Solved

lock down sonic wall router by ipaddress comming into server

Posted on 2010-08-27
17
788 Views
Last Modified: 2012-05-10
hi,
we use terminal services. we have a Sonic wall TZ-170..i know i can lock down terminal server users by IP address. and only allow access when it has been predefined... does anyone know hwere this feature may be in sonic wall's configuration?
0
Comment
Question by:intelogent
  • 7
  • 5
  • 2
17 Comments
 
LVL 16

Expert Comment

by:ccomley
ID: 33548685
Yes, it's exactly what the sonicwall is intended for.

Are you running Standard or Enhanced OS?

I assume the TS users you wish to control are OUTSIDE the firewall and the TServer is inside.

If you already have inbound access working I assume you have a "PERMIT" rule allowing anyone from outside to access the TS, you need to ammend this so it only allows your specific IP list to access.

But this is different depending which OS version you are running.

In standard mode you need a WAN to LAN "TS" rule for each IP addres you want to Permit, and to remove the "permit any" rule.

In enhanced mode, you need to create an Address Object for each IP address (e.g. "Fred's Office - 217.123.123.1", then a GROUP of address objects called, say, "Permitted TS Users" which you put each of teh individual address objects into. Then you ammend the Permit TServe rule to permit it only for source =  Permitted Users insteadof for Source = Any.

 
0
 

Author Comment

by:intelogent
ID: 33549772
your right on point... .
and io am not as familiar as you may think... so help me through this one step at a time.
firstly, my tech is on vacation , and the person filling is not familiar...
he set it up.... we have five stores... and they ae in their by name...and then me... by my personal name.
i can not even find what screen the rules were made on.....
can u point me in that direct.... i need to alter a rule pertaining to me...
0
 
LVL 33

Expert Comment

by:digitap
ID: 33550308
login to the sonicwall and go to the System > Status page.  You'll see the information you need to post here so we can help you with the rules.  Standard and Enhanced versions of the sonicwall, as ccomley eluded to above, have different methods of creating the firewall rules.  Report this information and we can give you all the details.

See my screen shot for a sample of the information we need.
greenshot-2010-08-28-13-23-15.jpg
0
 

Author Comment

by:intelogent
ID: 33550559
Model: TZ 170 Standard
  Serial Number:
  Authentication Code: 3JLL-VUF7
  Firmware Version: SonicOS Standard 3.1.2.6-97s
  ROM Version: SonicROM 3.1.0.4
  CPU (10s average): 7.17% - SonicWALL Security Processor
  Total Memory: 64MB RAM, 8MB Flash
  System Time: 08/28/2010 12:52:34
  Up Time: 42 Days 21:13:11
  Current Connections: 37
  Last Modified By: Unmodified since reboot


Nodes/Users:      10 Nodes (2 in use)
  Your SonicWALL is not registered.
  Click here to Register your SonicWALL.

  To manually register, remember the following information:  
  Serial Number:  
  Authentication Code:  3JLL-VUF7  
 
  and go to the SonicWALL Web site.  



does this help at all?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33550765
you bet!  Here is a sonicwall technote that walks you through the process.

http://www.sonicwall.com/downloads/Configuring_SonicWALL__Port_Forwarding.pdf

In the example, it wants you to configure it for FTP, but you'll want to use terminal services (port 3389).  Additionally, they have the source specified as '*'.  Here, you'll want to specify the source as the public IP address of the user that's accessing the internal terminal server.

How many remote users need access to the internal terminal server?

By the way, I see from the information above that your sonicwall isn't registered.  If you're paying for any services (Global VPN licenses, etc.), you won't be able to use those until you've registered the sonicwall.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33550768
By the way, in standard OS, when you're done with Step 4 in the first, example, then you're done.  You only need to add a NAT rule when using the enhanced OS.
0
 

Author Comment

by:intelogent
ID: 33553053
i really appreciate the help.....

but i still have not found what i am looking for...

there was a section in the sonic wall  configuration where my name was listed... and so was my external ip address i use comming into the router. in this same section i saw the names of other co-workers who are not  on the lan... but rather come in from the wan.....  
this has already been configured.  I was suppose to be able to change my ip address in this sonic wall configuration , as i moved location to location....

i just can not find that area .....specifically that is what i am looking for..
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 16

Expert Comment

by:ccomley
ID: 33553761
Can I suggest an alternate approach.

Is your unit still on 24x7 or 8x5 support? If so, lodge a support call with Sonicwall, they can look at your machine remotely so you don't need to try to describe the current setting, or you can send them a Tech Support Report. Then they can tell you exactly what to do - or they can do it for oyu then you can review the config change and see how it was done, then you'll know for next time.

0
 

Author Comment

by:intelogent
ID: 33553827
perhaps that is not such a bad idea....

thank you fo royur help
0
 

Author Comment

by:intelogent
ID: 33557787
the reson i selected the answer was in error....
i quite frankly thought it was he who i selected, and did not notice that another member answered. That other answered a "rather polite"  i do not know, and directed me to technical support. when i thought i was still talking to the same original member, it seemed we were hitting a wall of " not being able to figure it out. and it was just my way of thanking him for at least trying.

the points shoul dproperly be rewarded to Digitap.

certainly, it is not htat i do not care.

0
 
LVL 33

Expert Comment

by:digitap
ID: 33558916
My recommendation is a split between the following solutions:

http:#a33548685
http:#a33550765

@intelogent :: No worries.  I assumed there was a misunderstanding.
0
 

Author Comment

by:intelogent
ID: 33563397
really appreciate taht digitap.....

this place is a valuable reseorce to me.   i was not dis ing  u...

i'll leave it to the moderators.

0
 
LVL 33

Expert Comment

by:digitap
ID: 33563486
i know...no worries.  thx!
0
 

Author Closing Comment

by:intelogent
ID: 33606304
digitap...i have run out of time... my tech returns tomorrow...and i will get an answer.... and be happy to explain exactly where in the software this configuration is...

i do appreciate your input... and mean nothing but respect...
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now