Products
- Network Security
  - Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
  - Security ServicesComprehensive security for your network security solution
  - Capture Security applianceAdvanced Threat Protection for modern threat landscape
  - Network Security ManagerModern Security Management for today’s security landscape
- Access Security
  - Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
  - Secure Mobile AccessRemote, best-in-class, secure access
  - Wireless Access PointsEasy to manage, fast and secure Wi-FI
  - SwitchesHigh-speed network switching for business connectivity
- Email Security
  - Email SecurityProtect against today’s advanced email threats
- Cloud Security
  - Cloud App SecurityVisibility and security for Cloud Apps
  - Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
  - Capture ClientStop advanced threats and rollback the damage caused by malware
  - Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
  - Product Menu Right Image
  - Capture Cloud Platform
    Capture Cloud Platform
    A security ecosystem to harness the power of the cloud
- Button Widgets
  - Products A-Z
    all products A–Z FREE TRIALS
Solutions
- Industries
- Use Cases
- Solutions Widgets
  - Solutions Content Widgets
    Federal
    Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
  - Solutions Image Widgets
Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
  - Custom HTML : Partners Content WIdgets
    Partner Portal
    Access to deal registration, MDF, sales and marketing tools, training and more
  - Partners Image Widgets
Support
- Support
- Resources
- Support Widget
  - Custom HTML : Support Content WIdgets
    Support Portal
    Find answers to your questions by searching across our knowledgebase, community, technical documentation and video tutorials
  - Support Image Widgets
COMPANY
PROMOTIONS
MANAGED SERVICES
Contact Sales

English English en

Support on SonicWall Products, Services and Solutions

Browse Knowledgebase by Category

Capture Security Center

Management and Reporting

Using SonicWall NetExtender to Access FTP Servers

03/26/2020 7 13964

DESCRIPTION:

Using NetExtender to access an FTP Server on the LAN segment of a SonicWall Firewall.

RESOLUTION:

Perform the following setup steps. Step 1-4 are for the administrator while Step 5 is for the remote user.

Configure the SonicWall (running SonicOS Enhanced firmware) so that we can connect a
SonicWall SSL-VPN appliance to it.
1. Create a new public zone named SSL-VPN.
2. Configure the X2 port with an appropriate IP address (192.168.200.2/24 in our case) and assign it to the X2 zone.
3. Change the management port numbers for HTTP/HTTPS.
4. Configure a port forwarding policy using the Public Server Wizard (alternatively an IP mapping policy can also be configured here).
5. Configure the appropriate access rules.
Configure the SonicWall SSL-VPN appliance in stand-alone mode (PC connected to the X0 port of the SonicWall SSL-VPN appliance via cross-over cable) for basic network connectivity.
1. For the XO port, setup the IP and mask.
2. Setup the default route.
Connect the SonicWall SSL-VPN appliance (X0 Interface) to the SonicWall (X2 in our case), and finalize the SSL-VPN configuration.
1. Create a Local User in Local Domain.
2. Add a Range for the NetExtender.
3. Add Routes for NetExtender (in our case, it should know how to get to the FTP Server).
Setup an FTP Server on the LAN segment of the SonicWall SSL-VPN Using SonicWall NetExtender to Access FTP Servers.
As a Remote User, make a connection to the SonicWall SSL-VPN appliance, and the access FTP Server using NetExtender.

IP Addressing Scheme SonicWall
X0: 192.168.168.168/24
X1: 200.1.1.2/29
X2: 192.168.200.2/24
Default Gateway: 200.1.1.1
PC sitting on X0 of SonicWall
IP : 192.168.168.100/24
Default Gateway: 192.168.168.168
IP Addressing Scheme for SSL-VPN
X0: 192.168.200.1/24
Default Gateway: 192.168.200.2

SonicWall Firewall Configuration
We are assuming the SonicWall is already connected to the Internet which means that LAN Hosts (i.e., 192.168.168.100) can go the Internet and no configuration is required for the XO and X1 ports.

Create a New Public Zone by the name SSL-VPN
Go to Network | Zones and click Add.
Click OK.
X2 Configuration and Zone Assignment
Navigate to the Network | Interface and click Edit for the X2 port.
Note: In case the X2 port is already in use for some other application, for example, WAN Failover, any other available port should be considered.
Same algorithm will be applied accordingly on the SonicWall TZ Series. Click OK.
Changing Management Port Numbers for HTTP and HTTPS.
Go to the System | Administration and make the following changes:
Click Apply.
Now you will be accessing the SonicWall units from the X0 port.
http://192.168.168.168:8080
https://192.168.168.168:444
Configure Port Forwarding Policy using Public Server Wizard
Go Network | NAT Policies, click Public Server Wizard and then click Next.
Click Next once you are done with the above parameters.Click Next and then click Apply.
Click Apply.
This will complete the Port Forwarding Policy for the SonicWall SSL VPN appliance. SonicWall
Firewall will create the necessary NAT Policies and Access Rules.
Click Close to close the Public Server Wizard.
Configure appropriate Access Rules
Go to the Firewall | Access Rules and click the Matrix radio button. Click Edit to make the
modifications.
Once you are done with the changes, click Ok on each page.
Note: These are generic access rules. You can make them more specific depending on your network access
policy.

