Avatar of eymsIT
eymsITFlag for United Kingdom of Great Britain and Northern Ireland asked on

Sonicwall TZ210 locking down SSLVPN

We have set up a couple of users to connect to the TZ210 and download the NetExtender client. They can connect with the credentials we have given them and use the resources on the lan that we have allocated them.

We would like to lock this down by only allowing incoming connections to come from one or two specific ip addresses in order to increase security, but are unsure how to do this.

Does anyone know how this is achieved on the TZ210 please?
Hardware FirewallsRoutersVPNSSL / HTTPSNetwork Security

Avatar of undefined
Last Comment
Blue Street Tech

8/22/2022 - Mon
BigPapaGotti

I think it would be possible to create a Firewall rule to allow only the external IP addresses you want and then do a deny any for the second rule. This would be applied to the WAN>SSL VPN zone.
ASKER CERTIFIED SOLUTION
Blue Street Tech

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
eymsIT

@diverseit - That's the conclusion I was coming to. I'll have a look at that document and let you know. Many thanks
Blue Street Tech

Sounds good. Let me know how it goes!
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
eymsIT

Thanks for pointing me in the right direction. Everything locked down to user level and working well :-)
Blue Street Tech

Awesome!  I'm glad I could help and thanks for the points.