How do I configure Sonicwaves for layer 3 management over SSLVPN?

Step 2: Enable SSL VPN and Create a SSLVPN profile for Sonicwave Layer-3 Management

1. Enable SSLVPN on the WAN zone
2.  Ensure HTTPS mgmt is enabled on the wan interface.
3. Create an address object for SSL VPN IP Pool. Network | Address Object | Create a new Address object with the Address type as range/network for SSL VPN IP POOL (refer to the note)
4. Goto SSLVPN ----->Client settings and configure the "SonicPoint/sonicwave L3 Management Default Device Profile" as below

NOTE:  The SSLNEW NW is a range address object having an unused IP range from the X0 subnet (LAN) (the interface to which the WT0 is bound to)

This object must be assigned with the zone SSLVPN

Step 3: Create a user account on the UTM for use on the Sonicwave for SSLVPN login from the Sonicwave into the UTM
Create a local user account on the firewall and ensure that the user is a member of the SSLVPN services group

Also, add X0 subnet and WLAN subnets to the VPN access list.

Part 2: Configuration on the Sonicwave

Step 1: Downloading and uploading the SonicOS 9.*.4.7-7o firmware for Sonicwaves
Method 1: Connecting Sonicwaves to SonicWall UTM appliance running SonicOS 7.0.1 and above
When the Sonicwaves are connected to a SonicWall UTM appliance's WLAN interface/Zone running SonicOS 7.0.1 and above, they will be automatically updated with the latest firmware.

Step 2: Accessing the Sonicwave Management Interface in Standalone Mode:

1. The default management interface of the SonicPoint is 192.168.1.20
2. If you are connecting to the LAN port on the Sonicwave directly from a PC or through only the PoE injector, you need to configure the Local Area Connection on the PC to be in the same subnet as the Sonicwave.
   • IP address: 192.168.1.100.
   • Netmask: 255.255.255.0.
3. Connect directly to the LAN port of the Sonicwave with a crossover cable or regular cat. 5 Ethernet cable.
   • Connect to the LAN port of the SonicPoint through the PoE injector with a regular cat. 5 Ethernet cable.
   • If the Sonicwave is connected to a port in a SonicWall security appliance and the port is not in a Wireless zone, you can connect to it through the security appliance provided there are rules to allow HTTP management traffic between the zone your management station is in and the zone the Sonicwave is in.
4. Start your Web browser and direct it to the default management IP address for the Sonicwave, 192.168.1.20

Troubleshooting Tip: If you are unable to access the Sonicwaveyou may press the Reset Button to access it in SafeMode and then follow the above step

1. Start your Web browser and direct it to the default management IP address for the Sonicwave, 192.168.1.20
2. Login to the Sonicwave management interface with the default username "admin" and default password "password".

Step 4: Configuring the L3 Management Settings

1. Navigate to Sonicwave Network > SSL-VPN page
2. Enter the WAN ip-address of the UTM along with the SSLVPN port number
3. Enter the SSLVPN user credentials, enable the Auto-Reconnect checkbox,
4. Enable "Enable SSL-VPN based Layer3 Management"
5. Click on the Save button on the bottom and click connect
6. You will get a prompt at the Top to Restart the Sonicwave, click on Restart and restart the appliance.

    

7. Please Note: After the reboot the Sonicwave will try to establish a SSLVPN connection with the UTM and a GRE/DTLS tunnel would be setup within this SSLVPN connection to complete the Sonicwave provisioning. Sonicwave might reboot  and SSL VPN user logout several times before Sonicwave shows up as operational because of the provisioning process that the Sonicwave goes through.

   
   How to Test
   Go to Sonicwave > Network >SSL-VPN page, you must see the client ip from Firewall.