SonicWALL SSL VPN Security Question

Infotech2008
Infotech2008 used Ask the Experts™
on
Hey Guys,

My client have a SonicWALL TZ 300,  We have setup and configured SSL VPN to communicate to AD over LDAP.  I have enabled TLS over LDAP on the SonicWALL and it's using port 636.  Question, do I need to do something on the server 2012 end?  See pic attached.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You asked, "Question, do I need to do something on the server 2012 end?"

Depend on exactly how you're connecting.

Since you're using LDAPS, a VPN will only slow down your connection. TLS already provides your encryption. Just connect directly to your LDAPS IP + port.

No pic attached.
J SpoorTME / Network Security Evangelist

Commented:
for LDAP over TLS you need to inject an SSL cert into the domain.

easiest way is to install Microsoft CA server

https://blogs.msdn.microsoft.com/microsoftrservertigerteam/2017/04/10/step-by-step-guide-to-setup-ldaps-on-windows-server/

also suggest you grab the root CA server and inport that into the SonicWall

Author

Commented:
Question, without installing Certificate Authority on the server, will SonicWALL TLS provide encryption?  David mentioned it would, and J you are saying it will not?
J SpoorTME / Network Security Evangelist

Commented:
Switching to TLS (port 636) will indeed encrypt the LDAP traffic.
But to my recollection the AD server needs an SSL cert to be able to do that.
Hence the need to install MS CA server.
Hey guys, according to the company who are doing security audit on my client's network, they flagged self signed certificate.  I purchased and applied a public certificate and we are all set.  I appreciate everyone's input.  Thanks a lot.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial