Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.
Allow guest access on branch VPN?
Hello Experts,
We are currently setting up a branch VPN using the following hardware:
SonicWALL NSA 240 @ Main Site
SonicWALL TZ 100 @ Branch Site
The Branch site is only going to be used to replicate our incremental backups after an initial full backup is taken onsite. However, the "Branch Office" is going to be at our President's home. In this scenario, what is the best way to secure the "Branch Office" against home internet traffic? I've already seen his children infect several PCs with all kinds of Malware. I don't want to take that chance with our corporate network. The original plan was to get a seperate internet connection all together. Is that absolutely necessary?
We are currently setting up a branch VPN using the following hardware:
SonicWALL NSA 240 @ Main Site
SonicWALL TZ 100 @ Branch Site
The Branch site is only going to be used to replicate our incremental backups after an initial full backup is taken onsite. However, the "Branch Office" is going to be at our President's home. In this scenario, what is the best way to secure the "Branch Office" against home internet traffic? I've already seen his children infect several PCs with all kinds of Malware. I don't want to take that chance with our corporate network. The original plan was to get a seperate internet connection all together. Is that absolutely necessary?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 33
What hosts will need to be accessed over the VPN? If it's just the President's workstation as he access it via RDP, then you'd only need to allow that IP address and port over the VPN.
Aside from the fact that since the branch office is "untrusted" and therefore you can't really trust anything coming out of the environment, you could make it slightly more difficult for traffic to enter your main office "accidentally". You should be able to configre the sonicwall(s) to allow traffic from only one or more IP addresses in the brach office to reach the main office. You could also put a separate hub/switch/access point in the branch office and run a separate network, and plug that separate network into the sonicwall.
A second internet connection should not be required.
A second internet connection should not be required.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
So, from president's home his workstation and a NAS, right? What about access from the other direction?
So, from president's home his workstation and a NAS, right? What about access from the other direction?
Only His workstation needs full access to our main network @ Branch.
Then, since we're replicating existing backups to the NAS @ the Branch Office, we simply need to copy backups from one NAS @ the main office to a 2nd NAS @ Branch Office.
Question... If setting up a second network that plugs into the SonicWall @ Branch, as tjs suggested, would setting that as the exact same subnet as the one at the MAIN office restrict traffic?
Main Office subnet = 192.168.1.1
Branch Office subnet = 192.168.0.1
President's personal router @ Branch = 192.168.1.1
Only His workstation needs full access to our main network @ Branch.
Then, since we're replicating existing backups to the NAS @ the Branch Office, we simply need to copy backups from one NAS @ the main office to a 2nd NAS @ Branch Office.
Question... If setting up a second network that plugs into the SonicWall @ Branch, as tjs suggested, would setting that as the exact same subnet as the one at the MAIN office restrict traffic?
Main Office subnet = 192.168.1.1
Branch Office subnet = 192.168.0.1
President's personal router @ Branch = 192.168.1.1
What will restrict traffic are firewall rules. I'd not recommend configuring the subnets the same. This will be a nightmare to configure over the VPN. If the traffic is trusted and goes through the sonicwall, then there will be no restrictions. The more complex you setup the networks, the harder it will be to control the traffic. I'd still recommend setting up firewall rules restricting what hosts were allowed to talk to each other over the VPN.
SonicWall was extremely helpful when trying to accomplish this. We wound up placing the President's home wireless router in a DMZ. All traffic was then seperate. I wish I could provide more details, but it took about 3 hours for them to finally get it working. My attention was a bit strained at that point.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.