Setup UTM SSL-VPN from the SonicWall Command-Line Interface (CLI)

Description

Setup UTM SSL-VPN from the SonicWall Command-Line Interface (CLI)

Resolution

Feature/Application:


This article describes how to setup SSL-VPN from the SonicWall UTM CLI.

Note: There is no option to configure user settings in the CLI. SSL-VPN Users have to be created and VPN Access List set in the GUI.

Procedure:

Login to the SonicWall CLI using either SSH or Serial connection. For more information on how to login to the CLI, please refer this KB

Enter the administrator username and password.
You will be presented with the root prompt of the CLI.
Enter the following commands to setup SSL-VPN. All commands should be in lowercase.
SSL-VPN in the CLI has three Modules -

  • client
  • routes
  • portal

Configuring Client settings

The following commands are available in the sslvpn client prompt:

>config <enter>
>sslvpn client <enter>
>address <IP address range begin>  <IP address range end> <Interface> <enter> (Example: address 192.168.168.100 192.168.168.200 X0)
>sslvpn-access <zone> <enter> (Example: sslvpn-access WAN)
>dns1 <IP address of DNS server> <enter>
>dns2 <IP address of DNS server> <enter>
>user-domain LocalDomain <enter>
>dns-domain <name of Domain Controller> <enter>
>auto-update <enter>
>cache-username-password username-only OR password-username OR prohibitclient-communicate <enter> OR no client-communicate <enter>
>create-connection-profile <enter> OR no create-connection-profile <enter>
>exit-after-disconnect <enter> OR no exit-after-disconnect <enter>
>uninstall-after-exit OR no uninstall-after-exit <enter>
>wins1 <IP address of WINS server> <enter>
>wins2 <IP address of WINS server> <enter>

Configuring Client Route settings

The following commands are available in the sslvpn routes prompt:

>client routes <enter>
>add-routes <name of an Address Object or Address Group> (Example: LAN Subnets) <enter>
>tunnel-all <enter> (If Tunnel All mode is required)
>exit

Configuring Portal settings

The following commands are available in the sslvpn portal prompt, which can be enabled by invoking the following commands.

Related Articles

  • Web Proxy Forwarding is not Supported to a Server on the LAN
    Read More
  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community