SonicWALL 4000 User Manual
Page 4
Selecting a SonicWALL Recommended
Deployment Scenario
The deployment scenarios described in this section are based on actual customer
deployments and are SonicWALL-recommended deployment best practices. This
section describes three common deployments of the SonicWALL SSL VPN 4000.
In Table 1, select the scenario that most closely matches your deployment.
deployments and are SonicWALL-recommended deployment best practices. This
section describes three common deployments of the SonicWALL SSL VPN 4000.
In Table 1, select the scenario that most closely matches your deployment.
Table 1: SonicWALL SSL VPN 4000 Deployment Scenarios
Gateway Device
SonicWALL Recommended
Deployment Scenarios
Deployment Scenarios
Conditions or Requirements
SonicOS Standard 3.1 or higher:
TZ 170
TZ 180 Series
PRO 1260
PRO 2040
PRO 3060
TZ 170
TZ 180 Series
PRO 1260
PRO 2040
PRO 3060
Scenario A: SSL VPN on a New DMZ
•
OPT or X2 interface is unused
•
A new DMZ configured for either NAT or
Transparent Mode operation.
Transparent Mode operation.
•
(Optional) Plan to provide SonicWALL deep
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
Scenario B: SSL VPN on Existing DMZ
•
OPT or X2 interface is in use with an
existing DMZ
existing DMZ
•
(Optional) Plan to provide SonicWALL deep
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
SonicOS Enhanced 3.1 or higher:
TZ 170 Series
TZ 180 Series
TZ 190 Series
PRO Series
NSA E-Class (SonicOS 5.0+)
NSA Series (SonicOS 5.0+)
TZ 170 Series
TZ 180 Series
TZ 190 Series
PRO Series
NSA E-Class (SonicOS 5.0+)
NSA Series (SonicOS 5.0+)
Scenario A: SSL VPN on a New DMZ
•
OPT or unused interface
•
A new DMZ configured for either NAT or
Transparent Mode operation.
Transparent Mode operation.
Scenario B: SSL VPN on Existing DMZ
•
No unused interfaces
•
One dedicated interface in use as an
existing DMZ
existing DMZ
Scenario C: SSL VPN on the LAN
•
No unused interfaces
•
No dedicated interface for a DMZ
SonicOS Standard 3.1 or higher:
TZ 150 Series
TZ 170 Wireless
TZ 170 SP
TZ 150 Series
TZ 170 Wireless
TZ 170 SP
SonicWALL devices running
legacy firmware
legacy firmware
Third-Party Gateway Device
Scenario C: SSL VPN on the LAN
•
Not planning to use SonicWALL deep
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
packet inspection security services such as
GAV, IPS, and Anti-Spyware.
•
Interoperability with a third-party gateway
device
device
Gateway
Device
Switch/
Hub
SonicWALL
SSL-VPN 4000
on LAN
Remote Users
in Internet Zone
SonicWALL
SSL-VPN 4000
on Existing DMZ
SonicWALL
UTM Appliance
LAN
Resources
Router
Switch/
Hub
Switch/
Hub
Remote Users
in Internet Zone
SonicWALL
UTM Appliance
SonicWALL
SSL-VPN 4000
on DMZ
LAN
Resources
Router
Switch/
Hub
Remote Users
in Internet Zone
Scenario A
SSL VPN on a New DMZ
Scenario B
Scenario C
SSL VPN on an Existing DMZ
SSL VPN on the LAN