Table of Contents
Integration with Dell SonicWALL Products
The SRA appliance integrates with other Dell SonicWALL products, complementing the Dell
SonicWALL NSA, PRO and TZ Series product lines. Incoming HTTPS traffic is redirected by a
Dell SonicWALL firewall appliance to the SRA appliance. The SRA appliance then decrypts and
passes the traffic back to the firewall where it can be inspected on its way to internal network
resources.
Typical Deployment
The SRA appliance is commonly deployed in tandem in one-armed mode over the DMZ or Opt
interface on an accompanying gateway appliance, for example, a Dell SonicWALL network
security appliance, such as a NSA 4500.
This method of deployment offers additional layers of security control plus the ability to use Dell
SonicWALL's Unified Threat Management (UTM) services, including Gateway Anti-Virus, Anti-
Spyware, Content Filtering and Intrusion Prevention, to scan all incoming and outgoing
NetExtender traffic. Dell SonicWALL recommends one-armed mode deployments over two-
armed for the ease-of-deployment and for use in conjunction with UTM GAV/IPS for clean VPN.
As shown in , in one-armed mode the primary interface (X0) on the SRA appliance connects to
an available segment on the gateway device. The encrypted user session is passed through
the gateway to the SRA appliance (step 1). The SRA appliance decrypts the session and
determines the requested resource. The SRA session traffic then traverses the gateway
appliance (step 2) to reach the internal network resources. While traversing the gateway,
security services, such as Intrusion Prevention, Gateway Anti-Virus and Anti-Spyware
inspection can be applied by appropriately equipped gateway appliances. The internal network
resource then returns the requested content to the SRA appliance through the gateway (step
3) where it is encrypted and returned to the client.
Figure 7
For information about configuring the SRA appliance to work with third-party gateways, refer to
on page 359.
Sequence of Events in Initial Connection
Internet
1
SSL VPN Client
SSL VPN
1
X0 interface connects to available segment on gateway. Encrypted session passes to SRA appliance.
2
SRA traffic traverses the gateway to reach internal network resource
3
The internal network resource returns content to the SRA appliance through the gateway.
NSA Appliance
Secure Remote Access
3
Internal Network
Resource
LAN
SRA
EX7000
2
SRA Appliance
X1
X0
CONSOLE
Secure Remote Access
PWR TEST ALARM
SRA
1200
DMZ
""
SRA Overview | 81
Hide quick links:
Chapters
Table of Contents
