Can't remotely manage Dell SonicWall TZ-205 Wireless-N

Mwvarner
Mwvarner used Ask the Experts™
on
I have several Dell SonicWALL's in service but with one of them,  a TZ205 wireless-N, I can't remotely manage the Sonicwall.  I can connect to all computers at this remote location from a VPN tunnel, Site to Site.  If I connect to a PC behind that SonicWall I can then connect and manage the SonicWall.  This is an extra step that I don't want to have to deal with.

I've compared settings to my other SonicWalls's but none are the exact same model.  As far as I can tell everything is the same.

What am I missing?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
Hi Mwvarner,

It sounds like you don't have Remote Access setup on the WAN Interface for management or if you want to manage the firewall remotely from within the VPN you need to setup management from that point as well.

To setup Remote Management from the WAN:

Go to Network > Interfaces, and edit the WAN (X1) icon, select the supported management protocol(s): HTTP, HTTPS, SSH, Ping, SNMP, and/or SSH. Typically if you want to access the GUI via the Web enable HTTPS. Verify the Access Rules has been auto-created in the Firewall > Access Rules under WAN>WAN and you should see a rule for HTTPS Management as the service. The default management port is 443 externally so you should be able to go to the https://<public_IP> and login. However, if someone has changed the default management ports from 443 to 444 you will have to enter that in as such https://<public_IP>:444.

To setup Management from the S2S tunnel
Again management needs to be configured in the tunnel as well. On the Remote Site (of the firewall you want to manage), go to VPN > Settings and edit the S2S Policy then go to the Advanced tab and go to the Management via this SA: section and put a check next to the HTTPS option. Go to VPN>LAN & vice versa to make sure you see the Access Rule for HTTPS Management as the service.

Let me know if you have any other questions!
J SpoorTME / Network Security Evangelist

Commented:
is HTTPs management enabled on the vpn policy? and are the correct allow rules in place in VPN to LAN rules?
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
Where are you trying to access it from the WAN or the S2S VPN?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
The access rules in Firewall Access Rules look good to me.  Here are the ones regarding HTTP and HTTPS Management.
See the attached Screenshot SonicWall Access Rules.

The WAN interface X1 seems to be configured properly as well.  See screenshot Interfaces.

The VPN Policy is also configured properly as far as I can tell.  The screenshot VPN Policy

I'm trying to access the Sonicwall over a VPN Tunnel and I'm connecting to the LAN IP address.  Just like I do on all my other SonicWalls.
Sonicwall-Access-Rules.PNG
Interfaces.PNG
VPN-Policy.PNG

Author

Commented:
I'm attaching a screenshot of all interfaces.   Maybe that will help.
All-Interfaces.PNG
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
What is the exact error message you get when you try to login?

Author

Commented:
Can’t connect securely to this page

This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.

Try this:
•Go back to the last page
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
Ah I see. This typically happens from an older firmware.

Try a different browser. Also make sure the SonicOS is the most current release.

As a side note: You have a ton of management access...I would really limit that as a best practice to 2: one externally (remotely) and one internally. You can further increase the security by limiting to specific management IPs.

Also, User login via this SA: isn't required unless you are logging in as a user (not a root admin).

Author

Commented:
This is what I get when I use Google Chrome.

This site can’t provide a secure connection
10.10.11.1 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
HIDE DETAILS
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
As I mentioned in my previous post this occurs typically from out-dated firmware. Update your SonicOS to the latest release and try again.

If you can't update it we can try to modify your browser to make it work. Please let me know which route you'd like to take.

Author

Commented:
This is a remote site and I'm a little hesitant to make any changes that my impact service if I'm not on site.  What can we do to the browser to make it work?
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
What is your SonicOS firmware version? If it's 5.8.1.x you need to upgrade directly to 5.9.1.8.

SonicOS 5.8.1.x uses an RC4 cipher which is deprecated and no longer supported by modern browsers.

Author

Commented:
I'm on 5.8.1.15-48.  I'll update the firmware on my next visit to the office.  However I have several other sites that are using much older versions than this and they are working fine.
Last Knight
Distinguished Expert 2018
Commented:
You need an older browser to make this work. Also, if you don't have an old browser try it in Internet Explorer after you modify as such:
Go to Internet Options > Advanced tab and enable Use SSL 3.0IE - Old SettingsLet me know how it goes!

Remember to disable this setting after you are done with the upgrade. This is considered a temporary workaround and should not be kept as the cipher and protocol are insecure hence them being deprecated.
Blue Street TechLast Knight
Distinguished Expert 2018
Commented:
This issue is noticed more significantly on 5.8.1.14 and 5.8.1.15 because that was during the time-frame when RC4 was being deprecated. This is also why older firmware versions work.
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
On another side note...you should upgrade this one to a TZ300. As a Best Practice you should be upgrading all your SonicWALL every 3-4 years and keeping them up-to-date as new firmware versions are released. They ensure the security integrity of the device as well as fixes for bugs and new features.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial