TabDB
asked on
Sonicwall SSH Setup
I have an outside vendor that needs to access an appliance inside my network. He needs to use SSH to make the connection. He has provided me two of his IP addresses to allow access to my device. I need to know step by step on how to set this up so that only his two IP addresses can access the appliance. Since I have two devices for him to access and he has provided two IP's coming in I want to build this using object groups.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
to add, suggest the remote management as in here be tunneled via the sonicwall VPN as well too (if the VPN can be connect from the WAN outside).
Here are the steps to make remote SSH be available and ONLY over VPN to your Sonicwall.
Your will also need to create a local account for L2TP access for your remote consultant and gives explicit access to the network resource they need access to. Not that you don't trust them but don't trust 'em ;)
See my Screenshots below:
Your will also need to create a local account for L2TP access for your remote consultant and gives explicit access to the network resource they need access to. Not that you don't trust them but don't trust 'em ;)
See my Screenshots below:
ASKER
I am in China so will look at this when I return late next week.
ASKER
Made changes to firewall today. Awaiting response if they were successful.
ASKER
So I performed these steps but I still am missing something like a 1to1 nat for a public IP for them, correct?
Make address objects for both internal hosts and also the external ips. Put them into two address object groups. Go to firewall matrix wan to lan, add a rule using those groups.
Make address objects for both internal hosts and also the external ips. Put them into two address object groups. Go to firewall matrix wan to lan, add a rule using those groups.
I dont see you need any NAT per se since you be riding SSH within the VPN tunnel (already in private IP assigned) established
ASKER
OK, so lets pretend I am the vendor needing access. What do I need to use for an IP to access the devices? Do they just use my current public facing IP address?
thought you need to establish VPN to secure channel first and then followed by the SSH access
http://www.uptimemadeeasy.com/networking/create-sonicwall-sslvpn/
Typically a SSH client to reach this IP and like in common case, many uses putty client http://www.putty.org/
there are other clients as well http://en.wikipedia.org/wiki/Comparison_of_SSH_clients
we can hear from the other EE too..
http://www.uptimemadeeasy.com/networking/create-sonicwall-sslvpn/
Typically a SSH client to reach this IP and like in common case, many uses putty client http://www.putty.org/
there are other clients as well http://en.wikipedia.org/wiki/Comparison_of_SSH_clients
we can hear from the other EE too..
See the last screenshot of my posting. Once VPN is setup, you then have to specify a rule to would allow the specific VPN user to only send SSH traffic to the server in question.
http://filedb.experts-exchange.com/incoming/2015/01_w05/895415/Screen-Shot-2015-01-31-at-3.10.33-PM.png
http://filedb.experts-exchange.com/incoming/2015/01_w05/895415/Screen-Shot-2015-01-31-at-3.10.33-PM.png
if you are also want to only allow one specific device to connect, then can use DHCP over VPN and just restrict that to the single device's static IP. http://help.mysonicwall.com/sw/eng/5505/ui2/25201/VPN_dhcpRelayView.html
BTW, the matrix you want is not wan to lan but Vpn to lan.