Using NetExtender to access an FTP Server on the LAN segment of a SonicWall Firewall.
Perform the following setup steps. Step 1-4 are for the administrator while Step 5 is for the remote user.
Configure the SonicWall (running SonicOS Enhanced firmware) so that we can connect a SonicWall SSL-VPN appliance to it.
Create a new public zone named SSL-VPN.
Configure the X2 port with an appropriate IP address (192.168.200.2/24 in our case) and assign it to the X2 zone.
Change the management port numbers for HTTP/HTTPS.
Configure a port forwarding policy using the Public Server Wizard (alternatively an IP mapping policy can also be configured here).
Configure the appropriate access rules.
Configure the SonicWall SSL-VPN appliance in stand-alone mode (PC connected to the X0 port of the SonicWall SSL-VPN appliance via cross-over cable) for basic network connectivity.
For the XO port, setup the IP and mask.
Setup the default route.
Connect the SonicWall SSL-VPN appliance (X0 Interface) to the SonicWall (X2 in our case), and finalize the SSL-VPN configuration.
Create a Local User in Local Domain.
Add a Range for the NetExtender.
Add Routes for NetExtender (in our case, it should know how to get to the FTP Server).
Setup an FTP Server on the LAN segment of the SonicWall SSL-VPN Using SonicWall NetExtender to Access FTP Servers.
As a Remote User, make a connection to the SonicWall SSL-VPN appliance, and the access FTP Server using NetExtender.
IP Addressing Scheme SonicWall X0: 192.168.168.168/24 X1: 188.8.131.52/29 X2: 192.168.200.2/24 Default Gateway: 184.108.40.206 PC sitting on X0 of SonicWall IP : 192.168.168.100/24 Default Gateway: 192.168.168.168 IP Addressing Scheme for SSL-VPN X0: 192.168.200.1/24 Default Gateway: 192.168.200.2
SonicWall Firewall Configuration We are assuming the SonicWall is already connected to the Internet which means that LAN Hosts (i.e., 192.168.168.100) can go the Internet and no configuration is required for the XO and X1 ports.
Create a New Public Zone by the name SSL-VPN
Go to Network | Zones and click Add.
X2 Configuration and Zone Assignment
Navigate to the Network | Interface and click Edit for the X2 port. Note: In case the X2 port is already in use for some other application, for example, WAN Failover, any other available port should be considered.
Same algorithm will be applied accordingly on the SonicWall TZ Series. Click OK.
Changing Management Port Numbers for HTTP and HTTPS.
Configure Port Forwarding Policy using Public Server Wizard
Go Network | NAT Policies, click Public Server Wizard and then click Next.
Click Next once you are done with the above parameters.Click Next and then click Apply.
This will complete the Port Forwarding Policy for the SonicWall SSL VPN appliance. SonicWall Firewall will create the necessary NAT Policies and Access Rules.
Click Close to close the Public Server Wizard.
Configure appropriate Access Rules Go to the Firewall | Access Rules and click the Matrix radio button. Click Edit to make the modifications.
Once you are done with the changes, click Ok on each page. Note: These are generic access rules. You can make them more specific depending on your network access policy.
SSL-VPN Basic Configuration (Stand Alone mode) Connect the X0 Interface of the SonicWall SSL-VPN appliance to a PC directly using a cross-over cable and configure the basic parameters, for example, IP address, subnet mask and default route. Make sure your PC is configured for the192.168.200.x/24 network.
a) IP Assignment to X0 along with the Subnet Mask In our case, we are using Default IP addressing scheme of the SSL-VPN appliance (X0 = 192.168.200.1/24), therefore we will not be making any changes on the Network | Interface page for the X0 port. b) Default Gateway Configuration Go to the Network | Routes page and configure the following: Click Apply. Note: Make sure the following option is checked on System | Settings: Otherwise, click on the following link on the same page to save the running configuration as a startup configuration. 3. Establishing Connectivity between SonicWall and SSL-VPN and finalizing the SSL-VPN Configuration Connect the X2 port of the SonicWall Firewall to the X0 port of the SonicWall SSL-VPN appliance either directly or using a hub or switch, depending on your network configuration. To access the SonicWall Firewall, enter the following in a Web browser. http://220.127.116.11:8080 https://18.104.22.168:444 Note: Assumption is that, HTTP and HTTPS is enabled for the X1 port on the SonicWall Firewall To access the SonicWall SSL-VPN appliance, enter the following in a Web browser. http://22.214.171.124 https://126.96.36.199 Perform the following steps in the SonicWall SSL-VPN appliance to finalize the configuration. a) Create a Local User in Local Domain Go to the Users | Local Users and click Add User. Click Add. b) Add a Range for the NetExtender Go to the NetExtender | Client Address and configure the following accordingly: Click Apply. c) Add Routes for NetExtender Go to NetExtender | Client Routes and click Add Client Route. Click Add. Note: Above configuration is equivalent to “Route All” where a remote client will be sending all of its traffic to the SSL-VPN appliance.
Setting up an FTP Server on the LAN segment of the SonicWall. In our case, set up the FTP Server on 192.168.168.100. Either built-in or a third party FTP server, for example, 3COM, can be installed on this PC. Once service is installed, do a Local FTP for verification.