Sonicwall security

Where can I configure Sonicwall to restrict which subnet can manage the Sonicwall ? I want only local network workstations (rather than vpn clients) can configure the box
AXISHKAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi AXISHK,

Go to the VPN policy and remove the checkmark next to Management to remove it from VPN access. If you want to create a group or one IP or the entire subnet access to manage the SonicWALL create the appropriate Address Objects and then go to Network > Interfaces and click on the configure button for the Interface (LAN) you wish to grant management access on.  On the General tab click on the HTTPS next to the Management: section.

Then go to Access Rules for example if it is the LAN zone go to LAN > LAN and find the auto-added management rule. You will not be able to edit anything except the Source, which is where you will select the applicable address Object you wish to have access to manage it.
AXISHKAuthor Commented:
I connect through the SSL VPN (using NetExtender). Which VPN Policy are you meaning about ? Any screen capture for further explaination ?

In access Rule, should the configuration on SSLVPN > LAN, rather do I set LAN > LAN ?

Tks
Blue Street TechLast KnightCommented:
So you want to only manage the SonicWALL via SSL-VPN? Is that correctly?
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

AXISHKAuthor Commented:
Only local LAN can manage the Sonicall firewall. Connecting through SSL-VPN can't. Tks
Blue Street TechLast KnightCommented:
ah OK so you want the SSL-VPN to be able to manage the SonicWALL as well.

OK, then go to SSL VPN > Server Settings then check next to Enable Web Management over SSL VPN:. Next add an Access Rule in Firewall > Access Rules screen, Matrix View Style: SSLVPN > LAN - it may do this by default but in case it doesn't....
• Allow
• (From: SSLVPN ; To: LAN)
• Source Port: Any* (or follow the same procedures above to further restrict access to single IP or group.)
• Service: HTTPS Management
• Source: (the selected Device Profile's "SSLVPN IP Range" object)
• Destination: (X0 IP or other internal interface's IP address object)
Let me know if you have any other questions.
AXISHKAuthor Commented:
Add an Access Rule in Firewall > Access Rules screen, Matrix View Style: SSLVPN > LAN -
• Allow
• Service: HTTPS Management

It means SSLVPN to LAN will be allowed for Service management ,correct ?

I want any managemnet for the sonicwall should be come from local lan...
Blue Street TechLast KnightCommented:
The SSL-VPN can be configured a number of different ways. In this scenario you are connecting it to the LAN so that you'll have access to the LAN Zone resources. You could set it up to connect to the DMZ, etc.

You can manage the firewall from any Zone you see fit. That means you can enable/disable it on the WAN, LAN, WLAN, VPN, SSL-VPN zones, etc.

It means SSLVPN to LAN will be allowed for Service management ,correct ?
When we talk about Management in SonicWALL we are talking specifically about being able to manage the firewall - login to the firewall from that zone and configure or make changes to the firewall. What I provided instructions on will now allow you to manage the firewall remotely once you are logged into the SSLVPN.

Does that make sense?
AXISHKAuthor Commented:
Tks, only require users to manage the box through LAN only.
Blue Street TechLast KnightCommented:
Ok then I'm confused why you asked this question about SSLVPN Management or maybe I misinterpreted it. I'd remove what I told you to setup if you ONLY want users to manage the SonicWALL from the LAN.

Then my first comment is what you want to follow: http:#a40976396

That's it!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:
Tks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.