- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Accessing remote site resources when connected to the main site via remote VPN client
10/14/2021 
1,248 People found this article helpful
49,807 Views
Description
In many scenarios, VPN users who are connected to the main site via a remote VPN Client need to have access to the resources behind the remote site in addition to the resources on main site. This KB article shows how to configure SonicWall to meet this need.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Login to the SonicWall management GUI
- Click Network tab.
- Navigate to IPSec VPN | Rules and Settings.
- Click on the Configure option of the appropriate VPN policy intended for remote site.
- Navigate to Networks tab in the new window and make a note of the address object/group set in the Choose destination network from list drop down list. (This may vary depending upon the remote site resource access privilege of the VPN users).
EXAMPLE: If the remote site resources access for the VPN user is restricted to a single IP address or subnet, then appropriate address object must be created in Network | Address Objects page with zone VPN. - Navigate to the Device| Users | Local Users & Groups page and click configure option of the remote VPN user account.
- Navigate to VPN Access tab in the new window and enforce the respective Address Object/Group of the remote site from left to right by clicking on the appropriate option as shown below in the image - In the example the object was NSA2650 Site.
How to Test this Scenario
- When using GVC
- Disconnect the Global VPN Client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
- When using NetExtender
- Click Policy tab.
- Navigate to Rules and Policies | Access Rules, click on view style matrix.
- Click on SSLVPN to VPN matrix button.
- Ensure there is an Allow Rule as shown below in the image.
- Check the same from VPN to SSLVPN zones.
- Disconnect the NetExtender client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Login to the SonicWall management GUI.
- Click Manage tab.
- Navigate to VPN | Base Settings.
- Click on the Configure option of the appropriate VPN policy intended for remote site.
- Navigate to Networks tab in the new window and make a note of the address object/group set in the Choose destination network from list drop down list. (This may vary depending upon the remote site resource access privilege of the VPN users).
EXAMPLE: If the remote site resources access for the VPN user is restricted to a single IP address or subnet, then appropriate address object must be created in Network | Address Objects page with zone VPN. - Navigate to the Users | Local Users & Groups page and click configure option of the remote VPN user account.
- Navigate to VPN Access tab in the new window and enforce the respective Address Object/Group of the remote site from left to right by clicking on the appropriate option as shown below in the image - In the example the object was NSA2650 Site.
How to Test this Scenario
- When using GVC
- Disconnect the Global VPN Client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
- When using NetExtender
- ClickManage tab.
- Navigate to Rules | Access Rules, click on view style matrix.
- Click on SSLVPN to VPN matrix button.
- Ensure there is an Allow Rule as shown below in the image.
- Check the same from VPN to SSLVPN zones.
- Disconnect the NetExtender client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
- Login to the SonicWall management GUI.
- Navigate to VPN | Settings page.
- Click on the Configure option of the appropriate VPN policy intended for remote site.
- Navigate to Networks tab in the new window and make a note of the address object/group set in the Choose destination network from list drop down list. (This may vary depending upon the remote site resource access privilege of the VPN users).
EXAMPLE: If the remote site resources access for the VPN user is restricted to a single IP address or subnet, then appropriate address object must be created in Network | Address Objects page with zone VPN. - Navigate to the Users | Local Users page and click on the configure option of the remote VPN user account.
- Navigate to VPN Access tab in the new window and enforce the respective address object/group of the remote site from left to right by clicking on the appropriate option as shown below in the image.
How to Test this Scenario
- When using GVC
- Disconnect the Global VPN client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
- When using NetExtender
- Navigate to Firewall | Access Rules, click on view style matrix.
- Click on SSLVPN to VPN matrix button.
- Ensure there is an allow rule as shown below in the image.
- Check the same from VPN to SSLVPN zones.
- Disconnect the NetExtender Client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
Related Articles
- How to enable and configure NTP?
- Cannot edit App Control Signatures, "Error: property 'value' can't be empty value"
- SSL-VPN 2FA: How to unbind TOTP for a single user or multiple users
Categories
- Firewalls > TZ Series > VPN
- Firewalls > SonicWall SuperMassive 9000 Series > VPN
- Firewalls > NSa Series > VPN
- Firewalls > NSv Series > VPN
YES
NO