Link to home
Start Free TrialLog in
Avatar of AXISHK
AXISHK

asked on

Sonicwall security

Where can I configure Sonicwall to restrict which subnet can manage the Sonicwall ? I want only local network workstations (rather than vpn clients) can configure the box
Avatar of Blue Street Tech
Blue Street Tech
Flag of United States of America image
Hi AXISHK,

Go to the VPN policy and remove the checkmark next to Management to remove it from VPN access. If you want to create a group or one IP or the entire subnet access to manage the SonicWALL create the appropriate Address Objects and then go to Network > Interfaces and click on the configure button for the Interface (LAN) you wish to grant management access on.  On the General tab click on the HTTPS next to the Management: section.

Then go to Access Rules for example if it is the LAN zone go to LAN > LAN and find the auto-added management rule. You will not be able to edit anything except the Source, which is where you will select the applicable address Object you wish to have access to manage it.
Avatar of AXISHK
AXISHK

ASKER

I connect through the SSL VPN (using NetExtender). Which VPN Policy are you meaning about ? Any screen capture for further explaination ?

In access Rule, should the configuration on SSLVPN > LAN, rather do I set LAN > LAN ?

Tks
Avatar of Blue Street Tech
Blue Street Tech
Flag of United States of America image
So you want to only manage the SonicWALL via SSL-VPN? Is that correctly?
Avatar of AXISHK
AXISHK

ASKER

Only local LAN can manage the Sonicall firewall. Connecting through SSL-VPN can't. Tks
Avatar of Blue Street Tech
Blue Street Tech
Flag of United States of America image
ah OK so you want the SSL-VPN to be able to manage the SonicWALL as well.

OK, then go to SSL VPN > Server Settings then check next to Enable Web Management over SSL VPN:. Next add an Access Rule in Firewall > Access Rules screen, Matrix View Style: SSLVPN > LAN - it may do this by default but in case it doesn't....
• Allow
• (From: SSLVPN ; To: LAN)
• Source Port: Any* (or follow the same procedures above to further restrict access to single IP or group.)
• Service: HTTPS Management
• Source: (the selected Device Profile's "SSLVPN IP Range" object)
• Destination: (X0 IP or other internal interface's IP address object)
Let me know if you have any other questions.
Avatar of AXISHK
AXISHK

ASKER

Add an Access Rule in Firewall > Access Rules screen, Matrix View Style: SSLVPN > LAN -
• Allow
• Service: HTTPS Management

It means SSLVPN to LAN will be allowed for Service management ,correct ?

I want any managemnet for the sonicwall should be come from local lan...
Avatar of Blue Street Tech
Blue Street Tech
Flag of United States of America image
The SSL-VPN can be configured a number of different ways. In this scenario you are connecting it to the LAN so that you'll have access to the LAN Zone resources. You could set it up to connect to the DMZ, etc.

You can manage the firewall from any Zone you see fit. That means you can enable/disable it on the WAN, LAN, WLAN, VPN, SSL-VPN zones, etc.

It means SSLVPN to LAN will be allowed for Service management ,correct ?
When we talk about Management in SonicWALL we are talking specifically about being able to manage the firewall - login to the firewall from that zone and configure or make changes to the firewall. What I provided instructions on will now allow you to manage the firewall remotely once you are logged into the SSLVPN.

Does that make sense?
Avatar of AXISHK
AXISHK

ASKER

Tks, only require users to manage the box through LAN only.
ASKER CERTIFIED SOLUTION
Avatar of Blue Street Tech
Blue Street Tech
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of AXISHK
AXISHK

ASKER

Tks