My clients connect with Net Extender and they have access to all my network but I want to restrict

Description

My clients connect with Net Extender and they have access to all my network but I want to restrict their access to only one or some servers at only given ports.

Resolution

 

Scenario:

My clients connect with Net Extender and they have access to all my network but I want to restrict their access to only one or some servers at only given ports.

Procedure:

When you configure the client routes, as you can see there’s only possibility to give access to ranges, networks or host, there’s nothing where to specify the ports that you want to open for your SSL VPN clients.

You need to go to Access Rules (SSL VPN > and there deny the access to the whole network for any service and then create a new rule (s) to allow access as desired.

Please check the following example, here we are denying the access to the whole network and allowing HTTP access to one server, pay attention to the priority of the rules.
Image

We need to create an “Any, Any, Any, DENY” rule so the third rule (created by default and non-modifiable) has no effect.

Now the clients have only access to the IP that's defined on "Mi ip privada" at port 80 only.

 

Related Articles

  • SSH password authentication fails after OpenSSH upgrade
    Read More
  • Where can I download SonicWall stencils?
    Read More
  • Configuring High Availability Monitoring settings
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community
Chat