Recently, I was asked to enable SSL VPN on a Sonic wall TZ210 Firewall, I have done this before but always end up forgetting some thing or other, so this time decided to document the process for myself and for you all.

To begin with Sonicwall supports three kind of VPN’s

  • VPN : This is the basic one (without SSL) and to connect to it we use the Global VPN Client (GVC)  Download Here
  • SSL VPN: This is the more secured VPN option which is encrypted channel and we use the Netextender client to connect to it. Download Here
  • IPSec tunnel or Site to Site tunnel:  This is not a user VPN setup and more of a organisation wide VPN, if you have two offices and you want them to feel like in same LAN for file server access or any other server access.  Then we can install one sonic wall at each office and establish an IPsec VPN tunnel between them to achieve the result.

 

In this article we are specifically talking about how to enable the second one, i.e. SSL VPN to be used by a NetExtender client, so lets get started

1) Login to your Sonic wall device with Admin credentials, On left hand side vertical Menu, Click Server settings under SSL VPN

ServerSettings

Here you can change the SSL VPN port if needed, the default is 4433, enable network (by clicking on them) on which the client will have access to, usually LAN is enough.

Step 2: Click on Portal settings on the left Menu, Just match the settings are like this below, No real changes required here

PortalSettings

 

Step 3: Click the Client settings on the left hand menu, this is the place you want most of your changes

ClientSettings

1) Select you Lan interface here , you can check which one is your Lan interface by click Interfaces under Networks on your left menu, refer the screen shot below. In my case it was X0.

X0LanNetwork

2) Specify the IP pool which will be assigned to your VPN clients, make sure this IP pool do not conflict with the DHCP range defined for your office

3) Specify the DNS server to be assigned to VPN Clients

4) Specify the User Domain, By default its set to LocalDomain and we can leave it as it is or you can set it to anything you like.  Please understand that this is totally different then you AD domain and has nothing to do with that. We need to specify user domain during NetExtender client configuration and important thing to note is that this is CASE SENSITIVE.

Step 4: Click on Client Routes and Add you Lan subnets to the list, refer the screen shot

 

ClientRoute

 

Step 5: No Changes are required under Virtual Office, its there for you to download VPN clients, for which we already provided a link above. Our next step is to create a user for login to VPN.

Step 6: Click Users on the left menu and create a local user, You also have options available to use Ldap users in SW but thats off scope for this document. So provide the user appropriate user name and Password  and ensure that you make it a part of SSL VPN services, Everyone and Trusted users group

UserGroup

The next step would be to provide access to user for different networks which need to be chosen under VPN Access tab.UserBookMarks

 

Step 7:  We are done on the sonic wall , next we just need to Download and install the Net Extender client on the client windows PC.  Use the user name and password which you created in step 6.  It will also ask you to provide the public IP for sonicwall, which you can check on sonicwall under Network -> Interfaces , check the IP for Wan, if there are more then one Wan then try both the IP’s , usually both should work, unless restricted other wise.

PS: While providing the target IP in Net Extender client, make sure you provide the port number too i.e IP:4433 (The whole Socket) else the connection would fail. For Example if your target IP is 162.178.3.2 then in Net Extender config you will enter 162.178.3.2:4433.

 

Hope this Article help you to fix the issue you are facing, if not you can reach out to us for Paid support,  Refer our support plans Here

 

The following two tabs change content below.
An automobile enthusiast at heart and computer geek by profession, started my Career with MS in 2005.Left Jobs and started Pledge Technologies (the parent company to Grishbi) back in 2009.We have been providing IT consulting to various Small and Medium businesses across US and UK since then.Our company specialises in Microsoft Server technologies like AD, Exchange, the rest and with numerous Office 365 migrations under our belt, we quite an expert with that too. Whatever we learn in our day to day life, we share it back on Grishbi as a Thank for all the love and support our customers have given us.
%d bloggers like this: