Solved

Sonicwall SSH Setup

Posted on 2015-01-30
12
85 Views
Last Modified: 2015-04-06
I have an outside vendor that needs to access an appliance inside my network. He needs to use SSH to make the connection. He has provided me two of his IP addresses to allow access to my device. I need to know step by step on how to set this up so that only his two IP addresses can access the appliance. Since I have two devices for him to access and he has provided two IP's coming in I want to build this using object groups.
0
Comment
Question by:TabDB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
  • +1
12 Comments
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40581014
Make address objects for both internal hosts and also the external ips. Put them into two address object groups. Go to firewall matrix wan to lan, add a rule using those groups.
0
 
LVL 64

Expert Comment

by:btan
ID: 40581151
to add, suggest the remote management as in here be tunneled via the sonicwall VPN as well too (if the VPN can be connect from the WAN outside).
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 40581754
Here are the steps to make remote SSH be available and ONLY over VPN to your Sonicwall.

Your will also need to create a local account for L2TP access for your remote consultant and gives explicit access to the network resource they need access to.  Not that you don't trust them but don't trust 'em ;)

See my Screenshots below:

Add User - Group association
Add user - Network Object Access
Access rule step 1
Click on Add
Create the rule
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 

Author Comment

by:TabDB
ID: 40594174
I am in China so will look at this when I return late next week.
0
 

Author Comment

by:TabDB
ID: 40612287
Made changes to firewall today. Awaiting response if they were successful.
0
 

Author Comment

by:TabDB
ID: 40625705
So I performed these steps but I still am missing something like a 1to1 nat for a public IP for them, correct?

Make address objects for both internal hosts and also the external ips. Put them into two address object groups. Go to firewall matrix wan to lan, add a rule using those groups.
0
 
LVL 64

Expert Comment

by:btan
ID: 40625730
I dont see you need any NAT per se since you be riding SSH within the VPN tunnel (already in private IP assigned) established
0
 

Author Comment

by:TabDB
ID: 40625763
OK, so lets pretend I am the vendor needing access. What do I need to use for an IP to access the devices? Do they just use my current public facing IP address?
0
 
LVL 64

Expert Comment

by:btan
ID: 40625786
thought you need to establish VPN to secure channel first and then followed by the SSH access
http://www.uptimemadeeasy.com/networking/create-sonicwall-sslvpn/
 
Typically a SSH client to reach this IP and like in common case, many uses putty client http://www.putty.org/
there are other clients as well http://en.wikipedia.org/wiki/Comparison_of_SSH_clients

we can hear from the other EE too..
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 40626111
See the last screenshot of my posting.  Once VPN is setup, you then have to specify a rule to would allow the specific VPN user to only send SSH traffic to the server in question.

http://filedb.experts-exchange.com/incoming/2015/01_w05/895415/Screen-Shot-2015-01-31-at-3.10.33-PM.png
0
 
LVL 64

Expert Comment

by:btan
ID: 40627124
if you are also want to only allow one specific device to connect, then can use DHCP over VPN and just restrict that to the single device's static IP. http://help.mysonicwall.com/sw/eng/5505/ui2/25201/VPN_dhcpRelayView.html
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 40627170
BTW, the matrix you want is not wan to lan but Vpn to lan.
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question