Sonicwall TZ210 locking down SSLVPN

We have set up a couple of users to connect to the TZ210 and download the NetExtender client. They can connect with the credentials we have given them and use the resources on the lan that we have allocated them.

We would like to lock this down by only allowing incoming connections to come from one or two specific ip addresses in order to increase security, but are unsure how to do this.

Does anyone know how this is achieved on the TZ210 please?
eymsITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BigPapaGottiCommented:
I think it would be possible to create a Firewall rule to allow only the external IP addresses you want and then do a deny any for the second rule. This would be applied to the WAN>SSL VPN zone.
0
Blue Street TechLast KnightCommented:
Hi eymsIT,

There is no such WAN>SSLVPN Access Rule. It does not work like that. The SSLVPN has to terminate or has to have a destination of the WAN specifically the Public IP. The Access Rule for VPNSSL depends on the Zone you enable it on. Assuming you set the Server up on the WAN zone, the Access Rule used looks like this:
From Zone: WAN
To Zone: WAN
Service: SSLVPN
Source: Any
Destination: WAN Interface IP
Users Allowed: All
Schedule: Always on
Comment: Auto added for inbound SSL VPN Traffic
Enable Logging: Checkmark
Allow Fragmented Packets: Checkmark
Unfortunately, you cannot lock it down the way described because the only fields, which are editable are the Service (which you shouldn't change), the Users Allowed (which can be locked down), and Schedule (which you can lockdown time-wise).

Users are the best way to lockdown SSLVPN. Here is how you can do that: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=6461. I'd recommend following the entire article, which will bring you to Access Rules and how you can lockdown SSLVPN by users.

Let me know how it goes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
eymsITAuthor Commented:
@diverseit - That's the conclusion I was coming to. I'll have a look at that document and let you know. Many thanks
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Blue Street TechLast KnightCommented:
Sounds good. Let me know how it goes!
0
eymsITAuthor Commented:
Thanks for pointing me in the right direction. Everything locked down to user level and working well :-)
0
Blue Street TechLast KnightCommented:
Awesome!  I'm glad I could help and thanks for the points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.