Avatar of Infotech2008
Infotech2008
Flag for United States of America asked on

SonicWALL SSL VPN Security Question

Hey Guys,

My client have a SonicWALL TZ 300,  We have setup and configured SSL VPN to communicate to AD over LDAP.  I have enabled TLS over LDAP on the SonicWALL and it's using port 636.  Question, do I need to do something on the server 2012 end?  See pic attached.
* LDAP* LDAPSVPNSonicWall

Avatar of undefined
Last Comment
Infotech2008

8/22/2022 - Mon
David Favor

You asked, "Question, do I need to do something on the server 2012 end?"

Depend on exactly how you're connecting.

Since you're using LDAPS, a VPN will only slow down your connection. TLS already provides your encryption. Just connect directly to your LDAPS IP + port.

No pic attached.
J Spoor

for LDAP over TLS you need to inject an SSL cert into the domain.

easiest way is to install Microsoft CA server

https://blogs.msdn.microsoft.com/microsoftrservertigerteam/2017/04/10/step-by-step-guide-to-setup-ldaps-on-windows-server/

also suggest you grab the root CA server and inport that into the SonicWall
Infotech2008

ASKER
Question, without installing Certificate Authority on the server, will SonicWALL TLS provide encryption?  David mentioned it would, and J you are saying it will not?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
J Spoor

Switching to TLS (port 636) will indeed encrypt the LDAP traffic.
But to my recollection the AD server needs an SSL cert to be able to do that.
Hence the need to install MS CA server.
ASKER CERTIFIED SOLUTION
Infotech2008

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.