-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
SMB SSL-VPN: Connecting a SonicWall SSL-VPN appliance on LAN in SonicOS Enhanced
03/26/2020 
17 People found this article helpful
476,031 Views
Description
SMB SSL-VPN: Connecting a SonicWall SSL-VPN appliance on LAN in SonicOS Enhanced
Resolution
Overview / Scenario:
Before continuing to connect the SonicWall SSL-VPN appliance to your network, refer the diagrams on the "SonicWall Recommended Deployment Scenario" in KBID 6122 to determine the proper scenario for your network configuration.
Deployment Steps:
Step 1: Connecting the SonicWall SSL-VPN appliance
Step 2: Connecting to the SonicWall UTM Appliance
Step 3: Allowing SSL-VPN -> LAN Connection in SonicOS Enhanced
Step 4:Setting Public Server Access in SonicOS Enhanced
Step 5: Testing Your SSL-VPN Connection
Procedure:
Step 1: Connecting the SonicWall SSL-VPN appliance
1. Connect one end of an Ethernet cable to the OPT, X2, or other unused port on your existing SonicWall UTM appliance.
2. Connect the other end of the Ethernet cable to the X0 port on the front of your SonicWall SSL-VPN 2000. The X0 Port LED lights up green indicating an active connection.
Now that you have set up your SonicWall SSL-VPN appliance (for example: SSL-VPN 2000), you need to configure your gateway device (SonicWall Firewall appliance) to work with the SonicWall SSL-VPN appliance.
Step 2: Connecting to the SonicWall UTM Appliance
1. Using a computer connected to your LAN, launch your Web browser and enter the IP address of your existing SonicWall UTM appliance in the Location or Address field.
2. When the management interface displays, enter your user name and password in the appropriate fields and press the Login button.
Note: Remember that you are logging into your SonicWall UTM appliance, not the SonicWall SSL-VPN appliance, Your user name and password combination may be different from the user name and password you recorded for your SonicWall SSL-VPN appliance.
Step 3: Allowing SSL-VPN -> LAN Connection in SonicOS Enhanced
When users have connected to the SSL-VPN, they need to be able to connect to resources on the LAN.
1. In the administration interface, navigate to the Network > Address Objects page.
2. In the Address Objects section, click .
3. In the Add Object dialog box, create an address object for the X0 interface IP address of your SonicWall SSL-VPN appliance:
|
Name
|
Enter a name for the SonicWall SSL-VPN appliance
|
|
Zone Assignment
|
SSLVPN
|
|
Type
|
Host
|
|
IP Address
|
The SonicWall SSL-VPN appliance's X0 IP address,
192.168.200.1 by default
|
Click OK to create the object.
4. Click ADD botton again to create an address object for the NetExtender range.
5. In the Add Object dialog box, create an address object for the X0 interface IP address of your SonicWall SSL-VPN appliance:
|
Name
|
Enter a name for NetExtender
|
|
Zone Assignment
|
SSLVPN
|
|
Type
|
Range
|
|
Starting IP Address
|
The start of the NetExtender IP address range,
192.168.200.100 by default
|
|
Ending IP Address
|
The end of the NetExtender IP address range,
192.168.200.200 by default
|
Click OK to create the object.
6. On the Network > Address Objects page, in the Address Groups section, click ADD Group button.
7. In the Add Address Object Group dialog box, create a group for the X0 interface IP address of your SonicWall SSL-VPN appliance and the NetExtender IP range:
Enter a name for the group.
In the left column, select the two groups you created and click the arrow button (point right).
Click OK to create the group when both objects are in the right column.
8. In the administrative interface, navigate to the Firewall > Access Rules page.
9. On the Firewall > Access Rules page in the matrix view, click the SSLVPN > LAN icon.
9. On the Firewall > Access Rules page in the matrix view, click the SSLVPN > LAN icon.
10. On the resulting Firewall > Access Rules page, click ADD button.
11. In the Add Rule window, create a rule to allow access to the LAN for the address group you just created:
|
Action
|
Allow
|
|
From Zone
|
SSLVPN
|
|
To Zone
|
LAN
|
|
Service
|
Any
|
|
Source
|
The address group you just created, such as
SonicWall_SSLVPN_Group
|
|
Destination
|
Any
|
|
Users Allowed
|
All
|
|
Schedule
|
Always on
|
|
Enable Logging
|
Selected
|
|
Allow Fragmented Packets
|
Selected
|
Click OK to create the rule.
Step 4: Setting Public Server Access in SonicOS Enhanced???
1. Click the Wizards icon in the top right corner of the SonicOS Enhanced management interface.
2. Select the Public Server Wizard option and then click Next.
3. Select Web Server from the Server Type drop-down menu.
3. Select Web Server from the Server Type drop-down menu.
4. Select the HTTP and HTTPS checkboxes.
5. Click the Next button to continue the Wizard.
6. Enter SSLVPN in the Server Name field.
7. Enter 192.168.168.200 (or the address to which you have configured your X0 interface on your SonicWall SSL-VPN appliance) in the Private IP field.
8. Enter a comment, such as WAN to SSL-VPN" to describe your connection.
9. Click the Next button to continue the Wizard.
10. Verify that the Public Server field contains the correct IP address (You can generally leave this at the default setting).
11. Click the Next button.
12. Click the Apply button.
Step 5: Testing Your SSL-VPN Connection
Now you have configured your SonicWall UTM appliance and SonicWall SSLVPN appliance for secure SSL VPN remote access. This section provides instructions to verify your SSL-VPN connection using a remote client on the WAN.
1. From a WAN connection outside of your corporate network, launch a Web browser and enter the following:
https:// <WAN_IP_address_of_gateway_device>
Note: It will be easier for your remote users to access the SonicWall SSL-VPN appliance using an FQDN (fully qualified domain name) rather than an IP address.
For example, browsing to https://www.sonicwall.com" is simpler than browsing to http://64.41.140.167". It is therefore recommended, if you have not already done so, that you create a DNS record to allow for FQDN access to your SonicWall SSL-VPN appliance. If you do not manage your own public DNS servers, contact your Internet
Service Provider for assistance.
For configurations where your ISP provides dynamic IP addressing rather than a static IP address, refer to the steps in Configuring Dynamic DNS" on page 51 to set up DDNS for your remote users.
2. When prompted, enter the User Name and
Password.
3. Select LocalDomain from the drop-down menu and click the Login button. The SonicWall Virtual Office screen appears in your Web browser.
4. Click NetExtender to start the NetExtender client installation.
5. Click the NetExtender
6. Ping a host on your corporate LAN to verify your SSL-VPN remote connection.
3. Select LocalDomain from the drop-down menu and click the Login button. The SonicWall Virtual Office screen appears in your Web browser.
4. Click NetExtender to start the NetExtender client installation.
5. Click the NetExtender
6. Ping a host on your corporate LAN to verify your SSL-VPN remote connection.
Congratulations! You have successfully set up your SonicWall SSL-VPN appliance.
Source: SSL VPN: SonicWall SSL VPN 2000 Getting Started Guide
Related Articles
- How to re-deploy a NSv in the existing resource group in azure platform
- How to access a more specific network over VPN tunnel while having another Route All VPN policy
- How to limit bandwidth usage when playing YouTube videos using App Rules
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO