Solved

Sonicwall point to point VPN security

Posted on 2011-03-21
7
393 Views
Last Modified: 2012-05-11
I'm interested in implementing a hosted call center solution and the vendor I like wants me to setup a point to point VPN connection from my location to theirs to make the system work and pass VOIP traffic.  I'm concerned that this will open my network up to them as if I have no firewall at all.  It seems like this would be a big security risk for my network.

Am I wrong on this?  Is there a way to secure the point to point connection and not leave my network totally exposed to someone I don't really know?  Is there a way to set this up securely?

I have a Sonicwall TZ190 with the Enhanced OS.  Thanks!
0
Comment
Question by:s_sykes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Assisted Solution

by:Hutch_77
Hutch_77 earned 200 total points
ID: 35180709
Yo are correct, but having not used tis particular firewall I cant answer this perfectly for you.  Maybe someone with more sonicwall experience will chime in,
But in a Cisco environment I know you can setup a VPN route to only allow access to certain IP's.  This would Help keep the security you need and keep them off your network.
You can also limit the traffic to say specifically VOIP traffic.. still not 100% secure though.
0
 
LVL 1

Author Comment

by:s_sykes
ID: 35180743
Limiting it to an IP range would help.  Limiting the ports or types of service would be helpful as well.  I know we need to access some applications on their end, so I guess you could not limit it to just VOIP?
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35180789
If you need the apps then yeah you may look more toward ports rather than service. Ports being open are just easier to exploit.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 35181193
The vpn tunnel is it's own area on a sonicwall. So just like there are routes and firewall rules from LAN to wan there are the same from VPN to wan and VPN to LAN. So you can limit what ips an services and everything.
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35181219
THat is what I thought Aaron, just never really worked with the Sonicwall as a whole.  

So if you can get the exact services they are running like HTTP or HTTPS and then the VOIP you may be able to limit it specifically to the needed services if they can truly give you all that information as some may be some odd app that requires ports rather than a generic service.
0
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 300 total points
ID: 35181249
Here are some good steps for sonicwall: start by defining adress objects for computers or ip ranges you need to talk with. Then make a service group for that address object. Then add services to the group. Then make a rule to allow from VPN to address object using the service group. That way you can just add and remove services from the group and the rule automatically adjusts.
0
 
LVL 1

Author Closing Comment

by:s_sykes
ID: 35181576
Thanks!
0

Featured Post

 Database Backup and Recovery Best Practices

Join Percona’s, Architect, Manjot Singh as he presents Database Backup and Recovery Best Practices (with a Focus on MySQL) on Thursday, July 27, 2017 at 11:00 am PDT / 2:00 pm EDT (UTC-7). In the case of a failure, do you know how long it will take to restore your database?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question