My clients connect with Net Extender and they have access to all my network but I want to restrict

Description

My clients connect with Net Extender and they have access to all my network but I want to restrict their access to only one or some servers at only given ports.

Resolution

 

Scenario:

My clients connect with Net Extender and they have access to all my network but I want to restrict their access to only one or some servers at only given ports.

Procedure:

When you configure the client routes, as you can see there’s only possibility to give access to ranges, networks or host, there’s nothing where to specify the ports that you want to open for your SSL VPN clients.

You need to go to Access Rules (SSL VPN > and there deny the access to the whole network for any service and then create a new rule (s) to allow access as desired.

Please check the following example, here we are denying the access to the whole network and allowing HTTP access to one server, pay attention to the priority of the rules.
Image

We need to create an “Any, Any, Any, DENY” rule so the third rule (created by default and non-modifiable) has no effect.

Now the clients have only access to the IP that's defined on "Mi ip privada" at port 80 only.

 

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community