lock down sonic wall router by ipaddress comming into server
hi,
we use terminal services. we have a Sonic wall TZ-170..i know i can lock down terminal server users by IP address. and only allow access when it has been predefined... does anyone know hwere this feature may be in sonic wall's configuration?
we use terminal services. we have a Sonic wall TZ-170..i know i can lock down terminal server users by IP address. and only allow access when it has been predefined... does anyone know hwere this feature may be in sonic wall's configuration?
ASKER
your right on point... .
and io am not as familiar as you may think... so help me through this one step at a time.
firstly, my tech is on vacation , and the person filling is not familiar...
he set it up.... we have five stores... and they ae in their by name...and then me... by my personal name.
i can not even find what screen the rules were made on.....
can u point me in that direct.... i need to alter a rule pertaining to me...
and io am not as familiar as you may think... so help me through this one step at a time.
firstly, my tech is on vacation , and the person filling is not familiar...
he set it up.... we have five stores... and they ae in their by name...and then me... by my personal name.
i can not even find what screen the rules were made on.....
can u point me in that direct.... i need to alter a rule pertaining to me...
login to the sonicwall and go to the System > Status page. You'll see the information you need to post here so we can help you with the rules. Standard and Enhanced versions of the sonicwall, as ccomley eluded to above, have different methods of creating the firewall rules. Report this information and we can give you all the details.
See my screen shot for a sample of the information we need.
greenshot-2010-08-28-13-23-15.jpg
See my screen shot for a sample of the information we need.
greenshot-2010-08-28-13-23-15.jpg
ASKER
Model: TZ 170 Standard
Serial Number:
Authentication Code: 3JLL-VUF7
Firmware Version: SonicOS Standard 3.1.2.6-97s
ROM Version: SonicROM 3.1.0.4
CPU (10s average): 7.17% - SonicWALL Security Processor
Total Memory: 64MB RAM, 8MB Flash
System Time: 08/28/2010 12:52:34
Up Time: 42 Days 21:13:11
Current Connections: 37
Last Modified By: Unmodified since reboot
Nodes/Users: 10 Nodes (2 in use)
Your SonicWALL is not registered.
Click here to Register your SonicWALL.
To manually register, remember the following information:
Serial Number:
Authentication Code: 3JLL-VUF7
and go to the SonicWALL Web site.
does this help at all?
Serial Number:
Authentication Code: 3JLL-VUF7
Firmware Version: SonicOS Standard 3.1.2.6-97s
ROM Version: SonicROM 3.1.0.4
CPU (10s average): 7.17% - SonicWALL Security Processor
Total Memory: 64MB RAM, 8MB Flash
System Time: 08/28/2010 12:52:34
Up Time: 42 Days 21:13:11
Current Connections: 37
Last Modified By: Unmodified since reboot
Nodes/Users: 10 Nodes (2 in use)
Your SonicWALL is not registered.
Click here to Register your SonicWALL.
To manually register, remember the following information:
Serial Number:
Authentication Code: 3JLL-VUF7
and go to the SonicWALL Web site.
does this help at all?
you bet! Here is a sonicwall technote that walks you through the process.
http://www.sonicwall.com/downloads/Configuring_SonicWALL__Port_Forwarding.pdf
In the example, it wants you to configure it for FTP, but you'll want to use terminal services (port 3389). Additionally, they have the source specified as '*'. Here, you'll want to specify the source as the public IP address of the user that's accessing the internal terminal server.
How many remote users need access to the internal terminal server?
By the way, I see from the information above that your sonicwall isn't registered. If you're paying for any services (Global VPN licenses, etc.), you won't be able to use those until you've registered the sonicwall.
http://www.sonicwall.com/downloads/Configuring_SonicWALL__Port_Forwarding.pdf
In the example, it wants you to configure it for FTP, but you'll want to use terminal services (port 3389). Additionally, they have the source specified as '*'. Here, you'll want to specify the source as the public IP address of the user that's accessing the internal terminal server.
How many remote users need access to the internal terminal server?
