How to configure SSL VPN on SonicWall
SSL VPN license ultimately allows users who are working or operating remotely to connect to internal networks and resources safely and securely through the SonicWall.
Setup of SSL VPN is through the software solutions; SonicWall SSL VPN client, NetExtender, and the SonicWall mobile connect client.
Configuring SSL VPN on the 7.X SonicOS
For the address ranges within SSL VPN IP v4, you first need to create your address object.
An administrator will need to log in to your UI firewall management and choose object from the menu.
Look for match objects and addresses, and then click add.
A second window will appear where you can then include the identified range for SSL VPN.
You then need to configure the SSL VPN by navigating to within the server settings to network SSL VPN and opting for SSL VPN status on zones.
From here, you can change SSL VPN access by switching to enable or disable (note, green indicates an active status).
Within the SSL VPN server settings, you then have the option to select domain and SSL VPN port.
(Note: the port option will be required if you connect using the NetExtender and mobile connect methods. The domain will be necessary for the user to gain access to the networks and log in.)
From the client settings – SSL VPN Network, choose default device profile and set the SSL VPN for zone IP v4 and set the address object generated previously as the Network address IP v4.
The tab across the top of the window labelled client routes allows you to manage what levels of network access remote users can be permitted via their connection.
The last tab, client settings, allows administrators to input suffix, WINS, and DNS information and control the caching passwords, behaviour of NetExtender clients, and usernames.
Change create client connection profile to enable and save all changes.
Adding additional SSL VPN users
NetExtender users can authenticate SonicWall for local users, or if they’re listed within a known group, this can be done through LDAP.
To add local users, you need to be within local users and groups, which can be found within devices and users. You can now add new users by simply clicking add.
Moving to the tab labelled groups, click SSL VPN services, and move this across to member of, section.
Moving across to VPN access, you can now add all relevant areas that the user will need access to.
Again, make sure to click save before closing the window.
For the zones of SSL VPN, it’s important to check access rule information.
To do this you need to access, access rules by following policy – rules and policies, then choose SSL VPN – LAN rules. If a user requires access to other zones to obtain resources, this can all be managed in this area by verifying and adding additional access rules as you go.
Configuring SSL VPN for the 6.5 SonicOS
Similar to the SonicOS 7.x, administrators will need to log in to the management platform of SonicWall and within the navigation menu choose manage and then address objects.
From here, click add.
A second window will appear where you now have the option to add your range for SSL VPN.
To configure these settings, click on SSL VPN on the settings page and go to WAN, changing it from red to green to show it is now active.
Now all SSL VPN configurations will be enabled in this particular zone.
You can then set the domain and ports for SSL VPN as you require.
Move across to client settings where, as administrator, you can configure the range of client addresses and NetExtender settings.
For the default device profile, click on configure.
Here you can set the network address v4 IP as your address object from before and set the zone v4 IP as SSL VPN.
The tab labelled client routes will allow administrators to manage the level of access users have to two networks.
It’s essential to set the VPN appropriately as all users will be able to see the routes but may not necessarily be authorised to access all network resources.
In the settings, administrators should also enter all required DNS and WINS data and create client profile connections by enabling this action.
Adding additional users
To add new users, click on users and local users and groups. Within groups, click add SSL VPN services to move the field to member of.
Moving to VPN access, you can then add all the relevant IP addresses and objects identified to the users requirements, in terms of access via NetExtender.
Note: Client routes and VPN access must match for users to have authority to access network resources.
Remember to click save, to save all changes before closing.
SSL VPN zones access rule details
Within access rules, you can access SSL VPN LAN rules with drop-lists available.
Access rules allow access to intended end devices through SSL VPN IPs which are also required for the firewalls to understand that such traffic is allowed through.
You can also test all connections and configurations by installing the SonicWall NetExtender.
Two final points to note:
Remember, within the user’s section of the menu toolbar, you must add in however many users that will have login credentials. Each user then must become a member of SSL VPN services group and have to subnet added to VPN access within the allow list.
In-network interfaces make sure to click on configure on the WAN interface and tick the HTTPS box beside the user login – this helps to minimise login failed attempts occurring when users access SSL VPN via a web portal.
For further information on a SonicWall VPN licence and more call 0330 1340 230, today.
Read the next article: Best Practices for SSL VPNs
