SonicWALL SSL-VPN 2000 Network Router User Manual


 
SonicWALL SSL-VPN 2000 Getting Started Guide Page 3
Selecting a SonicWALL Recommended
Deployment Scenario
The deployment scenarios described in this section are based on actual customer
deployments and are SonicWALL-recommended deployment best practices. This section
describes three common deployments of the SonicWALL SSL-VPN 2000.
In Table 1, select the scenario that most closely matches your deployment.
Table 1: SonicWALL SSL-VPN 2000 Deployment Scenarios
Gateway Device SonicWALL Recommended
Deployment Scenarios
Conditions or Requirements
SonicOS Enhanced 3.1 or higher:
TZ 170 Series
TZ 180 Series
TZ 190 Series
PRO Series
NSA E-Class (SonicOS 5.0+)
NSA Series (SonicOS 5.0+)
Scenario A: SSL-VPN on a New DMZ OPT or unused interface
A new DMZ configured for either NAT or
Transparent Mode operation.
Scenario B: SSL-VPN on Existing DMZ No unused interfaces
One dedicated interface in use as an
existing DMZ
Scenario C: SSL-VPN on the LAN No unused interfaces
No dedicated interface for a DMZ
SonicOS Standard 3.1 or higher:
TZ 170
TZ 180 Series
PRO 1260
PRO 2040
PRO 3060
Scenario A: SSL-VPN on a New DMZ OPT or X2 interface is unused
A new DMZ configured for either NAT or
Transparent Mode operation.
(Optional) Plan to provide SonicWALL deep
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
Scenario B: SSL-VPN on Existing DMZ OPT or X2 interface is in use with an
existing DMZ
(Optional) Plan to provide SonicWALL deep
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
SonicOS Standard 3.1 or higher:
TZ 150 Series
TZ 170 Wireless
TZ 170 SP
TZ 180 Series
PRO 1260 / 2040 / 3060
SonicWALLs with legacy firmware
Third-Party Gateway Device
Scenario C: SSL-VPN on the LAN Not planning to use SonicWALL deep
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
Interoperability with a third-party gateway
device
Gateway
Device
Switch/
Hub
SonicWALL
SSL-VPN 2000
on LAN
Remote Users
in Internet Zone
SonicWALL
SSL-VPN 2000
on Existing DMZ
SonicWALL
UTM Appliance
LAN
Resources
Router
Switch/
Hub
Switch/
Hub
Remote Users
in Internet Zone
SonicWALL
UTM Appliance
SonicWALL
SSL-VPN 2000
on DMZ
LAN
Resources
Router
Switch/
Hub
Remote Users
in Internet Zone
Scenario A
SSL-VPN on a New DMZ
Scenario B Scenario C
SSL-VPN on an Existing DMZ SSL-VPN on the LAN