SSL VPN is a method that allows remote users to connect to SonicWall firewall and access internal network resources. SSL VPN connections can be established using one of three methods:
- SonicWall NetExtender client
- SonicWall Mobile Connect client
- SSL VPN bookmarks via the SonicWall Virtual Office
This article details how to set up the SSL VPN Feature for NetExtender and Mobile Connect users, both of which are software-based solutions.
NetExtender is available for the following Operating Systems:
- Microsoft Windows
- Linux Distributions
Mobile Connect is available for the following Operating Systems:
- Windows 8.1 & 10
- OS X
- iOS
- Android
1.Create Address Object for IPv4 SSL VPN address range
– On SonicWall interface, select Object top, go to Match Objects |Addresses and choose Add.
– In the window that appears, enter information about the SSL VPN Range address range.
For example :
- Name : SSL VPN Pool
- Zone : SSL VPN
- Type : Range
Note : does not have to be a range of addresses and can be configured as Host or Network. To avoid IP Spoof errors and routing problems, you should use an unconfigured subnet on SonicWall.
2.Configure SSL VPN
– Go Network |SSL VPN | Server Settings.
– In SSL VPN STATUS ON ZONES Indicates SSL VPN access status per Zone.
– Enable or disable SSL-VPN access using the switch below. Green indicates active SSL VPN status.
– In SSL VPN SERVER SETTINGSselect SSL VPN Portand Domain as desired.
– SSL VPN port will be needed when connecting using Mobile Connect and NetExtender unless the Port number is 443. Port 443 can only be used if the firewall’s management port is not 443. Domain used during registration user input. If you want to be able to manage the firewall via GUI or SSH via SSL VPN, these features can also be enabled separately here.
– Go Network|SSL VPN|Client Settings and select configuration Default Device Profile.
– Establish Zone IP V4 To be SSL VPN and Network Address IP V4 is the Address Object you created above.
– At tab Client Routes Allows administrators to control which networks SSL VPN users are allowed to access. NetExtender client routes are passed to all NetExtender clients and are used to manage which networks and resources remote users can access via SSL VPN connections.
– Tabs Client Settings allows administrators to enter DNS and WINS information, and also control caching of passwords, usernames, and NetExtender client behavior for accessing domain resources by name.
– Turn on Create Client Connection Profile – The NetExtender client will create a connection profile that records the SSL VPN server name, domain name, and optionally the username and password.
3.Add users to SSL VPN Services Group
– NetExtender users can authenticate as Local Users on SonicWall or via LDAP. This article will cover setting up Local User.
– Go Device|Users|Local Users & Groups. Add new User if needed by selecting Add.
– On tabs Groups more SSL VPN Services.
– On tabs VPN Access Add Subnets, Range, or IP Address Address Objects that users need to access through NetExtender. Note that for SSL VPN users to access resources, it must be set up on both VPN Access and Client Routes.
– Select Save to close the window.
4.Check Access rule for SSL VPN Zone
– Go Policy | Rules and Policies |Access Rules.
– Select SSL VPN to LAN rules and check the rule.
– If SSL VPN Users need access to resources on other Zones, such as DMZ, verify or add those Access rules.
5.Check the connection using NetExtender
– Download and install SonicWall NetExtender available on SonicWall.com.
– Configure NetExtender as in the following example.
- Server : Specify the Ip address of the SonicWall WAN (by default SSL VPN is enabled on every SonicWall WAN Interface) followed by the port (specified in the Server Settings of the SSL VPN). You can also specify the domain name, wallet example: sslvpn.mycompany.com:4433
- Username : Username used to connect.
- Password : user’s password.
- Domain : The domain name (case sensitive) is specified in the Server Settings of the SSL VPN.
– Select Connect.
– After accessing the SSL VPN Server on SonicWall NetExtender, a Security Warning will be prompted, click Accept to establish the connection.
!!! Thank you for following the article!!!
Xem tiếp...