SonicWall Gen 7: How to Configure SSL VPN Remote Access on your SonicWall Firewall

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello this is Nate with Pro services at firewalls.com and today I'm going to show you how to set up an SSL VPN so SSL VPN is a licensed service so we do need to make sure that we have the required license and each instance of a user logging in sslvpn will use up one of the licenses so first you can check the status of this by going to device at the top panel and then licenses on the left panel underneath settings and you can see that under endpoint and remote access Services we have sslvpn here and it is licensed for one user and you do have the option to upgrade this okay so SSL VPN can be set up underneath the network Tab and at the left panel all the way at the bottom you'll find SSL VPN but we will make sure the server is set up right and we will activate the server on the WAN interface the next thing we want to know is the SSL VPN port 4433 this can be changed if it interferes with other web services that you may have you do have the option of using a self-signed or a third-party certificate if you have one imported the user domain is important to note that is local domain and we will keep it this way you have the option of enabling management over SSL VPN if you want to manage the firewall from a remote location also 10 minutes of idle time will disconnect the VPN you have the option to use a radius server for Authentication you can download the client be a clicking here next we look at the client settings we have a default profile we will edit this profile and we can see that we have three tabs settings client routes and client settings we will need to set up a range of addresses for SSL VPN clients I have already set one up we will create a new network SSL VPN range 2 for my instance The Zone type is SSL VPN we will create a range let's give all SSL VPN users and address and the range of the 192.168.2 network to 192.168.2.254. save this range next thing we need to look at are client routes this are this is the networks that represent the resources available to anyone logging in using net extender um firewall subnets I have already selected uh includes all networks behind the firewall you may want to be more specific in that case you can select the networks or the default networks such as x0 subnet or any other subnets you've created for now we will leave it under firewall subnets the next thing we will do is look at the client settings and this is where you can set up DNS in Windows name services we will leave those default another step here is the net extender client settings we can enable client auto update we can exit the client after disconnect and we have the option of enabling netbios over SSL VPN for Network shares and we may also want a client connection profile so that the user doesn't have to retype the IP address every time they want to log in this also does give you the option of caching username and password or prohibiting it which is a more secure method in case of a lost or stolen device users can also log in using a web browser by typing in the WAN IP address with the sslvp import 4433 at the end and that gives them Virtual Office as we can see down here at the bottom left we see Virtual Office allows you to download the net extender client it also allows you to set up virtual bookmarks so instead of going through the procedure of starting a remote desktop protocol instance you can set this up with a bookmark and just click the bookmark and everything is already configured so we can see that the status tab will show any existing tunnels that and what users are currently using those tunnels and you can also see that what bookmarks are in use next weekend look at the object tab to see that we have an SSL VPN Zone and we are able to edit this Zone and configure any trust in access rules that are automated for us and we can also enable and disable Security Services which I would not recommend disabling them so if you have these Security Services go ahead and enable them next thing we want to do is actually give users access to the SSL VPN Zone and we can do that by going under device at the top tab go down to users on the left go to local users and groups had a local user um create one here and that user must be part of the SSL VPN Services Group two half access to SSL VPN at all the user will also need VPN access granted and we will come back to this in a moment you will see the local groups here that SSL VPN Services here now contains my user that I just set up um you will want to edit the local group settings of this group and here you can also add members of the group and you will need to set up access to Networks so in this for this example we'll just do firewall subnets and then say that you actually want this user to only have access to one network and not all of the networks behind there you can be more specific and choose say you want him to access only x0 subnet and the last thing we'll do is take a look at the auto-generated access rules for SSL VPN Zone to the land Zone and we can do that using this Zone Matrix selector also go down to sslvpn down to LAN and that'll show us what was set up and we can see that our source was SSL VPN to LAN with the firewalls.com scope and to the x0 subnet and that's how you set up SSL VPN and if you found this video helpful like And subscribe to the channel and lastly check out firewalls.com

Info

Channel: Firewalls.com

Views: 8,547

Rating: undefined out of 5

Keywords: sonicwall, sonic wall, sonicwall firewall, sonicwall fire wall, sonic wall firewall, sonicwall firewalls, firewall configuration, sonicwall firewall configuration, sonicwall support, sonicwall setup, Sonicwall vpn, remote access

Id: DNN6v81rZoY

Channel Id: undefined

Length: 9min 48sec (588 seconds)

Published: Fri Mar 17 2023