Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

SMB SSL-VPN: Setting up SSl-VPN behind SonicWall UTM Appliance with multiple portals with unique Ce

03/26/2020 3 People found this article helpful 196,052 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    SMB SSL-VPN: Setting up SSl-VPN behind SonicWall UTM Appliance with multiple portals with unique Certificate per portal.

    Resolution

    Introduction

    This technote is an example of how to stup an SSL-VPN device with multiple portals, and a unique certificate per portal behind a SonicWall UTM device.
    It is possible to set up 2 portals with 2 separate certificates if you have more that one public IP available to use. In order to do this, first import the certificates. 

    Setup

    1) Create and import certificates
    For step by step instructions for importing certificates click here SSL_VPN: Creating and Installing Digital Certificates on SonicWall SSL VPN Appliances

    2) Create the portals
    In this example we’ll create two portals, one for sales and one for accounting.

    Go to Portals and click add. 
    In this example we will call the portal sales. 
    Modify the HTML for the login message if you would wish to customize the login page. 
    Now click on the virtual host tab. 
    Type in sales for the Virtual Host Domain Name. 
    Set the drop down menu for Virtual Host Interface to X0. 
    For the virtual host IP put in an IP address that is in the same subnet as the SSL's X0 IP, in this example 192.168.200.254. 
    Now choose the sales certificate from the Virtual Host Certificate drop down menu. 
    Click OK.

    Repeat this process for accounting, only make the virtual host IP different than sales, in this case 192.168.200.253.

    ImageImage

    3) Setup the UTM device

    In order to complete this install, you will need to make Nat policies mapping the public IP’s to the private virtual IP’s of the Portals on the SSL.

    Create an inbound and outbound NAT policy per portal.
    In this example two NAT policy pairs must be created, one for sales and one for accounting. 
    In this example we will Nat the public IP of 75.42.50.26 to the virtual host IP for sales which was 192.168.200.254. and we will Nat the public IP of 75.42.50.25 to the virtual host IP for accounting which was 192.168.200.253.

    Inbound NAT Policy

    From Network>Nat policies click Add.

    Original source is.............. any

    Translated source is .........Original

    Original destination is.......Create a new address object

    Call the object.....................sales public

    Zone assignment is ............WAN

    Type is................................. Host

    Ip Address...........................75.42.50.26

    Click OK.

    Image

    Translated destination is.....Create a new address object

    Call the object..................... sales private

    Zone assignment is.............. LAN

    Type is..................................Host

    Ip address is..........................192.168.200.254

    Click OK

    Image

    Original service is.................HTTPS

    Translated service is..............Original

    Inbound interface is..............Wan or X1

    Outbound interface is............Any

    Comment...............................Inbound sales ssl

    Click OK

    Image

    Outbound NAT policy

    From Network>Nat policies click Add.

    Original source is .................sales private

    Translated source is ...............sales public

    Original destination is ............Any

    Translated destination is.........Original

    Original service is ....................HTTPS

    Translated service is ................Original

    Inbound interface is..................LAN or X0

    Outbound interface is................WAN or X1

    Comment...................................Outbound sales ssl

    Click OK.

    Image

     

     Above needs to be repeated for the Accounting portal using address object pair: accounting public/private 75.42.50.25/192.168.200.253

    ImageImage

    Image

    In our example the SSL-VPN device is on the LAN zone, thus WAN to LAN firewall rules will also be needed to allow HTTPS to the public IP address objects “sales public” and “accounting public” 

    From Firewall>Access Rules in matrix view, WAN to LAN.

    Click Add

    Action is....................................Allow

    Service is ..................................HTTPS

    Source is....................................Any

    Destination is.............................sales public

    Check the “Allow Fragmented Packets” check box.

    Click OK

    Image

    Duplicate this rule for a destination of accounting public.

     

     

     

     

     

     

     

     

     

    Related Articles

    • SMA1000: How to manage Connect Tunnel client Auto-updates
    • Appliance reboot changes the configuration.
    • How to secure Virtual Office portal from all external access

    Categories

    • Secure Mobile Access > SMA 100 Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top