Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ670 - Laptops outside the network only accessing to the internet by VPN

César_SCésar_S Newbie ✭

Hello,


This is my 1st post. I hope that I'm doing in the correct section.


I don't know if its possible or not, but did anyone ever created a "rule" that laptops that are outside of the domain network can only access the internet if they turn on the SSL VPN?

I'm asking this because I'm about to change the firewalls of a company from Draytek to TZ670.

The same company will also get all the services for the TZ670, with that comes all the protections.

They've on-prem **** anti-virus, but with TZ670 I won't be needing it, and since it needs to be renewed soon, they might not do it.

That's why I'm asking if is there a way to prevent company laptops outside of the network to only be able to access the internet with the SSL VPN working.

Category: SSL VPN
Reply
Tagged:

Answers

  • SaravananSaravanan Moderator

    Hi @CÉSAR_S,

    Thank you for visiting SonicWall Community. 

    As per your post, I understand that you have a requirement of local users behind SonicWall can have Internet access only when they have active SSLVPN session to the SonicWall. Is this right?

    or

    Please check if you are looking for a requirement that is explained in the below KB article link.

    Keep us updated. You have a good day!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • César_SCésar_S Newbie ✭

    Hello Saravanan.


    I do need to do the full tunnel, but I want the laptops that are outside of the domain network to only be able to use the internet when they turn on the SSL VPN.

    If they don't use the SSL VPN they won't be able to roam the internet at all.

  • SaravananSaravanan Moderator

    Hi @CÉSAR_S,

    Thanks for your response.

    IMO the requirement would be not possible with SSLVPN feature on the firewall as any user connected via SSLVPN will be treated as a user who is part of the LAN or local network. So, differentiating the user traffic based on domain name would be out of question. Possibly I can check if the same requirement is possible with any SMA appliance models and keep you posted here.

    Please standby.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • César_SCésar_S Newbie ✭

    Maybe I'm not explaining myself correctly.

    What I need is this:


    User A uses a laptop that belongs to the enterprise, laptop is also a domain joined machine.

    User A takes the laptop home to work from home.

    From home, for this user to be able to surf the internet, he would need to use the SSL VPN software to connect via SSL to the SonicWall, if the user won't connect to the SSL VPN he won't be able to surf the internet.

    It would of course be in Full Tunnel mode, so all the traffic would go though the firewall and that way the , CFS, Anti-virus, Anti-Spyware, etc, would scan the traffic and the user would be surfing the internet safely.


    Thank you Saravanan for your help.

Sign In or Register to comment.