Solved

Sonicwall point to point VPN security

Posted on 2011-03-21
7
390 Views
Last Modified: 2012-05-11
I'm interested in implementing a hosted call center solution and the vendor I like wants me to setup a point to point VPN connection from my location to theirs to make the system work and pass VOIP traffic.  I'm concerned that this will open my network up to them as if I have no firewall at all.  It seems like this would be a big security risk for my network.

Am I wrong on this?  Is there a way to secure the point to point connection and not leave my network totally exposed to someone I don't really know?  Is there a way to set this up securely?

I have a Sonicwall TZ190 with the Enhanced OS.  Thanks!
0
Comment
Question by:s_sykes
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Assisted Solution

by:Hutch_77
Hutch_77 earned 200 total points
ID: 35180709
Yo are correct, but having not used tis particular firewall I cant answer this perfectly for you.  Maybe someone with more sonicwall experience will chime in,
But in a Cisco environment I know you can setup a VPN route to only allow access to certain IP's.  This would Help keep the security you need and keep them off your network.
You can also limit the traffic to say specifically VOIP traffic.. still not 100% secure though.
0
 
LVL 1

Author Comment

by:s_sykes
ID: 35180743
Limiting it to an IP range would help.  Limiting the ports or types of service would be helpful as well.  I know we need to access some applications on their end, so I guess you could not limit it to just VOIP?
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35180789
If you need the apps then yeah you may look more toward ports rather than service. Ports being open are just easier to exploit.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 35181193
The vpn tunnel is it's own area on a sonicwall. So just like there are routes and firewall rules from LAN to wan there are the same from VPN to wan and VPN to LAN. So you can limit what ips an services and everything.
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35181219
THat is what I thought Aaron, just never really worked with the Sonicwall as a whole.  

So if you can get the exact services they are running like HTTP or HTTPS and then the VOIP you may be able to limit it specifically to the needed services if they can truly give you all that information as some may be some odd app that requires ports rather than a generic service.
0
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 300 total points
ID: 35181249
Here are some good steps for sonicwall: start by defining adress objects for computers or ip ranges you need to talk with. Then make a service group for that address object. Then add services to the group. Then make a rule to allow from VPN to address object using the service group. That way you can just add and remove services from the group and the rule automatically adjusts.
0
 
LVL 1

Author Closing Comment

by:s_sykes
ID: 35181576
Thanks!
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question