SonicWALL SSL-VPN 2000 Getting Started Guide Page 3
Selecting a SonicWALL Recommended
Deployment Scenario
The deployment scenarios described in this section are based on actual customer
deployments and are SonicWALL-recommended deployment best practices. This section
describes three common deployments of the SonicWALL SSL-VPN 2000.
In Table 1, select the scenario that most closely matches your deployment.
Table 1: SonicWALL SSL-VPN 2000 Deployment Scenarios
Gateway Device SonicWALL Recommended
Deployment Scenarios
Conditions or Requirements
SonicOS Enhanced 3.1 or higher:
TZ 170 Series
TZ 180 Series
TZ 190 Series
PRO Series
NSA E-Class (SonicOS 5.0+)
NSA Series (SonicOS 5.0+)
Scenario A: SSL-VPN on a New DMZ • OPT or unused interface
• A new DMZ configured for either NAT or
Transparent Mode operation.
Scenario B: SSL-VPN on Existing DMZ • No unused interfaces
• One dedicated interface in use as an
existing DMZ
Scenario C: SSL-VPN on the LAN • No unused interfaces
• No dedicated interface for a DMZ
SonicOS Standard 3.1 or higher:
TZ 170
TZ 180 Series
PRO 1260
PRO 2040
PRO 3060
Scenario A: SSL-VPN on a New DMZ • OPT or X2 interface is unused
• A new DMZ configured for either NAT or
Transparent Mode operation.
• (Optional) Plan to provide SonicWALL deep
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
Scenario B: SSL-VPN on Existing DMZ • OPT or X2 interface is in use with an
existing DMZ
• (Optional) Plan to provide SonicWALL deep
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
SonicOS Standard 3.1 or higher:
TZ 150 Series
TZ 170 Wireless
TZ 170 SP
TZ 180 Series
PRO 1260 / 2040 / 3060
SonicWALLs with legacy firmware
Third-Party Gateway Device
Scenario C: SSL-VPN on the LAN • Not planning to use SonicWALL deep
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
• Interoperability with a third-party gateway
device
Gateway
Device
Switch/
Hub
SonicWALL
SSL-VPN 2000
on LAN
Remote Users
in Internet Zone
SonicWALL
SSL-VPN 2000
on Existing DMZ
SonicWALL
UTM Appliance
LAN
Resources
Router
Switch/
Hub
Switch/
Hub
Remote Users
in Internet Zone
SonicWALL
UTM Appliance
SonicWALL
SSL-VPN 2000
on DMZ
LAN
Resources
Router
Switch/
Hub
Remote Users
in Internet Zone
Scenario A
SSL-VPN on a New DMZ
Scenario B Scenario C
SSL-VPN on an Existing DMZ SSL-VPN on the LAN