How to Access LAN Resources from WLAN Using SSL-VPN When WGS is Enabled

03/26/2020 1112 14274

DESCRIPTION:

This article provides the configuration involved in accessing the local resources from the wireless when the WGS is enabled with out the use of the “office gate” of the GVC client and can avail the Luxury of SSL VPN access especially if it’s an Apple (MAC) environment where GVC cannot be installed.

This configuration can be mostly useful in those Appliances which doesn’t have VAP functionality

Where a guest and corporate user connect to the same SSID, where guest can have access to the internet after the guest authentication and a corporate user can get redirected to the ssl vpn page and gain access to the Local resources and the internet through the same SSL VPN

And can be also configured on those Appliances connected where the SonicWall Administrator don’t want to go for the” Virtual Access Point”. 

RESOLUTION:

Step 1: Under Network | Interfaces | WLAN | configure | enable the check box on HTTPS for management and user login

Step 2: Under Network | Zones | WLAN | Configure under General TAB enable the check box “Enable SSL VPN Access”. Now click on Guest Services TAB and check on “Enable Guest Services” on the bottom also check on “Enable Dynamic Address Translation (DAT)”.

Step 3: Under SSLVPN | Client settings make sure the WLAN is in GREEN COLOUR, Under SSL-VPN Client Address Range Interface is X0 exclude a range of IP addresses based on how many corporate users connect to the SSL VPN from theDHCP sever on the LAN network (even if you are using a windows DHCP server) Under Net Extender starting and ending IP provide the range of IPs reserved for the wireless clients and if you have a DNS server you can add the DNS and WINS (Only if you are running a WINS server). Enable the NetBIOS over SSLVPN and you can ENABLE or DISABLE the “communication between clients” option based on the requirement.

Step 4: Under SSLVPN | Client routes make sure there is a route pointing to the LAN subnet.

Step 5: Go to Firewall | Access Rules from SSLVPN | LAN make sure there is an auto added allow rule with the source as SSL VPN IP Pool and destination as LAN subnets with any service and another rule with NETBIOS on top of the ANY rule

Step 6: Under Users | Local Users | Create user accounts for the wireless Corp Users and Under Group Membership Make them a part of “SSL-VPN SERVICES”.

(Note: if you have an active directory you can integrate SonicWall with AD server and can import User groups and can give those Group SSL-VPN services under Group Member ship)

For Guest users go to Users | Guest accounts | Add guest and create the Guest accounts (Note: You can customize the Guest Profiles and create a custom profile and apply that on the Guest account)

The SonicWall configuration ends here.

When the clients (Guest and Corporate users) connect to the SonicWall wireless. The Guest tries to go online and he need to enter his Guest credentials and can connect to the internet and when the corporate user tries to go online the corporate user can click on the SSLVPN link and will be redirected to the SSL-VPN page.

where the user can type in the user credentials and login and once he logs in he will be in the SSL-VPN portal where he need to install the active X on the browser and once after that he can connect to the WLAN zone and get an IP from the SSL-VPN pool.

He can access the Internet through the SonicWall LAN and can access the resources of the local network.