Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 188
  • Last Modified:

VPN Confusion

Hello,

We just set up a new SonicWALL TZ210 Wireless-N firewall. I am a bit comfortable with firewalls, but this device is very intricate to me as it is nice. I have the VPN options enabled according to the default configuration, per Sonic's online tutorial (also, very nice). I am confused with how authentication seems to be working and how IP addresses are being handed-out.

If I make a VPN connection from a Windows 7 box, off of the LAN, through the firewall, with the built-in Windows tools, I can connect to resources and devices. For this I use the SBS domain username and password or a local user and password, specific to the SonicWALL device. The same can be said for a Mac with the built-in OS X tools. On the Mac I log in with the SBS domain username and password, no sweat.

SonicWALL has their own GlobalVPN client software package. When I use that on Windows 7, I can make a connection, but that is it. No IP address seems to be applied to the Virtual NIC, Sonic's VPN client creates on Windows. I do have it set so that DHCP will provide an IP address to VPN clients in the firewall's config. The firewall is the VPN server. I also have to use the local account on the firewall to get in. I don't even think it considers domain logins.

How can I configure it so that Active Directory authenticates the VPN users? Is the SonicWall client software needed?

Thanks
0
Jason Watkins
Asked:
Jason Watkins
  • 2
2 Solutions
 
footechCommented:
It all kind of depends on what you are comfortable with.  Some people like their VPN connections to terminate at the firewall/VPN server, so that until the connection is established they are unable to even touch the network (LAN) behind it.  Some people also like to have the VPN credentials different from the AD credentials.  If I understand correctly, when you use the Windows VPN client, you have the Sonicwall configured to forward the PPTP, GRE, L2TP traffic to the SBS, is this correct?

Personally I like to be able to VPN with just the Windows client, as it is always available.  Unfortunately I can't help with the issue of getting an IP when using the GlobalVPN client.  For the authentication, you should be able to configure in the Sonicwall what authentication source you want to use (local accounts, RADIUS, or LDAP).  Set it for LDAP to authenticate against AD.  RADIUS can do the same, but there would be more configuration involved.
0
 
amatson78Sr. Security EngineerCommented:
As for a client for the VPN User authentication your environment would need to already be setup for authentication internally for the VPN to use the same AD information. The firewall uses the SonicWALL Directory Connector utility to bridge the firewall to your AD structure.
0
 
Jason WatkinsIT Project LeaderAuthor Commented:
Existing users can log in to the VPN via AD, providing their account is set to do so from it's properties sheet.

I'll try the LDAP authentication against AD in the SonicWALL.

Thanks!
0
 
Jason WatkinsIT Project LeaderAuthor Commented:
Thanks guys!
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now