Secure Mobile Access 10.2 Deployment Guide
Configuring SMA to LAN Connectivity
Before continuing, you must add a new SMA custom zone. Refer to Adding a New SMA Custom Zone for more information.
For users to access local resources through the SMA appliance, you must configure your gateway device to allow an outside connection through the SMA into your LAN.
To allow an SMA to LAN connection
- Using SonicOS, navigate to the OBJECT | Match Objects > Addresses page on the gateway appliance.
- In the Address Objects tab, click +Add.
-
In the Address Object Settings dialog box, create an address object for the X0 interface IP address of your SMA appliance:
Name Name for the SMA appliance Zone Assignment SMA Type Host IP Address SMA appliance X0 IP address (default 192.168.200.1
) - Click +Add to create the object. After adding, click Close.
- Click +Add again to create an address object for the NetExtender range.
-
In the Add Address Object dialog box, create an address object for the NetExtender range, using the following options:
Name Name for NetExtender range Zone Assignment SMA Type Range Starting IP Address Start of the NetExtender IP address range (default 192.168.200.100
)Ending IP Address End of the NetExtender IP address range (default 192.168.200.200
) - Click Save to create the object. Once added, click Close.
- On the OBJECT | Match Objects > Addresses page, click the Address Groups tab.
- Click +Add.
-
In the Add Address Groups dialog box, create a group for the X0 interface IP address of your SMA appliance and the NetExtender IP range:
- Enter a name for the group.
- In the left column, select the address objects you created and click the right arrow button.
- Click Save to create the group when both objects are in the right column.
- Navigate to the POLICY | Rules and Policies > Access Rules page, and select the Matrix view style.
- Click the SMA > LAN icon.
- On the page that displays for SMA to LAN, click +Add.
-
In the Add Rule window, create a rule to allow access to the LAN for the address group you just created:
Source Zone/Interface SMA Source Destination LAN Source Port Any Service Any Source The address group you just created, such as SMA and NetExtender. Destination Any Users Allowed All Users Excluded None Schedule Always on Select the following check box(es) - Enable Logging
- Allow Fragmented Packets
- Click OK to create the rule.
This completes Scenario C.
Some gateway appliances have a default zone named SSLVPN. Do not select this zone when configuring for the SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products.
Continue to Additional Configuration and Testing and Troubleshooting Your Remote Connection.
Was This Article Helpful?
Help us to improve our support portal