Using NetExtender to access an FTP Server on the LAN segment of a SonicWall Firewall.
Perform the following setup steps. Step 1-4 are for the administrator while Step 5 is for the remote user.
IP Addressing Scheme SonicWall
X0: 192.168.168.168/24
X1: 200.1.1.2/29
X2: 192.168.200.2/24
Default Gateway: 200.1.1.1
PC sitting on X0 of SonicWall
IP : 192.168.168.100/24
Default Gateway: 192.168.168.168
IP Addressing Scheme for SSL-VPN
X0: 192.168.200.1/24
Default Gateway: 192.168.200.2
SonicWall Firewall Configuration
We are assuming the SonicWall is already connected to the Internet which means that LAN Hosts (i.e., 192.168.168.100) can go the Internet and no configuration is required for the XO and X1 ports.
SSL-VPN Basic Configuration (Stand Alone mode)
Connect the X0 Interface of the SonicWall SSL-VPN appliance to a PC directly using a cross-over cable and configure the basic parameters, for example, IP address, subnet mask and default route. Make sure your PC is configured for the192.168.200.x/24 network.
a) IP Assignment to X0 along with the Subnet Mask
In our case, we are using Default IP addressing scheme of the SSL-VPN appliance (X0 = 192.168.200.1/24),
therefore we will not be making any changes on the Network | Interface page for the X0 port.
b) Default Gateway Configuration
Go to the Network | Routes page and configure the following:
Click Apply.
Note: Make sure the following option is checked on System | Settings:
Otherwise, click on the following link on the same page to save the running configuration as a startup
configuration.
3. Establishing Connectivity between SonicWall and SSL-VPN and finalizing the SSL-VPN Configuration
Connect the X2 port of the SonicWall Firewall to the X0 port of the SonicWall SSL-VPN appliance either
directly or using a hub or switch, depending on your network configuration.
To access the SonicWall Firewall, enter the following in a Web browser.
http://200.1.1.2:8080
https://200.1.1.2:444
Note: Assumption is that, HTTP and HTTPS is enabled for the X1 port on the SonicWall Firewall
To access the SonicWall SSL-VPN appliance, enter the following in a Web browser.
http://200.1.1.2
https://200.1.1.2
Perform the following steps in the SonicWall SSL-VPN appliance to finalize the configuration.
a) Create a Local User in Local Domain
Go to the Users | Local Users and click Add User.
Click Add.
b) Add a Range for the NetExtender
Go to the NetExtender | Client Address and configure the following accordingly:
Click Apply.
c) Add Routes for NetExtender
Go to NetExtender | Client Routes and click Add Client Route.
Click Add.
Note: Above configuration is equivalent to “Route All” where a remote client will be sending all of its traffic to the SSL-VPN appliance.
Setting up an FTP Server on the LAN segment of the SonicWall.
In our case, set up the FTP Server on 192.168.168.100.
Either built-in or a third party FTP server, for example, 3COM, can be installed on this PC.
Once service is installed, do a Local FTP for verification.
Remote Connection to FTP Server using NetExtender