-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
VPN: Configuring One-Way VPN (Single-Arm Mode) in SonicOS Enhanced
03/26/2020 
6 People found this article helpful
485,387 Views
Description
VPN: Configuring One-Way VPN (Single-Arm Mode) in SonicOS Enhanced
Resolution
Feature/Application:
SonicOS Enhanced 2.x, 3.x, 4.x and 5.x
Single-Arm mode enables the connection of only a SonicWall appliance's WAN interface to a network for the purpose of providing VPN capabilities. Traffic arrives inbound on the WAN interface, gets encrypted according to the appropriate VPN Security Association and sent out the same interface. This feature is especially useful for scenarios which require VPN functionality from a device that is non-intrusive, simply sitting on a subnet outside the firewall or on an isolated interface or subnet without any additional bridging, packet inspection or routing. This also allows the user to offload VPN functionality to a separate firewall to remove the burden of encryption/decryption from the Internet access firewall.
Procedure:
Configuring one-way VPN for SonicOS Enhanced:
NOTE: This feature only works if the SonicWall is in transparent mode.
NOTE: TZ 170W and TZ 170 SPW wireless appliances do not support transparent mode when running SonicOS Standard firmware. It is supported on TZ 170 wireless appliances running SonicOS Enhanced.
Before trying to configure a one-way VPN, set up a VPN in the standard configuration as given in the SonicOS Enhanced Administrator's Guide. Once the VPN is up and running and you can confirm that it is working, configure the one-way VPN as follows:
On the SonicWall whose LAN you want to deny access to over VPN:
- Select: Firewall --> Access rules
- Under View style, check the matrix radio button
- Select the configure icon for VPN to LAN
- Click “Add” to add an Access Rule. The Add rule window will appear.
- Under Action, select the “Deny” radio button
- Under Service, select Any
- Under Source, select the address object of the remote network behind the other SonicWall that you have created when establishing the VPN tunnel
- Under Destination, select Any
- Click OK to save the configuration
Now the network behind the other SonicWall will not be able to access the network behind the SonicWall where the deny rule is applied.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO