SonicWALL UMA EM5000 Getting Started Guide Page 7
GMS Gateway Recommendations
A GMS gateway is a SonicWALL UTM appliance that allows for
secure communication between the SonicWALL UMA EM5000
and managed appliance(s) using VPN tunnels. A GMS gateway
is not required in all deployment scenarios, as described in this
section.
When deployed, the GMS gateway must be a SonicWALL VPN-
based network security appliance running SonicOS Enhanced
firmware or another VPN device that is interoperable with
SonicWALL VPN. SonicWALL strongly recommends that the
GMS gateway be, at minimum, a SonicWALL NSA 2400
network security appliance with SonicOS Enhanced 5.1 or
higher firmware.The GMS gateway provides a VPN
management tunnel for each managed appliance. The number
of management tunnels depends on the number of VPNs
supported by the GMS gateway appliance and may be a limiting
factor.
There are three SonicWALL appliance management methods
with varying GMS gateway requirements. When using HTTPS
as the management method, it is optional to have a GMS
gateway between each SonicWALL UMA EM5000 agent server
and the managed SonicWALL appliance(s). If you select
Existing VPN tunnel as the management method, a gateway is
optional. If you select Management VPN tunnel, you must have
a GMS gateway between the SonicWALL UMA EM5000 agent
appliance and the managed SonicWALL appliance(s) to allow
each SonicWALL UMA EM5000 agent to securely communicate
with its managed appliance(s). The following list provides more
detail on SonicWALL appliance management methods and
gateway requirements:
• Management VPN tunnel – A GMS gateway is required.
Each SonicWALL UMA EM5000 agent must have a
dedicated gateway. The security association (SA) for this
type of VPN tunnel is created when the appliance is
configured for SonicWALL GMS management using the
Management Tunnel method.
• The SonicWALL UMA EM5000 automatically creates the
SA in the gateway. For this configuration, the gateway must
be a SonicWALL VPN-based appliance. The gateway can
be configured in NAT-Enabled or transparent mode.
• Existing VPN tunnel – A GMS gateway is optional. The
SonicWALL UMA EM5000 can use VPN tunnels that
already exist in the network to communicate with the
managed appliance(s). The GMS gateway can be a
SonicWALL VPN-based appliance or another VPN device
that is interoperable with SonicWALL VPN.
• HTTPS – A GMS gateway is optional. The SonicWALL
UMA EM5000 can use HTTPS management instead of a
VPN tunnel to communicate with the managed
appliance(s).
Note: A management VPN tunnel is only supported for
SonicWALL UTM appliances, but is not supported for
SonicWALL CDP or SonicWALL SSL-VPN appliances.