Managing Multiple Clients under one Sonicwall

Posted on 2012-08-20
Last Modified: 2012-09-10
We're looking at beginning to offer colocation services to our clients utilizing datacenter space that we're currently renting.

The one problem we're running into , is that we want our clients to be able to easily establish site-to-site VPNs from their office to the datacenter for secure access to the items they have in our facility.

We had originally considered simply deploying a new sonicwall inside the datacenter for each client, but we quickly realized that this could be very limiting for scalability and price if everytime a new client was deployed, we had to also put in another firewall at our facility.

What we were wondering, is if it would be possible to purchase ONE sonicwall (even if it was a bigger more expensive Sonicwall) and configure it to manage multiple networks with multiple different VPN policies.

So the idea would be that I could have 3 clients, with 3 different servers, on 3 different "networks" in my facility, and that all of them maintain a VPN connection from their office into the datacenter, but each of them be limited to only accessing an internal network configured for their company. This way, we can offer them an easy way to maintain a VPN connection to their equipment in our datacenter without them having to incurr the added cost and space of another firewall in the facility.

Any advice on how this could be done or what type of Sonicwall Firewall would be required?
Question by:AceofTechs
    1 Comment
    LVL 20

    Accepted Solution

    Yes you can do what you want. A single Sonicwall can support many STS VPN connections from its WAN interface. Each tunnel can be directed to a separate LAN interface on the Sonicwall. You can write write firewall and other rules as to what you want to permit access to for each connection, and isolate them from one another.

    The limiting factor here is the number of LAN interfaces available. If you think you will have more than 5 clients you could possibly use VLAN's as well. An NSA4500 would be a good start, but you should also look at the NSA E Series if you expect rapid growth. Selection is based upon expected use and throughput requirements.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now