SSL-VPN Basic Configuration (Stand Alone mode)
Connect the X0 Interface of the SonicWall SSL-VPN appliance to a PC directly using a cross-over cable and configure the basic parameters, for example, IP address, subnet mask and default route. Make sure your PC is configured for the192.168.200.x/24 network.

a) IP Assignment to X0 along with the Subnet Mask
In our case, we are using Default IP addressing scheme of the SSL-VPN appliance (X0 = 192.168.200.1/24),
therefore we will not be making any changes on the Network | Interface page for the X0 port.
b) Default Gateway Configuration
Go to the Network | Routes page and configure the following:
Click Apply.
Note: Make sure the following option is checked on System | Settings:
Otherwise, click on the following link on the same page to save the running configuration as a startup
configuration.
3. Establishing Connectivity between SonicWall and SSL-VPN and finalizing the SSL-VPN Configuration
Connect the X2 port of the SonicWall Firewall to the X0 port of the SonicWall SSL-VPN appliance either
directly or using a hub or switch, depending on your network configuration.
To access the SonicWall Firewall, enter the following in a Web browser.
http://200.1.1.2:8080
https://200.1.1.2:444
Note: Assumption is that, HTTP and HTTPS is enabled for the X1 port on the SonicWall Firewall
To access the SonicWall SSL-VPN appliance, enter the following in a Web browser.
http://200.1.1.2
https://200.1.1.2
Perform the following steps in the SonicWall SSL-VPN appliance to finalize the configuration.
a) Create a Local User in Local Domain
Go to the Users | Local Users and click Add User.
Click Add.
b) Add a Range for the NetExtender
Go to the NetExtender | Client Address and configure the following accordingly:
Click Apply.
c) Add Routes for NetExtender
Go to NetExtender | Client Routes and click Add Client Route.
Click Add.
Note: Above configuration is equivalent to “Route All” where a remote client will be sending all of its traffic to the SSL-VPN appliance.

Setting up an FTP Server on the LAN segment of the SonicWall.
In our case, set up the FTP Server on 192.168.168.100.
Either built-in or a third party FTP server, for example, 3COM, can be installed on this PC.
Once service is installed, do a Local FTP for verification.

Remote Connection to FTP Server using NetExtender

Forward the following info to a remote user:

https://200.1.1.2
Username : testuser
Password : abc
Domain: LocalDomain
Enter https://200.1.1.2 in a browser window

The remote user is prompted for a username/password and once the user enters the correct credentials, he will be able to log in, in the default Portal.
Click on NetExtender. An SSL-VPN session will be established and the user will be able get into the remote network.
Upload/download files for verification.

Stay In Touch

Email Address*
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time at Manage Subscriptions.
Country
Company
States
Dnb- ZIP
Dnb- Phone
elqCampaignId
elqTrackId
utm_campaign
utm_medium
utm_source
utm_term
utm_content
gclid
sfdc_campaign_id
DnB - Address
DnB - First Name
DnB - Last Name
DnB - Duns
DnB - Global Ult (HQ) DUNS
DnB - Global Ult (HQ) Company
DnB - Employee Count
DnB - Trade Name
DnB - Currency
DnB - Vanity Title
DnB - Country
DnB - State
DnB - Zip
DnB - City
DnB - Global Employee Count
DnB - SIC Code
DnB - SIC Description
DnB - NAICS Code
DnB - NAICS Description
DnB - Revenue
DnB - Domain
DnB - Business Phone
DnB - Company
DnB - DataSource
DnB - DMACode
DnB - EmployeeRange
DnB - Fortune1000
DnB - Fortune200
DnB - Industry
DnB - Postal Code
DnB - PrimarySIC
DnB - SubIndustry
DnB - PrimaryNAICS
DnB - StockTicker
DnB - Revenue Range
DnB - State or Province
DnB - Website
Email
This field is for validation purposes and should be left unchanged.

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Using SonicWall NetExtender to Access FTP Servers

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch

Using SonicWall NetExtender to Access FTP Servers

Categories

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch