Sonicwall TZ210 locking down SSLVPN

Posted on 2013-09-10
Medium Priority
Last Modified: 2013-12-01
We have set up a couple of users to connect to the TZ210 and download the NetExtender client. They can connect with the credentials we have given them and use the resources on the lan that we have allocated them.

We would like to lock this down by only allowing incoming connections to come from one or two specific ip addresses in order to increase security, but are unsure how to do this.

Does anyone know how this is achieved on the TZ210 please?
Question by:eymsIT
  • 3
  • 2

Expert Comment

ID: 39480548
I think it would be possible to create a Firewall rule to allow only the external IP addresses you want and then do a deny any for the second rule. This would be applied to the WAN>SSL VPN zone.
LVL 30

Accepted Solution

Blue Street Tech earned 2000 total points
ID: 39480886
Hi eymsIT,

There is no such WAN>SSLVPN Access Rule. It does not work like that. The SSLVPN has to terminate or has to have a destination of the WAN specifically the Public IP. The Access Rule for VPNSSL depends on the Zone you enable it on. Assuming you set the Server up on the WAN zone, the Access Rule used looks like this:
From Zone: WAN
To Zone: WAN
Service: SSLVPN
Source: Any
Destination: WAN Interface IP
Users Allowed: All
Schedule: Always on
Comment: Auto added for inbound SSL VPN Traffic
Enable Logging: Checkmark
Allow Fragmented Packets: Checkmark
Unfortunately, you cannot lock it down the way described because the only fields, which are editable are the Service (which you shouldn't change), the Users Allowed (which can be locked down), and Schedule (which you can lockdown time-wise).

Users are the best way to lockdown SSLVPN. Here is how you can do that: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=6461. I'd recommend following the entire article, which will bring you to Access Rules and how you can lockdown SSLVPN by users.

Let me know how it goes.

Author Comment

ID: 39482475
@diverseit - That's the conclusion I was coming to. I'll have a look at that document and let you know. Many thanks
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

LVL 30

Expert Comment

by:Blue Street Tech
ID: 39483516
Sounds good. Let me know how it goes!

Author Closing Comment

ID: 39486793
Thanks for pointing me in the right direction. Everything locked down to user level and working well :-)
LVL 30

Expert Comment

by:Blue Street Tech
ID: 39487348
Awesome!  I'm glad I could help and thanks for the points.

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

How does someone stay on the right and legal side of the hacking world?
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question