SonicWALL GVPN Setup


SonicWALL GVPN Setup



Step 1





One of the most popular questions my clients ask us is for the ability to remotely use their server resources.
We all know how well (ha!) the VPN functionality built into Windows Server works, so it's usually a question most of us cringe at since it's usually only being asked when it's critical to have it and there isn't really time to order/setup new hardware.
What's not widely known, or maybe just not acknowledged is that most SonicWALLs nowadays come with 1 or 2 licenses for the 'Global VPN Client'. Lucky for us, most of our clients use SonicWALLs on our recommendation :)
The software download link for the SonicWALL Global VPN Client is in the references.
The first step to getting connected is to make sure that your VPN policy for the client is setup the way you want it. Login to your SonicWALL and go to VPN on the left hand side. You'll see two 'Group' VPN policies configured, WAN Group VPN is the one we want to use. Click on the pencil icon to edit the policy.
On this first page you'll see your Authentication method, the name of the policy and the shared secret. In this case you'll want to note your Shared Secret and change it to something secure if it isn't already.
The authentication method of Preshared Secret is usually OK for most people however for the more security conscious you can set it to require a 3rd party certificate that you distribute to select users.
Note that while you cannot change the policy name, you are able to create a New Policy with your own name and disable this one.


Step 2


WAN GroupVPN - Authentication


In the second tab, you want to setup the authentication encryption that you're comfortable with. The defaults here will suffice for most people.
NOTE: If you're not using the Global VPN Client, you need to make sure the authentication you use is supported by the VPN Client you ARE using.


Step 3

WAN GroupVPN - Advanced

On this tab you can setup additional security along with special network settings, like allowing Mutlicasting or NetBIOS across the VPN connection.
I recommend that you require authentication (in addition to the Preshared Secret on the general page) here, with a SonicWALL (or LDAP if it's configured) user account to access the VPN. This is specified under the 'Client Authentication' settings of the Advanced page.

Step 4

WAN GroupVPN - Client

Almost done here, because most users will have this on their laptop you have the ability to specify if they can save their username/password for authentication (the Preshared Key much like the Certificate that is installed one time, will be saved after the first time)
I recommend you do NOT allow them to save for obvious security reasons. You set this by specifying 'Cache XAUTH User Name and Password on Client' to 'Never' or 'Single Session'.
You can also set client side networking preferences like how their virtual adapter will be configured; if the internet will work; or if you should route all their internet traffic through your SonicWALL so you can keep an eye on what they're doing while they're connected to the corporate network.
Keep the 'Use Default Key for Simple Client Provisioning' unchecked, while it makes it easier to setup the VPN it is less secure.


Step 5

Ok Almost there - time to breathe


Once you're all done configuring the policy, save your changes and enable the policy. (See the screenshot). In the next few step, we're going to switch over to the client and show how to configure it.

Step 6

Call the end user


Now, it's time to call the end user, let them know that they WILL have access to the network shortly; you just need 20 minutes on their machine to configure it. In reality it shouldn't take more than 10 minutes, but giving yourself a buffer of more time is always a good idea - especially if you're not familiar with the process. Sometimes I even tell them 30 minutes, depending if I know the end user will be exact with the timeline I give them.
Once you're logged into the machine, download the SonicWALL Global VPN Client* (download link mentioned in the references) and install it. Your first screen after install will be a welcome screen on a New Connection Wizard, press Next and it will take you a page like what's shown in this screenshot.
Add your firewall public IP (or domain name for the IP) and name the VPN something user friendly like 'Office' (the user friendly name comes in handy when you make a shortcut on the Desktop but it's not important)
The final page of the wizard asks if you want to start the connection automatically on launch of the application, and if you want to make a desktop shortcut to enable this connection. Choose your options and choose Finish.

Step 7

Ready to test


Ok, your connection is created, do an initial connection and verify it works as advertised! Enable the connection and you'll be prompted for your Preshared Key.
If you're using a certificate make sure the certificate is installed BEFORE you enable the connection.


Step 8

Success!!

You'll get another prompt on your screen for Username and Password, (note they're BOTH case sensitive) and after that you'll see it says 'Connected!'.
Don't breathe too deeply yet, often times if you have a misconfiguration on the Advanced tab of the policy or the Client tab you'll have a connection but it won't really work - or you'll accidentally disable the internet access. Check everything before you call the end user back once, you've confirmed it's working then go grab a coffee and get ready for the next high strung end user to call you flipping out :)




Reference Spiceworks.com

Comments

Post a Comment

Popular posts from this blog

How to install XIbo?

Image
How to install Xibo on Windows 10 64 bit What is Xibo? XIbo is open source signage software, Xibo Digital Signage is a low-cost, high performance solution to launch your business, workplace or organisation into the future. Xibo doesn’t just replicate print media, but actively increases engagement allowing you to deliver your message more effectively than ever before What is  Digital signage?  Digital signage is a sub-segment of electronic signage. Digital displays use technologies such as LCD, LED, projection and e-paper to display digital images, video, web pages, weather data, restaurant menus, or text.  Wikipedia How to install Xibo on Windows 10. It is very easy to install the Xibo on windows 10 x64 bit os with docker. Below is the step to install the Xibo. ð   Step 1.   Download the docker for windows 10 x64,  Link to download Docker ð   Step 2. Install the Docker. Double-click  Docker for Windows Installer  to run the installer
Read more

How to install - Snipe-IT, Free IT Asset manager software

Image
 Snipe-IT, IT Free Asset manager Software. S nipe-IT was made for IT asset management, to enable IT departments to track who has which laptop, when it was purchased, which software licenses and accessories. Pre-requisite 1) Wamp Webserver - Download Link 2)  composer  - Download Link Step 1.  Install Composer 2) Install Wamp  create database snipeit; show databases; Create user snipe_user; grant all on snipeit.* to 'snipe_user' @ 'localhost' identified by 'password123' ; Extract and configure Snipe-IT and run composer https://snipeitapp.com/download Download and exact Snipe-IT to c:\wamp\www\snipe-it. Edit  .env.example See the  Configuration  options for more information on how to configure your Snipe-IT installation. Save your edited  env.example  as  .env Open command prompt then change directory to  c:\wamp\www\snipe-it\ . Then ru
Read more

Get information about SSL protocols

Image
  Get the information about the SSL version using and strength by utilizting the SSL Disagnos SSL Diagnos is used to test SSL strength; Get information about SSL protocols (pct, ssl2, ssl3, tls, dtls) and cipher suites. It can also be used for testing and rating ciphers on SSL clients. It has also specific support for pop3s, sip, smtp and explicit ftps. Tests for heartbleed (including dtls). Furthermore a separate tool, SSLPressure, not using openssl can be used to check the whole spectrum of possible SSL protocols on a server. Can also be used for testing ssl for mssql-servers (was added since nessus did not support this) and contains mitm poc for stripping ssl from mssql-connections. Features SSL scanner including rating of SSL cipher suite strength for server and clients Test SSL strength in for example https, smtp, sip, pop3s, ftps Can be used for OWASP-CM-001 Uses OpenSSL to test ssl2, ssl3, tls, dtls, explicit ftps Tests renegotiation and availability
Read more