UK Sales: 0330 1340 230

Setting up SSL VPN

by Paul Heritage

SonicWall's security appliance features SSL VPN, providing secure remote access to networks using the NetExtender client.

Below, we outline the steps required to help configure the SonicWall SSL VPN setup, allowing you to run applications securely across your company's network.

Setting up SSL VPN

Accessing NetExtender

Remote users will use NetExtender to access your networks and anything contained within these, i.e., documents, shared files, etc.

Typically users access NetExtender either by clicking on the NetExtender button found when logging in to the virtual office web portal or by launching the NetExtender as a standalone client (once installed, it will remain as a shortcut or within the Start menu making it easy to access after that).

How to setup SSL VPN for SonicOS 7.X

When setting up SonicWall SSL VPN on the latest 7.X firmware, the following instructions should help.

1. With the server settings, look for SSL VPN, Network.

2. Choose SSL VPN status on zones

3. You can choose whether you want and need to disable or enable access to SSL VPN (moving it to a green status means it is active).

4. You then need to move to the server SSL VPN settings. Here choose the port SSL VPN and the desired domain and configure within client settings SSL VPN, Network.

5. With the client settings, SSL VPN, you're able to configure the NetExtender client settings and the client address range information, i.e., which IP's you will provide for those connecting clients and where users can log in from.

6. For the default profile of the device, click on configure.

7. Change the Network IP v4 Address to the address range you inputted in point 5 and set the Zone IP V4 as SSL VPN.

8. Within client routes, you can now control network access for all users, deciding on what can and can't be accessed across the network.

9. The last tab, client settings, is where you can input Suffix, WINS, and DNS information, all while managing usernames, caching passwords, etc.

10. You must enable the create client profile connection for the NetExtender to make a connection and record the server name for the SSL VPN and domain name too.

11. To configure the SSL VPN virtual office's functionality and appearance, you need to use the SSL VPN portal settings page.

12. All SSL VPN users must be part of a user group or SSL VPN services member. To check this and change as appropriate within; device - users – local users and groups.

13. Moving across to VPN access at the top of the screen, you can choose one or more networks from the list, clicking the arrow button to move them directly across to the access list. If you need to change or remove a user's access rights, select the network from the access list and click on the arrow pointing left.

14. Finally, within policy, rules and access rules, set the SSL VPN to LAN rules. And if a user requires access to other zones, you can add and verify these via the access rules page.

SSL VPN setup for SonicOS 6.5

1. Select the SonicWall application and click on manage – SSL VPN settings.

2. To configure these client settings, you need to be on the SSL VPN client settings page where you can input the address range for the client, NetExtender information, and where the users will be able to log in.

3. Within the settings tab, make sure to select both network address IP V4 and Zone IP.

4. To allow the right level of access for users, administrators will need to set this within SSL VPN – client routes page.

5. To configure client settings for the NetExtender, the create client profile connection must be enabled.

6. For the virtual office portal's appearance and functionality, these elements must be configured within SSL VPN – portal settings.

7. Administrators will need to manage users and groups of users through users – local users and moving each member to the appropriate services group. When configuring local users, navigate to manage and system setup – local users and groups, you can then add SSL VPN services. To set local and LDAP user groups, you must edit SSL

VPN services and add the specified user group within the member's tab.

8. Within VPN access, you will see what users can access what networks. You can also add more networks to the access list as required. Of course, these can also be removed by carrying out the same procedure in reverse..

9. Note the new SSL VPN areas within firewall – access rules.

10. SSL VPN zones will auto-create firewall access rules; however, these can be modified, allowing access to only those users that have been configured.

11. Administrators should follow manage – network – interfaces, and within the WAN interface, administrators must ensure HTTPS is enabled.

Both of these SonicWall SSL VPN setup procedures can be tested via users through the SonicWall's public IP – always recommended.