Solved

Sonicwall point to point VPN security

Posted on 2011-03-21
7
386 Views
Last Modified: 2012-05-11
I'm interested in implementing a hosted call center solution and the vendor I like wants me to setup a point to point VPN connection from my location to theirs to make the system work and pass VOIP traffic.  I'm concerned that this will open my network up to them as if I have no firewall at all.  It seems like this would be a big security risk for my network.

Am I wrong on this?  Is there a way to secure the point to point connection and not leave my network totally exposed to someone I don't really know?  Is there a way to set this up securely?

I have a Sonicwall TZ190 with the Enhanced OS.  Thanks!
0
Comment
Question by:s_sykes
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Assisted Solution

by:Hutch_77
Hutch_77 earned 200 total points
ID: 35180709
Yo are correct, but having not used tis particular firewall I cant answer this perfectly for you.  Maybe someone with more sonicwall experience will chime in,
But in a Cisco environment I know you can setup a VPN route to only allow access to certain IP's.  This would Help keep the security you need and keep them off your network.
You can also limit the traffic to say specifically VOIP traffic.. still not 100% secure though.
0
 
LVL 1

Author Comment

by:s_sykes
ID: 35180743
Limiting it to an IP range would help.  Limiting the ports or types of service would be helpful as well.  I know we need to access some applications on their end, so I guess you could not limit it to just VOIP?
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35180789
If you need the apps then yeah you may look more toward ports rather than service. Ports being open are just easier to exploit.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 35181193
The vpn tunnel is it's own area on a sonicwall. So just like there are routes and firewall rules from LAN to wan there are the same from VPN to wan and VPN to LAN. So you can limit what ips an services and everything.
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35181219
THat is what I thought Aaron, just never really worked with the Sonicwall as a whole.  

So if you can get the exact services they are running like HTTP or HTTPS and then the VOIP you may be able to limit it specifically to the needed services if they can truly give you all that information as some may be some odd app that requires ports rather than a generic service.
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 300 total points
ID: 35181249
Here are some good steps for sonicwall: start by defining adress objects for computers or ip ranges you need to talk with. Then make a service group for that address object. Then add services to the group. Then make a rule to allow from VPN to address object using the service group. That way you can just add and remove services from the group and the rule automatically adjusts.
0
 
LVL 1

Author Closing Comment

by:s_sykes
ID: 35181576
Thanks!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now