

andredirectionofalltrafficoronlylocaltraffic.

•Localprintingsupport.

•Typicallyusedforremoteaccessonsystemsthatcan

bereadilymanagedbyITsuchasacorporatelaptop

usedbyatravelingorremoteemployee.

NOTE:Administratorrightsarerequiredforinstallation.

OnDemandTunnel Fullnetworkaccessto

client/serverapplications,

Webresources,network

shares,andbi‐directional

applicationssuchasVoIP,

SMS,andFTP.

•ActivatedfromtheWorkPlaceportal.

•Enhancedsecurityoptionsincludingsplittunneling,

andredirectionofalloronlylocaltraffic.

•Localprintingsupport.

•Auto‐updating(Windowsclientonly).

NOTE:Administratorrightsarerequiredforinstallation.

MobileConnect Client/serverapplications,

thin‐clientapplications,

andWebresources.

•Stand‐alone,lightweightapplicationthatrunson

WindowsMobile‐powereddevices.

ActiveSync Email,calendar,contacts,

tasks,andout‐of‐office

functionsavailablefrom

theExchangeserver.

•Convenientemailandrelatedfunctionsaccessfrom

AppleiPhonesandiPads,smartphonesrunningthe

GoogleAndroidoperatingsystem,andsmartphones

runningtheSymbianoperatingsystem

Webproxyagent

(InternetExplorer)

AnyWebresource

(includingWeb‐based

applications,Webportals,

andWebservers)and

Windowsnetworkshares.

•ConvenientaccessfromInternetExplorerwith

ActiveXenabled.

•UsedasafallbackifOnDemandTunnelcannotrun.

•Minimalclientconfigurationandadministrationtasks.

•UserscanaccessanynetworkURLbytypingthe

actualURLinthebrowser’saddressfield.

•BroadWeb‐basedaccesstoenterpriseapplications.

•Singlesign‐on.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

PlanningYourVPN 18

SecurityAdministration

Administeringyoursecuritypolicyinvolvesdefiningresourcesandthencreatingaccesscontrolrulesthat

determinetheavailabilityofthoseresources.

Topics:

•DefiningResourcesonpage18

•ManagingAccessControlwithanAccessPolicyonpage20

•AccessControlforBi‐DirectionalConnectionsonpage21

•DesignGuidelinesforAccessRulesonpage22

DefiningResources

Youhavesomeflexibilitywhenyouspecifyaresourcetypeforagivenobjectonyournetwork.Forexample,you

mightdefineaWebapplicationnarrowlyasaURLresourceforbusinesspartners;employees,ontheother

hand,mightbegivenaccesstoanentiredomain,includingtheWebapplication.

Topics:

•WebResourcesonpage19

•Client/ServerResourcesonpage19

•FileSharesonpage20

TranslatedWeb

access

CustomPort

MappedWeb

access

CustomFQDN

MappedWeb

access

AnyWebresource

(includingWeb‐based

applications,Webportals,

andWebservers).

TranslatedWebon

Windowsoperating

systemsalsooffersaccess

tonetworkshares.

CustomPortMapping

providesaccessviaa

specificportdefinedby

theadministrator,which

mustbeopenonthe

externalfirewall.

CustomFQDNMapping

providesaccessviaDNS

andrequiresnewDNS

entriesandpossiblyanew

SSLcertificateandIP

address.

ConvenientaccesstoWebandfilesystemresourcesfrom

anyWebbrowserthatsupportsSSLandhasJavaScript

enabled.

Noclientconfigurationoradministrationtasks.

Supportstheuseofaliasestohideinternalhostnamesinthe

browseraddressbar.

Singlesign‐ontoback‐endWebservers.

Agoodoptionforprovidingbusinesspartneraccess,because

itdoesnotrequireanyclientconfigurationoradministration.

CustomPortMappingandCustomFQDNMappinghandle

WebprogrammingtechnologiessuchasAJAXwithoutthe

limitationsofURLrewritingusedintranslation.

