SonicWall VPN

Rick Barwig
Rick Barwig used Ask the Experts™
on
I have a client with a SonicWall TZ105, he currently has a tunnel from his home office to his work location.  He just purchased a Windows 10 laptop and wants to VPN  in when he is travelling.  Does the unit come with a license so he can do this or is an additional license required to be purchased and installed?  What is the best client to use on the laptop?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017

Commented:
You have to check, but usually, several remote VPN connections are available.

E option is either have a remote VPN to the office and one home
Or one home and allow the user access through the VPN connection home to reach the office.
Rick BarwigConsultant

Author

Commented:
Arnold,  Thank you.  If I log into the unit, how would I determine if a license is available?  The intention here is to setup the laptop to VPN to the office and access files on the server.  I ASSUME that the current tunnel between office and home will allow him to traverse to resources (printers) at home with or without additional setup (that can be determined later).
Distinguished Expert 2017

Commented:
Usually it should be in the licensing section. Detail about the sonicwall.

Not it usually not be possible by default to allow a remote client connecting office to have a path to the HOME connection completed through a site to site VPN.

The interface is also the means by which you can define the remote VPN policy and create the sonicwall install package to be run on the Windows 10 system.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Rick, just to be clear.. you see you have several licenses, right? if so you should be able able to connect ( as long as you don't reach the limit). For windows 10 I use sonicwall mobile connect.

i hope it helpsl
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
Log on to the SonicWALL and verify that the SSL VPN available. If it is, then set it up to allow incoming connections. Note, a license may be required. Given the age of the unit I'm not 100% sure it would include the license as newer models do.

Once the SSL VPN is set up on the WAN connection, internal subnets are defined and set to allowed internally, download the NetExtender client from SonicWALL's site: Free Downloads
SonicWALL NetExtender DownloadInstall the software then set up the VPN connection.
Office.Domain.Com:4433
UserName
Password
UserDomain (We always customize this setting away from default)
Rick BarwigConsultant

Author

Commented:
this is what I am seeing for the unit licensing:


 • The SonicWALL is licensed for 5 Nodes/Users (0 in use).
 • Node License Exclusion List contains 0 excluded nodes.
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
Using the traditional interface this is what I see in ours:SonicWALL VPN LicenseEDIT: We use the SSL VPN extensively here.
Tom CieslikIT Engineer
Distinguished Expert 2017

Commented:
Rick BarwigConsultant

Author

Commented:
Come to find out the client never registered the unit.  I am trying to register it now, but I am getting "SSL negotiation with the license manager server has failed. This could be caused by an incorrect date/time setting on your firewall.
System time is WED OCT 09 23:54:05 2019 . You may go to System > Time to adjust your time."  The time displayed is 5 hours off.

When I go to the time settings I am seeing the correct time settings and the unit is set to sync from pool.mtp.org every 60 minutes.  I restrted the unit to see if that cleared the issue, but it did not.  I guess I have 3 goals now:

1) Register the unit
2) Upgrade the firmware
3) Determine the licenses (the screen shots sent by Philip do not match what I am seeing.  I think this is due to old firmware on the unit.

Is there a site I can go directly to to get the latest update for the TZ105W without using mysonicwall.com?
Rick BarwigConsultant

Author

Commented:
Update: Unit is now registered,
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
Once you sync the license with MySonicWALL you should be able to set up the SSL VPN and connect with the NetExtender client. Yes, the snips I sent are one generation back from the current UI which is kind of XP Cartoon style (Web 3.0?).
Rick BarwigConsultant

Author

Commented:
I am following this video:
 https://www.google.com/search?q=how+to+setup+ssl+vpn+sonicwall&rlz=1C1GCEU_enUS819US819&oq=how+to+setup+ssl+vpn+sonicwall&aqs=chrome..69i57j0l6.11285j0j9&sourceid=chrome&ie=UTF-8#kpvalbx=_Ww6fXdqhMsW1tgWThq7ADA30

I am planning on using NetExtender

He is using a different version of the SonicOS, so there are different screens and I understand that.  I am up to the point of setting up the SSL VPN (5:31 in the video)  he states to edit the default device profile.  My screens looks like these and I am not clear on how to set them.SSL VPN Client Settings ScreenSSL VPN Portal ScreenI am not seeing a default Device Profile to edit.

Lastly I am getting an error about setting the DNS.  If my DNS is handled by the Windows server on the 192.168.10.x subnet, what should this setting be?  The Ip of the server is being rejected.
Client-Settings.jpg
Distinguished Expert 2017

Commented:
Your issue is the IPs you want to allocate 192.168.59.10-20 nor the 192.168.10.1 , are not of a valid segment for the X0 interface which you are binding the VPN connection to.

Are you setting up VPN on a separate block?
you would need to add the block to the trusted zone on the interface .
where is 192.168.10.1?

Look at the bottom of the windows it gives you the error in red.
Distinguished Expert 2017

Commented:
Oh, did you already configure the server side of the VPN?
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
The first is the portion of the subnet you want the SonicWALL to deliver to remotely connected clients.

If the subnet is 192.168.11.0/24 (1-254) then deliver the needed IPs +1. If 10 clients then 11. That way there's always one available for remote admin.

The IP range you give needs to be excluded from the DHCP server so that there is no IP overlap/conflict.

DNS will be the internal DNS server.

Domain will be their Domain.Local domain.

WINS can be left blank.

We don't modify the second screen.
Rick BarwigConsultant

Author

Commented:
OK, I was able to get all the device side of things setup.  next question is on the NetExtender.  I have the server setup to allow the saving of the username, yet on the client after a successful connection, and then disconnect, if I follow that with trying to reconnect, I get Verifying user...incorrect user/password and I have entered the same password from the previous successful connection, what gives?
Distinguished Expert 2017

Commented:
IMHO, do not allow saving of user credentials for the VPN.
Technical Architect - HA/Compute/Storage
Commented:
The options drop down in the client:
Username and Password Options
Rick BarwigConsultant

Author

Commented:
so, I have connected and disconnected successfully more than 3 times, however NetExtender is not saving the connection profile.  is there a way to force it to save?
Distinguished Expert 2017

Commented:
The option is set by you in the client configuration. Last selection box. You currently only allow the saving of the username!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial