• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 756
  • Last Modified:

Managing Multiple Clients under one Sonicwall

We're looking at beginning to offer colocation services to our clients utilizing datacenter space that we're currently renting.

The one problem we're running into , is that we want our clients to be able to easily establish site-to-site VPNs from their office to the datacenter for secure access to the items they have in our facility.

We had originally considered simply deploying a new sonicwall inside the datacenter for each client, but we quickly realized that this could be very limiting for scalability and price if everytime a new client was deployed, we had to also put in another firewall at our facility.

What we were wondering, is if it would be possible to purchase ONE sonicwall (even if it was a bigger more expensive Sonicwall) and configure it to manage multiple networks with multiple different VPN policies.

So the idea would be that I could have 3 clients, with 3 different servers, on 3 different "networks" in my facility, and that all of them maintain a VPN connection from their office into the datacenter, but each of them be limited to only accessing an internal network configured for their company. This way, we can offer them an easy way to maintain a VPN connection to their equipment in our datacenter without them having to incurr the added cost and space of another firewall in the facility.

Any advice on how this could be done or what type of Sonicwall Firewall would be required?
1 Solution
Yes you can do what you want. A single Sonicwall can support many STS VPN connections from its WAN interface. Each tunnel can be directed to a separate LAN interface on the Sonicwall. You can write write firewall and other rules as to what you want to permit access to for each connection, and isolate them from one another.

The limiting factor here is the number of LAN interfaces available. If you think you will have more than 5 clients you could possibly use VLAN's as well. An NSA4500 would be a good start, but you should also look at the NSA E Series if you expect rapid growth. Selection is based upon expected use and throughput requirements.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now