Secure Mobile Access 100 10.2 Deployment Planning Guide

Deploying SMA on the LAN > Configuring SMA to LAN Connectivity
Table of Contents

Configuring SMA to LAN Connectivity

Before continuing, you must add a new SMA custom zone. Refer to Adding a New SMA Custom Zone for more information.

For users to access local resources through the SMA appliance, you must configure your gateway device to allow an outside connection through the SMA into your LAN.

To allow an SMA to LAN connection

  1. Using SonicOS, navigate to the OBJECT | Match Objects > Addresses page on the gateway appliance.
  2. In the Address Objects tab, click +Add.

  3. In the Address Object Settings dialog box, create an address object for the X0 interface IP address of your SMA appliance:

    Name Name for the SMA appliance
    Zone Assignment SMA
    Type Host
    IP Address SMA appliance X0 IP address (default 192.168.200.1)
  4. Click +Add to create the object. After adding, click Close.
  5. Click +Add again to create an address object for the NetExtender range.

  6. In the Add Address Object dialog box, create an address object for the NetExtender range, using the following options:

    Name Name for NetExtender range
    Zone Assignment SMA
    Type Range
    Starting IP Address Start of the NetExtender IP address range (default 192.168.200.100)
    Ending IP Address End of the NetExtender IP address range (default 192.168.200.200)

  7. Click Save to create the object. Once added, click Close.
  8. On the OBJECT | Match Objects > Addresses page, click the Address Groups tab.
  9. Click +Add.

  10. In the Add Address Groups dialog box, create a group for the X0 interface IP address of your SMA appliance and the NetExtender IP range:

    • Enter a name for the group.
    • In the left column, select the address objects you created and click the right arrow button.
    • Click Save to create the group when both objects are in the right column.

  11. Navigate to the POLICY | Rules and Policies > Access Rules page, and select the Matrix view style.
  12. Click the SMA > LAN icon.
  13. On the page that displays for SMA to LAN, click +Add.

  14. In the Add Rule window, create a rule to allow access to the LAN for the address group you just created:

    Source Zone/Interface SMA
    Source Destination LAN
    Source Port Any
    Service Any
    Source The address group you just created, such as SMA and NetExtender.
    Destination Any
    Users Allowed All
    Users Excluded None
    Schedule Always on
    Select the following check box(es)
    • Enable Logging
    • Allow Fragmented Packets
  15. Click OK to create the rule.

This completes Scenario C.

Some gateway appliances have a default zone named SSLVPN. Do not select this zone when configuring for the SMA appliance. The SSLVPN zone is intended for use with the more limited SSLVPN features that are included in the firewall products.

Continue to Additional Configuration and Testing and Troubleshooting Your Remote Connection.