Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Using SonicWall NetExtender to Access FTP Servers

03/26/2020 8 People found this article helpful 118,490 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description


    Using NetExtender to access an FTP Server on the LAN segment of a SonicWall Firewall.

    Resolution

    Perform the following setup steps. Step 1-4 are for the administrator while Step 5 is for the remote user.

    1. Configure the SonicWall (running SonicOS Enhanced firmware) so that we can connect a
      SonicWall SSL-VPN appliance to it.
      1. Create a new public zone named SSL-VPN.
      2. Configure the X2 port with an appropriate IP address (192.168.200.2/24 in our case) and assign it to the X2 zone.
      3. Change the management port numbers for HTTP/HTTPS.
      4. Configure a port forwarding policy using the Public Server Wizard (alternatively an IP mapping policy can also be configured here).
      5. Configure the appropriate access rules.
    2. Configure the SonicWall SSL-VPN appliance in stand-alone mode (PC connected to the X0 port of the SonicWall SSL-VPN appliance via cross-over cable) for basic network connectivity.
      1. For the XO port, setup the IP and mask.
      2. Setup the default route.
    3. Connect the SonicWall SSL-VPN appliance (X0 Interface) to the SonicWall  (X2 in our case), and finalize the SSL-VPN configuration.
      1. Create a Local User in Local Domain.
      2. Add a Range for the NetExtender.
      3. Add Routes for NetExtender (in our case, it should know how to get to the FTP Server).
    4. Setup an FTP Server on the LAN segment of the SonicWall SSL-VPN Using SonicWall NetExtender to Access FTP Servers.
    5. As a Remote User, make a connection to the SonicWall SSL-VPN appliance, and the access FTP Server using NetExtender.

    IP Addressing Scheme SonicWall
    X0: 192.168.168.168/24
    X1: 200.1.1.2/29
    X2: 192.168.200.2/24
    Default Gateway: 200.1.1.1
    PC sitting on X0 of SonicWall
    IP : 192.168.168.100/24
    Default Gateway: 192.168.168.168
    IP Addressing Scheme for SSL-VPN
    X0: 192.168.200.1/24
    Default Gateway: 192.168.200.2


    SonicWall Firewall Configuration
    We are assuming the SonicWall is already connected to the Internet which means that LAN Hosts (i.e., 192.168.168.100) can go the Internet and no configuration is required for the XO and X1 ports.

    1. Create a New Public Zone by the name SSL-VPN
    2. Go to Network | Zones and click Add.
    3. Click OK.
    4. X2 Configuration and Zone Assignment
    5. Navigate to the Network | Interface and click Edit for the X2 port.
      Note: In case the X2 port is already in use for some other application, for example, WAN Failover, any other available port should be considered.
    6. Same algorithm will be applied accordingly on the SonicWall TZ Series. Click OK.
    7. Changing Management Port Numbers for HTTP and HTTPS.
    8. Go to the System | Administration and make the following changes:
      Click Apply.
      Now you will be accessing the SonicWall units from the X0 port.
      http://192.168.168.168:8080
      https://192.168.168.168:444
    9. Configure Port Forwarding Policy using Public Server Wizard
    10. Go Network | NAT Policies, click Public Server Wizard and then click Next.
    11. Click Next once you are done with the above parameters.Click Next and then click Apply.
    12. Click Apply.
    13. This will complete the Port Forwarding Policy for the SonicWall SSL VPN appliance. SonicWall
      Firewall will create the necessary NAT Policies and Access Rules.
    14. Click Close to close the Public Server Wizard.
    15. Configure appropriate Access Rules
      Go to the Firewall | Access Rules and click the Matrix radio button. Click Edit to make the
      modifications.
    16. Once you are done with the changes, click Ok on each page.
      Note: These are generic access rules. You can make them more specific depending on your network access
      policy.

    SSL-VPN Basic Configuration (Stand Alone mode)
    Connect the X0 Interface of the SonicWall SSL-VPN appliance to a PC directly using a cross-over cable and configure the basic parameters, for example, IP address, subnet mask and default route. Make sure your PC is configured for the192.168.200.x/24 network.

    a) IP Assignment to X0 along with the Subnet Mask
    In our case, we are using Default IP addressing scheme of the SSL-VPN appliance (X0 = 192.168.200.1/24),
    therefore we will not be making any changes on the Network | Interface page for the X0 port.
    b) Default Gateway Configuration
    Go to the Network | Routes page and configure the following:
    Click Apply.
    Note: Make sure the following option is checked on System | Settings:
    Otherwise, click on the following link on the same page to save the running configuration as a startup
    configuration.
    3. Establishing Connectivity between SonicWall and SSL-VPN and finalizing the SSL-VPN Configuration
    Connect the X2 port of the SonicWall Firewall to the X0 port of the SonicWall SSL-VPN appliance either
    directly or using a hub or switch, depending on your network configuration.
    To access the SonicWall Firewall, enter the following in a Web browser.
    http://200.1.1.2:8080
    https://200.1.1.2:444
    Note: Assumption is that, HTTP and HTTPS is enabled for the X1 port on the SonicWall Firewall
    To access the SonicWall SSL-VPN appliance, enter the following in a Web browser.
    http://200.1.1.2
    https://200.1.1.2
    Perform the following steps in the SonicWall SSL-VPN appliance to finalize the configuration.
    a) Create a Local User in Local Domain
    Go to the Users | Local Users and click Add User.
    Click Add.
    b) Add a Range for the NetExtender
    Go to the NetExtender | Client Address and configure the following accordingly:
    Click Apply.
    c) Add Routes for NetExtender
    Go to NetExtender | Client Routes and click Add Client Route.
    Click Add.
    Note: Above configuration is equivalent to “Route All” where a remote client will be sending all of its traffic to the SSL-VPN appliance.


    Setting up an FTP Server on the LAN segment of the SonicWall.
    In our case, set up the FTP Server on 192.168.168.100.
    Either built-in or a third party FTP server, for example, 3COM, can be installed on this PC.
    Once service is installed, do a Local FTP for verification.


    Remote Connection to FTP Server using NetExtender

    1. Forward the following info to a remote user:
      • https://200.1.1.2
      • Username : testuser
      • Password : abc
      • Domain: LocalDomain
      • Enter https://200.1.1.2 in a browser window
    2. The remote user is prompted for a username/password and once the user enters the correct credentials, he will be able to log in, in the default Portal.
    3. Click on NetExtender. An SSL-VPN session will be established and the user will be able get into the remote network.
    4. Upload/download files for verification.

    Related Articles

    • Ending User Sessions
    • How to manually apply licenses to SMA 1000 series appliance?
    • SMA100: How to generate Certificate Signing Request and import a signed certificate?

    Categories

    • Secure Mobile Access > SMA 100 Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:0981bd95f32945e4467f8723afb65d56-68