HOW TO CONFIGURE SSLVPN IN NSSP 13700?
07/16/2021 0 1012
SSL VPN is one method of allowing Remote Users to connect to SonicWall and access internal network resources. SSL VPN Connections can be setup with one of three methods:
1. The SonicWall Netextender client
2. The SonicWall Mobile Connect client
3. SSL VPN bookmarks via the SonicWall Virtual Office
This article details how to setup the SSL VPN Feature for Netextender and Mobile Connect users, both of which are software-based solutions.
Netextender is available for the following Operating Systems:
1. Microsoft Windows
2. Linux Distributions
Mobile Connect is available for the following Operating Systems:
1. Windows 8.1 & 10
2. OS X
SSL VPN Configuration
1. Navigate to the Network | SSL VPN | Server Settings.
2. SSL VPN STATUS ON ZONES which represents SSL VPN Access status on each Zone. Enable or disable SSL-VPN access by toggling the zone below. The Green indicates active SSL VPN status.
3. Under SSL VPN SERVER SETTINGS, Select the SSL VPN Port, and Domain as desired.
NOTE: The SSL VPN port will be needed when connecting using Mobile Connect and Netextender unless the port number is 443. Port 443 can only be used if the management port of the firewall is not 443. The Domain is used during the user login process. If you want to be able to manage the firewall via GUI or SSH over SSL VPN these features can be enabled separately here as well.
4. Navigate to the Network | SSL VPN | Client Settings and Select configure Default Device Profile.
5. Set the Zone IP V4 as SSLVPN and Network Address IP V4 as the Address Object created for the client IP pool.
6. Select Create new network and in the pop-up window, enter the information for your SSL VPN Range. An example Range is included below:
• Name: SSLVPN IP Pool TIP: This is only a Friendly Name used for Administration.
• Zone: SSL VPN
• Type: Range
NOTE: This does not have to be a range and can be configured as a Host or Network as well. To avoid IP Spoof errors and routing issues, we recommend using a subnet which is not configured anywhere else on the SonicWall.
7. The Client Routes tab allows the administrator to control what network access SSL VPN Users are allowed. The Netextender client routes are passed to all Netextender clients and are used to govern which networks and resources remote users can access via the SSL VPN connection.
8. The Client Settings tab allows the administrator to input DNS, WINS, and Suffix information while also controlling the caching of passwords, username, and the behavior of the Netextender Client to access domain resources by name.
9. Enable Create Client Connection Profile - The Netextender client will create a connection profile recording the SSL VPN Server name, the Domain name and optionally the username and password.
Adding Users to SSL VPN Services Group
SSLVPN Users may either authenticate as a Local User on the SonicWall or as a member of an appropriate Group through LDAP. This article will cover setting up Local Users, however if you're interested in using LDAP please reference How to Configure LDAP Authentication for SSL VPN Users.
1. Navigate to Device | Users | Local Users & Groups. Add a new User if necessary, by clicking Add.
2. In the Groups tab add SSL VPN Services to the Member Of: field.
3. In the VPN Access tab add the relevant Network, Range, or Host Address Objects that match what the User needs access to via Netextender.
NOTE: SSL VPN Users will only be able to access resources that match both their VPN Access and Client Routes.
4. Click on Save and close the window.
Checking Access rule Information for SSL VPN Zone
1. Navigate to Policy | Rules and Policies |Access Rules.
2. Select the SSL VPN to LAN rules and check if the access rule is added based on the Client route entry added to the SSLVPN settings