By the way, I see from the information above that your sonicwall isn't registered. If you're paying for any services (Global VPN licenses, etc.), you won't be able to use those until you've registered the sonicwall.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i really appreciate the help.....
but i still have not found what i am looking for...
there was a section in the sonic wall configuration where my name was listed... and so was my external ip address i use comming into the router. in this same section i saw the names of other co-workers who are not on the lan... but rather come in from the wan.....
this has already been configured. I was suppose to be able to change my ip address in this sonic wall configuration , as i moved location to location....
i just can not find that area .....specifically that is what i am looking for..
but i still have not found what i am looking for...
there was a section in the sonic wall configuration where my name was listed... and so was my external ip address i use comming into the router. in this same section i saw the names of other co-workers who are not on the lan... but rather come in from the wan.....
this has already been configured. I was suppose to be able to change my ip address in this sonic wall configuration , as i moved location to location....
i just can not find that area .....specifically that is what i am looking for..
Can I suggest an alternate approach.
Is your unit still on 24x7 or 8x5 support? If so, lodge a support call with Sonicwall, they can look at your machine remotely so you don't need to try to describe the current setting, or you can send them a Tech Support Report. Then they can tell you exactly what to do - or they can do it for oyu then you can review the config change and see how it was done, then you'll know for next time.
Is your unit still on 24x7 or 8x5 support? If so, lodge a support call with Sonicwall, they can look at your machine remotely so you don't need to try to describe the current setting, or you can send them a Tech Support Report. Then they can tell you exactly what to do - or they can do it for oyu then you can review the config change and see how it was done, then you'll know for next time.
ASKER
perhaps that is not such a bad idea....
thank you fo royur help
thank you fo royur help
ASKER
the reson i selected the answer was in error....
i quite frankly thought it was he who i selected, and did not notice that another member answered. That other answered a "rather polite" i do not know, and directed me to technical support. when i thought i was still talking to the same original member, it seemed we were hitting a wall of " not being able to figure it out. and it was just my way of thanking him for at least trying.
the points shoul dproperly be rewarded to Digitap.
certainly, it is not htat i do not care.
i quite frankly thought it was he who i selected, and did not notice that another member answered. That other answered a "rather polite" i do not know, and directed me to technical support. when i thought i was still talking to the same original member, it seemed we were hitting a wall of " not being able to figure it out. and it was just my way of thanking him for at least trying.
the points shoul dproperly be rewarded to Digitap.
certainly, it is not htat i do not care.
My recommendation is a split between the following solutions:
http:#a33548685
http:#a33550765
@intelogent :: No worries. I assumed there was a misunderstanding.
http:#a33548685
http:#a33550765
@intelogent :: No worries. I assumed there was a misunderstanding.
ASKER
really appreciate taht digitap.....
this place is a valuable reseorce to me. i was not dis ing u...
i'll leave it to the moderators.
this place is a valuable reseorce to me. i was not dis ing u...
i'll leave it to the moderators.
i know...no worries. thx!
ASKER
digitap...i have run out of time... my tech returns tomorrow...and i will get an answer.... and be happy to explain exactly where in the software this configuration is...
i do appreciate your input... and mean nothing but respect...
i do appreciate your input... and mean nothing but respect...
Are you running Standard or Enhanced OS?
I assume the TS users you wish to control are OUTSIDE the firewall and the TServer is inside.
If you already have inbound access working I assume you have a "PERMIT" rule allowing anyone from outside to access the TS, you need to ammend this so it only allows your specific IP list to access.
But this is different depending which OS version you are running.
In standard mode you need a WAN to LAN "TS" rule for each IP addres you want to Permit, and to remove the "permit any" rule.
In enhanced mode, you need to create an Address Object for each IP address (e.g. "Fred's Office - 217.123.123.1", then a GROUP of address objects called, say, "Permitted TS Users" which you put each of teh individual address objects into. Then you ammend the Permit TServe rule to permit it only for source = Permitted Users insteadof for Source = Any.