Management over SSL VPN
Hello again,
I'm having this strange issue with the SSL Management.
I can't use the default admin user to log in to the firewall when connected by SSL VPN, I get this error...
But if I create a new user and give it the Administrator permissions, I can use this new user...
Best Answer
-
preston All-Knowing Sage ✭✭✭✭
Hi @ SonicAdmin80, This is by default as the user is logged in to the appliance as a local user ( hence why it auto populates the username on the login form ), if you were to login to the appliance as the admin account it would log you out of Netextender, most people just RDP to a local PC or server whilst connected to Netextender and login to the Firewall from that PC with the default admin account. this way you don't need to give users sonicwall admin rights
0
Answers
I think at least on Gen 6 devices only the user used to connect with SSL-VPN can be used to log in to the appliance. Which is a little strange because it lowers security.
Hi @CÉSAR_S,
Thank you for visiting SonicWall Community.
In SSLVPN and GVC, the login to SonicWall firewall is allowed only with the VPN user accounts and not the firewall's Super admin user account. If you want any of the VPN users to login to the firewall when the VPN is ON, please ensure to give the VPN user accounts administrator privilege.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Ah I see.
So if you use one user to connect to the VPN you need to use that same user to manage the firewall, you can't user the default admin that comes with the firewall.
Weird....
Yes it's a little weird because why wouldn't you want to use a separate account for VPN and administration. In case the VPN account is compromised would be beneficial if that account doesn't have any admin rights. Better to use MFA and hope it always works.
A bit of a roundabout way and a suitable computer to connect to might not always be available. I would use either MFA or centralized management instead. Although they might not be failure proof the same way a direct connection is.