Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Assigning a Static IP to a Specific User

DMoody007DMoody007 Newbie ✭

We are new to NetExtender. It was installed at a location we acquired and we are looking at expanding it's use in our company.

We have a couple of individuals that need customized connections. For increased security, access to specific internal processes are locked to access from a specific IP address assigned to the individual. The current NetExtender setup appears to be using DHCP. We don't want to open the processes to the whole NetExtender Range so we were wondering if it was possible to assign a static IP to a user. When they log into NetExtender, they are automatically given a static IP address specifically reserved for them. Then when they login, they always have that specific IP address to access the processes.

The site is using a TZ400. Is this possible and if yes, can you point me to a resource I can use as a reference in attempting to modify our device?

Any assistance would be greatly appreciated.


Category: SSL VPN


  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @DMoody007

    you can't assign static IP addresses for the SSL-VPN connection on your Firewall, but you can restrict your SSLVPN -> LAN rules to specific users.

    I did this a while ago, can't remember exactly but I guess I left the SSLVPN access for the user empty and created a custom access rule bound to that user.

    Just give it a try, if it's not working I'll taking all the blame.


  • DMoody007DMoody007 Newbie ✭

    if I understand correctly, the SSLVPN doesn't allow for a static assignment but you basically created a rule that pigeon holed the specific user to a specific IP address through maybe an address object?

    It's an interesting idea. Never tried to create a rule based on a specific user.

    Do you get the beer on success?

  • Hi @DMOODY007,

    Unfortunately, SSLVPN users cannot be assigned with static IP addresses and there is an existing RFE reported for this. The static IP assignment feature is available for GVC clients.

    Hope this helps if you have sufficient GVC licenses.


    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited November 21

    Hi @DMoody007

    time took it's toll and I was not 100% correct. You have to put the destinations in the VPN Access tab of the user/group. Just have a look at the screenshot, I recreated the scenario for you on my TZ 400 at home.

    My SSLVPN Clients Network (SSLVPN_N) will not be able to access the LAN (N_CLIENTS), except for the user michael who can do the ping. The trick here is to have the priority of the rules in mind and put a drop all rule above the default rules which allow all access.

    Hope this helps a little.


Sign In or Register to comment.