SonicWALL 5.8.1 Manuale Utente

are addresses using address spaces that can easily be supernetted. For example, assume we 
wanted to provide access to/from the LAN and DMZ at the hub site to one subnet at each of 
2,000 remote sites, addressed as follows:

remoteSubnet0=Network 10.0.0.0/24 (mask 255.255.255.0, range 10.0.0.0-10.0.0.255)

 

remoteSubnet1=Network 10.0.1.0/24 (mask 255.255.255.0, range 10.0.1.0-10.0.1.255)

 

remoteSubnet2=Network 10.0.2.0/24 (mask 255.255.255.0, range 10.0.2.0-10.0.2.255)

 

remoteSubnet2000=10.7.207.0/24 (mask 255.255.255.0, range 10.7.207.0-10.7.207.255) 

Creating VPN Policies for each of these remote sites would result in the requisite 2,000 VPN 
Policies, but would also create 8,000 Access Rules (LAN -> VPN, DMZ -> VPN, VPN -> LAN, 
and VPN -> DMZ for each site). However, all of these Access Rules could easily be handled 
with just 4 Access Rules to a supernetted or address range representation of the remote sites 
(More specific allow or deny Access Rules could be added as needed):

remoteSubnetAll=Network 10.0.0.0/13 (mask 255.248.0.0, range 10.0.0.0-10.7.255.255) 
or

 

remoteRangeAll=Range 10.0.0.0-10.7.207.255

To enable this level of aggregation, the Advanced tab of the VPN Policy window page offers 
the option to Auto-Add Access Rules for VPN Policy setting. By default, the checkbox is 
selected, meaning the accompanying Access Rules will be automatically created, as they've 
always been. By deselecting the checkbox upon creating the VPN Policy, the administrator will 
have the ability and need to create custom Access Rules for VPN traffic.