Accessmethodadvantages

AccessMethod ProvidesAccessto Advantages

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

PlanningYourVPN 19

WebResources

AnyWebresource—suchasaWebapplication,aWebportal,oraWebserver—canbedefinedasaURL

resource(theyarespecifiedinAMCusingthestandardhttp://orhttps://URLsyntax).Examplesinclude

MicrosoftOutlookWebAccessandotherWeb‐basede‐mailprograms,Webportals,corporateintranets,and

standardWebservers.

DefiningaWebresourceasaURLprovidesseveraladvantages:

•YoucancreateaWebshortcutonWorkPlacetogiveusersquickaccess.

•YoucandefineveryspecificaccessrulestocontrolwhichuserscanaccesstheURL.

•Youhavetheoptionofobscuring(or“aliasing”)theinternalhostnamesoitisnotpubliclyexposed.

•Youcanblockattachmentsfrombeingdownloadedtountrusteddevices,orpreventaWeb‐based

applicationfromdisplayingrestricteddatatountrusteddevices.

WebtrafficisproxiedthroughtheWebproxyservice,asecuregatewaythroughwhichuserscanaccessprivate

WebresourcesfromtheInternet.

Client/ServerResources

Client/serverresourcesencompassapplications,fileservers,andmultipleWebresourcesandarespecifiedin

AMCusingeitheradomain,subnet,IPrange,hostname,orIPaddress:

• Client/serverapplicationsinclude“traditional”applicationsdevelopedforaparticularoperatingsystem,

orthin‐clientapplicationsthatareWeb‐based.

•NetworksharesincludeWindowsfileserversorfileshares.Networksharesareaccessibleusingeither

OnDemandorConnectTunnel.(ToaccessanetworkshareusingaWebbrowser,youmustinsteaddefine

itasafilesystemresource.)

•Sourcenetworksarereferencedinanaccessruletopermitordenyaconnectiontoadestination

resourcebasedonthelocationfromwhichtherequestoriginates.Forexample,youmightpermit

connectionsonlyfromaparticulardomain,orpermitthemonlyfromaspecificIPaddress.

•GraphicalterminalagentscanbeaddedtoWorkPlaceasshortcutsthatprovideaccesstoaterminal

server(orCitrixserverfarm)usingaWindowsTermin a l ServicesorCitrixclient.

•MultipleWebresourcesonyournetwork—whetherinadomain,subnet,orIPrange—canbedefined.

ThisisaconvenientwayforyoutoadministermultipleWebserversfromasingleresourceinAMC.For

example,ifyouspecifyadomain(andcreatetheappropriateaccessrule),usersareabletousetheir

WebbrowserstoaccessanyWebresourcescontainedwithinthatdomain.TheycanalsouseOnDemand

orConnectTunneltogettothoseresources.

Onthedownside,however,youruserscannotaccessthoseresourcesfromashortcutonWorkPlace;

instead,theymustknowtheinternalhostnameoftheresource.IftheWebproxyagentisrunning,they

canenteranyURLdirectlyinthebrowser.However,intranslatedmode,usersmustmanuallytypeURLs

intheIntranetAddressboxinWorkPlace.

Withsuchawidescopeofresourcedefinitions—frombroadresourcessuchasadomainorsubnet,downtoa

singlehostorIPaddress—youmaywonderhowbesttodefineyournetworkresources.Broadresource

definitionssimplifyyourjobassystemadministrator,andaretypicallyusedwhenmanagingaremoteaccess

VPNwithanopenaccesspolicy.Forexample,youcoulddefineyourinternalDNSnamespaceasadomainand

createasinglepolicyrulegrantingemployeesaccessprivileges.

Ontheotherhand,amorerestrictivesecuritypolicyrequiresyoutodefinenetworkresourcesmorenarrowly.

ThisapproachistypicallyusedwhenadministeringapartnerVPN.Forexample,toprovideanexternalsupplier

withaccesstoaninventoryapplication,youmightspecifyitshostnameasaresourceandcreateapolicyrule

specificallygrantingthesupplieraccessprivileges.

SonicWallSMAConnectTunnel12.0DeploymentPlanningGuide

PlanningYourVPN 20

FileShares

FilesharesincludeWindowsnetworkserversorcomputerscontainingsharedfoldersandfilesthatuserscan

accessthroughWorkPlace.

