Sonicwall point to point VPN security

Posted on 2011-03-21
Last Modified: 2012-05-11
I'm interested in implementing a hosted call center solution and the vendor I like wants me to setup a point to point VPN connection from my location to theirs to make the system work and pass VOIP traffic.  I'm concerned that this will open my network up to them as if I have no firewall at all.  It seems like this would be a big security risk for my network.

Am I wrong on this?  Is there a way to secure the point to point connection and not leave my network totally exposed to someone I don't really know?  Is there a way to set this up securely?

I have a Sonicwall TZ190 with the Enhanced OS.  Thanks!
Question by:s_sykes
  • 3
  • 2
  • 2
LVL 10

Assisted Solution

Hutch_77 earned 200 total points
ID: 35180709
Yo are correct, but having not used tis particular firewall I cant answer this perfectly for you.  Maybe someone with more sonicwall experience will chime in,
But in a Cisco environment I know you can setup a VPN route to only allow access to certain IP's.  This would Help keep the security you need and keep them off your network.
You can also limit the traffic to say specifically VOIP traffic.. still not 100% secure though.

Author Comment

ID: 35180743
Limiting it to an IP range would help.  Limiting the ports or types of service would be helpful as well.  I know we need to access some applications on their end, so I guess you could not limit it to just VOIP?
LVL 10

Expert Comment

ID: 35180789
If you need the apps then yeah you may look more toward ports rather than service. Ports being open are just easier to exploit.
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

LVL 39

Expert Comment

by:Aaron Tomosky
ID: 35181193
The vpn tunnel is it's own area on a sonicwall. So just like there are routes and firewall rules from LAN to wan there are the same from VPN to wan and VPN to LAN. So you can limit what ips an services and everything.
LVL 10

Expert Comment

ID: 35181219
THat is what I thought Aaron, just never really worked with the Sonicwall as a whole.  

So if you can get the exact services they are running like HTTP or HTTPS and then the VOIP you may be able to limit it specifically to the needed services if they can truly give you all that information as some may be some odd app that requires ports rather than a generic service.
LVL 39

Accepted Solution

Aaron Tomosky earned 300 total points
ID: 35181249
Here are some good steps for sonicwall: start by defining adress objects for computers or ip ranges you need to talk with. Then make a service group for that address object. Then add services to the group. Then make a rule to allow from VPN to address object using the service group. That way you can just add and remove services from the group and the rule automatically adjusts.

Author Closing Comment

ID: 35181576

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2012 R2 Anywhere Access and PCI compliance 5 52
Fortigate 200B - Invalid IP Address Range when trying to create 3 59
sftp vs SendThisFile 9 48
TZ400 VPN Clients 5 24
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question