• Secure Mobile Access
• About this Guide
  • Organization of this Guide
  • Guide Conventions
• About SonicWall Secure Mobile Access
  • About the SMA Appliance
  • Key SSL VPN Concepts and SMA Features
    • Resources
    • Users and Groups
    • Authentication
    • Communities
    • Access Policy
    • End Point Control (EPC)
    • SSL/TLS and Encryption
    • Single Sign-On
    • Sharing Configuration Data
    • Role-based Administration
    • System Monitoring and Logging
  • SonicWall SMA Components
    • Client Components and Access Methods
      • WorkPlace
      • Network Explorer
      • Connect Tunnel Clients
      • Mobile Connect App
      • Translated Web Access
      • Custom Port Mapping
      • Custom FQDN Mapping
    • End Point Control Components
    • Administrator Components
      • Setup Wizard
      • Appliance Management Console (AMC)
      • Access Services
  • Managing Multiple Appliances
    • Central Management Server
    • Global Traffic Optimizer
• Planning Your VPN
  • About Designing Your VPN
    • Who Will Access Your VPN?
    • Which Types of Resources Should Users Have Access To?
      • How Will Users Access Your Resources?
      • Tunnel, Proxy, or Web: Which Access Method is Best?
    • Security Administration
      • Defining Resources
        • Web Resources
        • Client/Server Resources
        • File Shares
      • Managing Access Control with an Access Policy
      • Access Control for Bi-Directional Connections
      • Design Guidelines for Access Rules
  • End Point Control
    • Advanced EPC
  • Putting It All Together: Using Realms and Communities
• Common VPN Configurations
  • About the Configurations
  • Deployment Scenario: Remote Access for Employees and Partners
    • Establishing an Authentication Realm
    • Identifying Users
    • Adding Resources
    • Creating Zones of Trust
      • Creating a Device Zone for Trusted Users
      • Creating a Device Zone for Partners
      • Creating a Quarantine Zone for Untrusted Users
  • Customizing WorkPlace
    • Modifying the Default Style and Layout
    • Creating a New WorkPlace Style and Layout
      • Creating a WorkPlace Style
      • Creating a Workplace Layout
    • Creating an Employee Community
      • Specifying Access Methods for Employees
      • Configuring End Point Control for Employees
      • Configuring the WorkPlace Appearance for Employees
    • Creating a Partner Community
      • Specifying an Access Method for Partners
      • Configuring End Point Control for Partners
      • Configuring WorkPlace Appearance for Partners
    • Access Control Lists
      • Adding a Rule for Limited Resources
      • Adding an Unrestricted Rule
  • Testing the Deployment Scenario
  • Other Remote Access VPN Scenarios
    • Providing Access to Web Resources
      • Defining Specific Web Resources
      • Web Resources on a Portion of Your Network
      • All Web Resources on Your Network
    • Web-Based File Access to Entire Networks
    • Broad Access to Network Resources
    • Remote Access for Mobile Users
  • Additional Partner VPN Scenarios
    • Access to a Specific Web Resource Using an Alias
    • Web-Based Access to a Client/Server Application
  • End Point Control Scenarios
    • Quarantining Employees on Untrusted Systems
    • Denying Access
  • Access Policy Scenarios
  • Application-Specific Scenarios
    • Providing Access to Outlook Web Access (OWA)
    • Providing Access to Voice Over IP (VoIP)
    • Providing Access to Windows Terminal Services or Citrix Resources
  • Authentication Scenarios
    • Using Multiple Realms vs Single Realm
  • Access Component Provisioning
    • Deploying the Same Agents to All Users
    • Deploying Different Agents to Different Users
• SonicWall Support
  • About This Document

Access Control for Bi-Directional Connections

VPN connections typically involve what are called forward connections, which are initiated by a user to a network resource. However, if you deploy network tunnel clients (Connect Tunnel or OnDemand Tunnel) to your users, bi-directional connections are enabled. Examples of bi-directional connections include an FTP server that downloads files to or uploads files from a VPN user, and remote Help Desk applications.

Within the Secure Mobile Access VPN, bi-directional connections include the following:

• Forward connections from a VPN user to a network resource.
• Reverse connections from a network resource to a VPN user. An example of a reverse connection is an SMS server that pushes a software update to a user’s machine.
• Cross-connections refer specifically to VoIP (Voice over IP) applications that enable one VPN user to telephone another. This kind of connection requires a pair of access control rules: one for the forward connection and one for the reverse connection.