|
•
|
|
•
|
Management VPN tunnel—A SonicWALL GMS gateway is required. Each SonicWALL GMS agent server must have a dedicated gateway. The security association (SA) for this type of VPN tunnel must be configured in the managed SonicWALL appliance(s). SonicWALL GMS automatically creates the SA in the SonicWALL GMS gateway. For this configuration, the SonicWALL GMS gateway must be a SonicWALL VPN-based appliance. The SonicWALL GMS gateway can be configured in NAT-Enabled or transparent mode.
The reason for a dedicated gateway with this method is because of the Scheduler's function. When a unit is added into SonicWALL GMS with 'Management VPN' as the method, the scheduler service logs into the gateway and creates the management tunnel. Also, the scheduler service periodically logs into its gateway and checks for management SAs. If there are SAs created for units that the agent does not manage, the SAs are deleted. If there are two agents sharing a gateway, they will be constantly deleting the other agent’s SAs. |
|
•
|
Existing VPN tunnel—A SonicWALL GMS gateway is optional. SonicWALL GMS can use VPN tunnels that already exist in the network to communicate with the managed appliance(s). For this configuration, the SonicWALL GMS gateway can be a SonicWALL VPN-based appliance or another VPN device that is interoperable with SonicWALL VPN.
|
|
•
|
SSL—A SonicWALL GMS gateway is optional. SonicWALL GMS can use SSL management instead of a VPN tunnel to communicate with the managed appliance(s). However, the SonicWALL Aventail EX-Series SRA appliance allows SSL access only to its LAN port(s), and not to its WAN port(s). This means that when SonicWALL GMS is deployed outside of the Aventail LAN subnet(s), management traffic must be routed from SonicWALL GMS to a gateway that allows access into the LAN network, and from there be routed to the Aventail LAN port.
|