YoucandefineaspecificfilesystemresourcebytypingaUNCpath,oryoucandefineanentireWindows

domain:

•Aspecificfilesystemresourcecanbeanentireserver,asharedfolder,oranetworkfolder.

•Afilesystemresourcecanalsoreferenceauser’spersonalfolderonthenetwork.Thisfeatureallowsyou

tocreateasingleshortcutonWorkPlacethatdynamicallyreferencesapersonalfolderforthecurrent

user.

•DefininganentireWindowsdomaingivesauthorizedusersaccesstoallthenetworkfileresourceswithin

thedomain.

Thevariousoptionsfordefiningafilesystemresourceprovideyouwiththeflexibilitytocreateagranularpolicy

thatcontrolsaccessattheserver,share,orfolderlevel,ortocreateamoreopenpolicythatprovidesaccessto

anentiredomain.

ManagingAccessControlwithanAccessPolicy

Afteryou’vedefinedyourVPNresources,youcontrolwhichonesareavailabletousersbycreatinganaccess

policy.

Afterausersuccessfullyauthenticates(thatis,hisorheridentityisverified),theapplianceevaluatestherules

thatcontrolaccesstospecificresources.RulesappearontheAccessControlpage(seeAccessControlrules).

AccessControlrules

Table of contents

Other SonicWALL Firewall manuals

SonicWALL

SonicWALL TZ 170 User manual

SonicWALL

SonicWALL SMA 200 User manual

SonicWALL

SonicWALL CDP 6.0 Service manual

SonicWALL

SonicWALL NSA 2600 User manual

SonicWALL

SonicWALL TZ670 User manual

SonicWALL

SonicWALL SuperMassive 9800 AC User manual

SonicWALL

SonicWALL SMA 210 Quick reference guide

SonicWALL

SonicWALL TZ 100 Series User manual

SonicWALL

SonicWALL 1RK33-0D9 Owner's manual

SonicWALL

SonicWALL TZ 180 User manual

SonicWALL

SonicWALL 1RK53-116 Owner's manual

SonicWALL

SonicWALL TZ 190 User manual

SonicWALL

SonicWALL 2100 CF User manual

SonicWALL

SonicWALL NSA 2400 User manual

SonicWALL

SonicWALL NSA E7500 User manual

SonicWALL

SonicWALL TZ270 User manual

SonicWALL

SonicWALL CSa 1000 User manual

SonicWALL

SonicWALL NSa 2700 User manual

SonicWALL

SonicWALL ESA 4300 User manual

SonicWALL

SonicWALL TZ270 User manual

SonicWALL

SonicWALL NSA 2650 User manual

SonicWALL

SonicWALL NSA 240 User manual

SonicWALL

SonicWALL TZ 200 Series User manual

SonicWALL

SonicWALL TZ 100 / 200 User manual

Popular Firewall manuals by other brands

Sophos

Sophos SG 650 LAN Modules Mounting Instructions

NETGEAR

NETGEAR FVL328 - Cable/DSL ProSafe VPN Firewall... Quick installation guide

Global Technology Associates

Global Technology Associates GB-800 brochure

NETGEAR

NETGEAR ProSafe FM114P installation guide

8e6 Technologies

8e6 Technologies Enterprise Filter Authentication R3000 user guide

Smoothwall

Smoothwall S4 Getting started guide

BeyondTrust

BeyondTrust UVM20 user guide

Cisco

Cisco Firepower 4100 Series Hardware installation guide

Forcepoint

Forcepoint V5000 quick start guide

Cisco

Cisco PIX 501 Hardware installation guide

Lancom

Lancom R&S Unified AGPO150 Migration guide

Fortinet

Fortinet FortiGate 60M user guide

Meraki

Meraki MX68CW installation guide

Ruijie

Ruijie RG-WALL1600-X9300 Hardware installation and reference guide

Meraki

Meraki MX68W installation guide

Fortinet

Fortinet FortiGate FortiGate-3810A quick start guide

Fortinet

Fortinet FortiGate 50A Installation and configuration guide

Watchguard

Watchguard Firebox V10 supplementary guide

SonicWALL SMA Technical manual

Popular Firewall manuals by other brands