Skip Ribbon Commands
Skip to main content
... Falcon IT Services, Miami, FL ...

IT Knowledgebase

Oct 16
How to Configure VPN on Sonicwall TZ 200 and TZ 215

Sonicwall SSL-VPN is the preferred VPN connection method to access office resources through a secure VPN tunnel. Sonicwall's Global VPN Client (GVC) is deprecated and will be phased out in due course. SSL VPN NetExtender client has the following advantages over the older, buggy and resource clunky GVC:

  1. NetExtender is a thin application thus less resource intensive.
  2. NetExtender is easy to roll out to new users.
  3. NetExtender easily installs on a client PC using Active X controls.
  4. NetExtender can be turned off and even uninstalled after each disconnect by policy.

 

Now that I have convinced you of the benefits of netExtender, let's install it! First, log in to your Sonicwall Device. Click on Network and select WAN (by default X1) configure.

Make sure the user login has HTTPS enabled. Next, navigate to SSL VPN > server settings.

Click on WAN interface link to change the red dot to green. This enables the SSL VPN feature.

SSL VPN Server Settings

In the SSL Server VPN settings, you may want to change the default port to 443 if the VPN users travel frequently and find themselves behind highly restrictive firewalls that block outbound access by port. Port 443 is usually not blocked by even the most restrictive firewalls.

If you decide to do this, keep in mind that you will need to change the Sonicwall management port to something other than the default port 443. Do this under the system > administration menu. You will also need to double check that port 443 is not being used for other services such as an Exchange/OWA HTTPS connection. For this reason, we will use the default port 4433 for this example.

In SSL VPN > Portal Settings you can customize the message that appears to VPN users. Just edit the HTML text to create custom messages or to link custom logos.

Under Client Settings, follow these instructions:

Interface: Select your LAN Interface, by default X0

NetExtender IP: SSL VPN will not use the DHCP address pool from either the firewall or from a server on your network . For this reason, you must specify a range of usable IP addresses for the VPN client. Make sure the address pool is outside the scope of your DHCP server's pool.

DNS Server: Configure your internal DNS server IP address

Domain: Configure the internal domain

WINS: If you use WINS, enter the IP address of your WINS server.

Default Session Timeout: I like to increase it from the default to avoid constant disconnects.

Enable Web/SSH Management over VPN: Enabled if you want VPN access to manage the Sonicwall device.

Exit Client after Disconnect: Enabled will shut down the NetExtender client program.

Uninstall Client after Exit: If enabled will uninstall client software after disconnect (not recommended in most cases).

Lastly, in the Client Routes, click on Add Client Routes and select LAN Subnet to allow the VPN client access to the LAN subnet.

Now that you have completed the SSL VPN setup, the two remaining things to do are:

  1. Add SSL VPN users
  2. Install NetExtender and connect to the VPN

Once you have finished, log in using using HTTPS and either the IP address and port or URL and port to access the Virtual Office VPN connect site.

Comments

There are no comments for this post.

 ComputerHelp.Club

ComputerHelp.Club

 ‭(Hidden)‬ Blog Tools

 Falcon IT Services, Miami, FL

​Falcon IT Services provides computer and network services and support to small and medium sized businesses in Miami, Fl.