Seleccionar página

How to configure Small Business SSL VPN to enable remote user access

Small Business SSL VPNs is one of the most used methods of allowing Remote Small Business Users to connect to the SonicWall (or other firewalls)  and access internal network resources. Today I am going to show you how to setup and use a SSL VPN Connection and how to connect using NetExtender, the Small Business SSL VPN client.

Sonicwall Small Business VPN firewalls come by default licensed for a maximum of 2 users connecting remotely over a SSL VPN and you can buy more licenses ,should you need more users connecting to your intranet resources.

First, login to your Sonicwall VPN firewall using your admin credentials

Click on “Manage” at the top menu

You can check your existing licenses for SSL-VPN users by clicking on Licenses and scrolling down to SSL VPN, as you can see I have 2 users available of the 102 maximum

When a SSL VPN  client connects , it is assigned an IP address on the network, lets define an address object to indicate what IP addresses will be available for this purpose

ON screen title “Creating an Address Object for the SSLVPN IPv4 Address Range”

Click Manage in the top navigation menu

Click on Objects on the left menu and then Click on Address Objects  Now, lets “+Add” at the top on the right pane

In the pop-up window, enter the information for your SSL VPN Range.

Name: SSL VPN Pool

Type a Friendly Name for the IP address pool.

Zone Assignment select  SSLVPN  

On the field “Type” you can define if you want to make available a single IP, a range of IP addresses or an entire subnet, I am going to use a range

On the Range field

  • Starting IP Address for the range: 192.168.1.180
  • Ending IP Address: 192.168.1.190

Click the “Add” button to complete adding the SSL-VPN IP allocation address object

ON screen title “SSLVPN Configuration”

Now, let’s configure the SSL VPN, to do so,

Navigate to the “SSL-VPN” option on the left menu

Click on “Server Settings

Click on the Red Bubble for “WAN” to enable VPN connections from the internet, it should become Green. This indicates that SSL VPN Connections will be allowed on the WAN Zone.

Set the “SSL VPN Port”, and “Domain” as desired. I will leave the defaults

let’s configure the client settings,

Navigate to the “SSL VPN” option on the left  

Then click on  “Client Settings”, The SSL VPN | Client Settings page allows the administrator to configure the client address range information and NetExtender client settings, the most important being where the SSL-VPN will terminate

Click on the “Configure” button for the Default Device Profile.

Set the “Zone IP V4” as SSLVPN. 

Set “Network Address IP V4” as the Address Object you created earlier (SSL-VPN-IP Range).

Click on the “Client Routes” here you can control what network access SSL VPN Users are allowed.

Click on the left pane the object or object you will like to create routes and grant access over the VPN connection

Click the Right pointing arrow to add the object to the allowed client routes I am just going to add a single host named “192.168.1.16” since that’s all I need for my client’s The “Client Settings” tab allows the Administrator to input DNS, WINS, and Suffix information while also controlling the caching of passwords, user names, and the behavior of the NetExtender Client.

Input the necessary DNS/WINS information and a DNS Suffix if SSL VPN Users need to find Domain resources by name.

I am just going to change the DNS server Enable “Create Client Connection Profile”  to allow the NetExtender client software to save the connection.

The NetExtender client will create a connection profile recording the SSL VPN Server name, the Domain name and optionally the username and password.

ON screen title “Adding Users to SSLVPN Services Group”

NetExtender Users may either authenticate as a Local User on the SonicWall or as a member of an appropriate Group through LDAP.

I will use manually defined  “Local Users” , however you could use a domain Navigate to “Users” on the left menu Click on “Local Users & Groups”   Click the “Add” button on the “Local Users” tab

On the “Add User” dialog

Type the user name that will be used for login

Type the user password and confirm it

Type the user email should you want to allow users to reset their passwords

Optionally you could set an expiration time Click on the “Groups” tab

Add SSLVPN Services to the Member Of: field by clicking on the right pointing arrow

Click on the “VPN Access” tab to  add the relevant Subnets, Range, or IP Address Address Objects that match what the User needs access to via NetExtender.

In my case I am going to add a single host IP address object   Click “OK” to save these settings and close the dialog.  

ON screen title “Checking Access rule Information for SSLVPN Zone” Navigate to “Rules”  on the left menu

Click on “Access Rules”

You will need to create Access Rules allowing SSLVPN IPs to access your intended server or devices

On SCREEN NOTE: 

This does not grant access to all users, individual access is still granted to users based on their VPN access and SSLVPN routes.  Access rules are needed for the firewall to allow this traffic through.

Click on the “Add” button at the top  

On the field “From” select SSLVPN”

On the field  “To” select “LAN”

On the field “Source Port” select “any”

On the field “Service”select “any”

On the field “Source” select “Any”

On the field “Destination” select “X0 Subnet”  

In my case I could have limited even further the Source to “SSL-VPN-IP-Range” and the destination to the single server address object “192.168.1.16”  

Click “Ok” to save the new access rule.        

On SCREEN NOTE: “Testing the Connection”

Download and install either SonicWall NetExtender

NetExtender is available via MySonicWall.com or the Virtual Office page on the SonicWall. SonicWall Mobile Connect is available via the App Store, Windows Store, or Apple Store depending on your Operating System. I will leave alink below on the video description

Download and install NetExtender

Once NetExtender is installed, you might need to reboot your computer

On the NetExtender window input the following:

  • IP Address or URL of the SonicWall WAN Interface, followed by the Port Number
  • User Name
  • Password
  • Domain

You can select to save the user name down below if allowed on the sonicwall device

Click “Connect”

On the Certificate notification click “Always Trust” to avoid receiving that message every time you connect

Now that we are connected, you can test pinging the destination server “192.168.1.16” that we wanted to access, and also test if the remote desktop connection works over the VPN

Share This