Can't remotely manage Dell SonicWall TZ-205 Wireless-N

I have several Dell SonicWALL's in service but with one of them,  a TZ205 wireless-N, I can't remotely manage the Sonicwall.  I can connect to all computers at this remote location from a VPN tunnel, Site to Site.  If I connect to a PC behind that SonicWall I can then connect and manage the SonicWall.  This is an extra step that I don't want to have to deal with.

I've compared settings to my other SonicWalls's but none are the exact same model.  As far as I can tell everything is the same.

What am I missing?
MwvarnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi Mwvarner,

It sounds like you don't have Remote Access setup on the WAN Interface for management or if you want to manage the firewall remotely from within the VPN you need to setup management from that point as well.

To setup Remote Management from the WAN:

Go to Network > Interfaces, and edit the WAN (X1) icon, select the supported management protocol(s): HTTP, HTTPS, SSH, Ping, SNMP, and/or SSH. Typically if you want to access the GUI via the Web enable HTTPS. Verify the Access Rules has been auto-created in the Firewall > Access Rules under WAN>WAN and you should see a rule for HTTPS Management as the service. The default management port is 443 externally so you should be able to go to the https://<public_IP> and login. However, if someone has changed the default management ports from 443 to 444 you will have to enter that in as such https://<public_IP>:444.

To setup Management from the S2S tunnel
Again management needs to be configured in the tunnel as well. On the Remote Site (of the firewall you want to manage), go to VPN > Settings and edit the S2S Policy then go to the Advanced tab and go to the Management via this SA: section and put a check next to the HTTPS option. Go to VPN>LAN & vice versa to make sure you see the Access Rule for HTTPS Management as the service.

Let me know if you have any other questions!
0
J SpoorTMECommented:
is HTTPs management enabled on the vpn policy? and are the correct allow rules in place in VPN to LAN rules?
0
Blue Street TechLast KnightCommented:
Where are you trying to access it from the WAN or the S2S VPN?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

MwvarnerAuthor Commented:
The access rules in Firewall Access Rules look good to me.  Here are the ones regarding HTTP and HTTPS Management.
See the attached Screenshot SonicWall Access Rules.

The WAN interface X1 seems to be configured properly as well.  See screenshot Interfaces.

The VPN Policy is also configured properly as far as I can tell.  The screenshot VPN Policy

I'm trying to access the Sonicwall over a VPN Tunnel and I'm connecting to the LAN IP address.  Just like I do on all my other SonicWalls.
Sonicwall-Access-Rules.PNG
Interfaces.PNG
VPN-Policy.PNG
0
MwvarnerAuthor Commented:
I'm attaching a screenshot of all interfaces.   Maybe that will help.
All-Interfaces.PNG
0
Blue Street TechLast KnightCommented:
What is the exact error message you get when you try to login?
0
MwvarnerAuthor Commented:
Can’t connect securely to this page

This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.

Try this:
•Go back to the last page
0
Blue Street TechLast KnightCommented:
Ah I see. This typically happens from an older firmware.

Try a different browser. Also make sure the SonicOS is the most current release.

As a side note: You have a ton of management access...I would really limit that as a best practice to 2: one externally (remotely) and one internally. You can further increase the security by limiting to specific management IPs.

Also, User login via this SA: isn't required unless you are logging in as a user (not a root admin).
0
MwvarnerAuthor Commented:
This is what I get when I use Google Chrome.

This site can’t provide a secure connection
10.10.11.1 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
HIDE DETAILS
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
0
Blue Street TechLast KnightCommented:
As I mentioned in my previous post this occurs typically from out-dated firmware. Update your SonicOS to the latest release and try again.

If you can't update it we can try to modify your browser to make it work. Please let me know which route you'd like to take.
0
MwvarnerAuthor Commented:
This is a remote site and I'm a little hesitant to make any changes that my impact service if I'm not on site.  What can we do to the browser to make it work?
0
Blue Street TechLast KnightCommented:
What is your SonicOS firmware version? If it's 5.8.1.x you need to upgrade directly to 5.9.1.8.

SonicOS 5.8.1.x uses an RC4 cipher which is deprecated and no longer supported by modern browsers.
0
MwvarnerAuthor Commented:
I'm on 5.8.1.15-48.  I'll update the firmware on my next visit to the office.  However I have several other sites that are using much older versions than this and they are working fine.
0
Blue Street TechLast KnightCommented:
You need an older browser to make this work. Also, if you don't have an old browser try it in Internet Explorer after you modify as such:
Go to Internet Options > Advanced tab and enable Use SSL 3.0IE - Old SettingsLet me know how it goes!

Remember to disable this setting after you are done with the upgrade. This is considered a temporary workaround and should not be kept as the cipher and protocol are insecure hence them being deprecated.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
This issue is noticed more significantly on 5.8.1.14 and 5.8.1.15 because that was during the time-frame when RC4 was being deprecated. This is also why older firmware versions work.
1
Blue Street TechLast KnightCommented:
On another side note...you should upgrade this one to a TZ300. As a Best Practice you should be upgrading all your SonicWALL every 3-4 years and keeping them up-to-date as new firmware versions are released. They ensure the security integrity of the device as well as fixes for bugs and new features.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Dell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.