SMB SSL-VPN: Connecting a SonicWall SSL-VPN appliance on LAN in SonicOS Enhanced

Description

SMB SSL-VPN: Connecting a SonicWall SSL-VPN appliance on LAN in SonicOS Enhanced

Resolution

Overview / Scenario:

Before continuing to connect the SonicWall SSL-VPN appliance to your network, refer the diagrams on the "SonicWall Recommended Deployment Scenario" in KBID 6122 to determine the proper scenario for your network configuration.

Deployment Steps:

Step 1: Connecting the SonicWall SSL-VPN appliance
Step 2: Connecting to the SonicWall UTM Appliance
Step 3: Allowing SSL-VPN -> LAN Connection in SonicOS Enhanced
Step 4:Setting Public Server Access in SonicOS Enhanced
Step 5: Testing Your SSL-VPN Connection


Procedure:

Step 1: Connecting the SonicWall SSL-VPN appliance

1. Connect one end of an Ethernet cable to the OPT, X2, or other unused port on your existing SonicWall UTM appliance.
2. Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall SSL-VPN 2000. The X0 Port LED lights up green indicating an active connection.

Now that you have set up your SonicWall SSL-VPN appliance (for example: SSL-VPN 2000), you need to configure your gateway device (SonicWall Firewall appliance) to work with the SonicWall SSL-VPN appliance.

Step 2: Connecting to the SonicWall UTM Appliance

1. Using a computer connected to your LAN, launch your Web browser and enter the IP address of your existing SonicWall UTM appliance in the Location or Address field.
2. When the management interface displays, enter your user name and password in the appropriate fields and press the Login button.
 
Note: Remember that you are logging into your SonicWall UTM appliance, not the SonicWall SSL-VPN appliance, Your user name and password combination may be different from the user name and password you recorded for your SonicWall SSL-VPN appliance.

Step 3: Allowing SSL-VPN -> LAN Connection in SonicOS Enhanced
 
When users have connected to the SSL-VPN, they need to be able to connect to resources on the LAN.
 
1. In the administration interface, navigate to the Network > Address Objects page.
2. In the Address Objects section, click .
3. In the Add Object dialog box, create an address object for the X0 interface IP address of your SonicWall SSL-VPN appliance:
 
 

 

Name
Enter a name for the SonicWall SSL-VPN appliance
Zone Assignment
SSLVPN
Type
Host
IP Address
The SonicWall SSL-VPN appliance's X0 IP address,
192.168.200.1 by default

 

Click OK to create the object.
 
4. Click ADD botton again to create an address object for the NetExtender range.
5. In the Add Object dialog box, create an address object for the X0 interface IP address of your SonicWall SSL-VPN appliance:

 

Name
Enter a name for NetExtender
Zone Assignment
SSLVPN
Type
Range
Starting IP Address
The start of the NetExtender IP address range,
192.168.200.100 by default
Ending IP Address
 
The end of the NetExtender IP address range,
192.168.200.200 by default

 

Click OK to create the object.

6. On the Network > Address Objects page, in the Address Groups section, click ADD Group button.
7. In the Add Address Object Group dialog box, create a group for the X0 interface IP address of your SonicWall SSL-VPN appliance and the NetExtender IP range:

 

 Enter a name for the group.
 In the left column, select the two groups you created and click the arrow button (point right).
 Click OK to create the group when both objects are in the right column.
 
8. In the administrative interface, navigate to the Firewall > Access Rules page.
 9. On the Firewall > Access Rules page in the matrix view, click the SSLVPN > LAN icon.

10. On the resulting Firewall > Access Rules page, click ADD button.

11. In the Add Rule window, create a rule to allow access to the LAN for the address group you just created:

 

 

Action
Allow
From Zone
SSLVPN
To Zone
LAN
Service
Any
Source
The address group you just created, such as
SonicWall_SSLVPN_Group
Destination
Any
Users Allowed
All
Schedule
Always on
Enable Logging
Selected
Allow Fragmented Packets
Selected

 

Click OK to create the rule.

Step 4: Setting Public Server Access in SonicOS Enhanced???

1. Click the Wizards icon in the top right corner of the SonicOS Enhanced management interface.
2. Select the Public Server Wizard option and then click Next.
3. Select Web Server from the Server Type drop-down menu.

4. Select the HTTP and HTTPS checkboxes.
5. Click the Next button to continue the Wizard.
6. Enter SSLVPN in the Server Name field.
7. Enter 192.168.168.200 (or the address to which you have configured your X0 interface on your SonicWall SSL-VPN appliance) in the Private IP field.

8. Enter a comment, such as  WAN to SSL-VPN" to describe your connection.
9. Click the Next button to continue the Wizard.
10. Verify that the Public Server field contains the correct IP address (You can generally leave this at the default setting).
11. Click the Next button.
12. Click the Apply button.

 

Step 5: Testing Your SSL-VPN Connection

Now you have configured your SonicWall UTM appliance and SonicWall SSLVPN appliance for secure SSL VPN remote access. This section provides instructions to verify your SSL-VPN connection using a remote client on the WAN.

1. From a WAN connection outside of your corporate network, launch a Web browser and enter the following:
https:// <WAN_IP_address_of_gateway_device>

Note: It will be easier for your remote users to access the SonicWall SSL-VPN appliance using an FQDN (fully qualified domain name) rather than an IP address.

For example, browsing to  http://www.sonicwall.com" is simpler than browsing to  http://64.41.140.167". It is therefore recommended, if you have not already done so, that you create a DNS record to allow for FQDN access to your SonicWall SSL-VPN appliance. If you do not manage your own public DNS servers, contact your Internet
Service Provider for assistance.
 
For configurations where your ISP provides dynamic IP addressing rather than a static IP address, refer to the steps in  Configuring Dynamic DNS" on page 51 to set up DDNS for your remote users.
 
2. When prompted, enter the User Name and Password.
3. Select LocalDomain from the drop-down menu and click the Login button. The SonicWall Virtual Office screen appears in your Web browser.
4. Click NetExtender to start the NetExtender client installation.
5. Click the NetExtender  Image
6. Ping a host on your corporate LAN to verify your SSL-VPN remote connection.

Congratulations! You have successfully set up your SonicWall SSL-VPN appliance.

Source: SSL VPN: SonicWall SSL VPN 2000 Getting Started Guide

 

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community