Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

TZ370

Andyw77Andyw77 Newbie ✭
in Entry Level Firewalls

Hi

I would like to introduce myself my name is Andy and I am currently providing support to local small businesses for their IT. I am part time and its keeping me busy on my days off from my real job. (non IT)

I was for many years in the IT industry but I had a change of career around 10 years ago so i am a but behind with the times.

So I need some advice.

I have a client who has 10 pc's that were on a peer to peer network but I have just installed a Windows Server to increase their security

Windows Server 2019 Standard Edition acting as primary DNS, DHCP, DC and file shares.

THere are a couple of users that what to be able to access their desktops using remote desktop, they are currently using remote PC which is not ideal.

The server sits behind a BT router on BT ADSL we do have a static IP provided but it terminates at the router.

So I would like to setup a dial in VPN to the network and then allow that connection to Remote Desktop onto their local computer. I dont want to setup Windows Server to VPN but rather use a sonicwall device to do this, I am told a TZ370 is ideal.

Im just unsure exactly how to configure it.


I have purchased a BT OpenReach Modem box to give me a ethernet port for the firewall.

Are there any guides out there that can help me achieve setting up this firewall?

Many thanks

Andy

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • SaravananSaravanan Moderator

    Hi @Andyw77,

    Thank you for visiting SonicWall Community.

    Please try using SonicWall Global VPN (GVC) or SonicWall SSLVPN. Based on how many licenses you have for these GVC or SSLVPN, you can determine which one is suitable for you. I have given you the config articles pertained to both these features.

    https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-wan-groupvpn-for-connecting-with-global-vpn-client/170505850768290/

    https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-the-ssl-vpn-feature-for-use-with-netextender-or-mobile-connect/170505401898786/

    Hope this helps.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited June 2021

    You will need to have your connection to the ISP direct to the firewall (I'm guessing thats the OpenReach modem), and will need that connection to be 'bridged' so you have the public IP on the firewall interface.

    I would recommended using SSLVPN. You may also want to consider using LDAP for SSLVPN authentication since you have a directory service.

    https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-ldap-authentication-for-sslvpn-users

  • ArkwrightArkwright Cybersecurity Overlord ✭✭✭

    You will need to configure the Sonicwall WAN in PPPoE mode. Should be pretty straightforward to get it working, but check this discussion about static IPs from BT, it may be relevant:

    https://community.sonicwall.com/technology-and-support/discussion/2592/gvpn-client-fails-to-connect-with-pppoe-fixed-ip

  • jcchat66jcchat66 Newbie ✭

    I am trying to test a SonicWall tz370 for a customer that will require this at a remote location directly plugged to an ISP. We are trying to test and also learn how to configure. We only need it to do two things. Allow remote desktop into Windows 10 machines behind the SonicWall, and transfer data from that remote network to our corporate site for retrieval and backup.

    You suggest that SonicWall must be plugged directly into my Netgear Xfinity router? I did change it to bridge mode to have a direct connect to my home router (wireless and wired) and then was hoping to test SonicWall plugged into that router. But if it has to be plugged directly into my ISP modem router, I need to know that.

    Was hoping to get clarity and the best configuration for this. Two Windows 10 machines that do not need internet access, isolated, except for remote desktop and data transfer. I am not a network person, but have been doing IT for two decades.

    Thanks!


    https://community.sonicwall.com/technology-and-support/discussion/comment/9774#Comment_9774

    st it h

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Sonicwalls really WANT a public IP address and direct internet connection on their WAN interface, so if you put it behind another router it will not get that. Being behind another router/firewall (Double NAT) is do-able, but you'll run into more issues with it that way, and its better to get practice in a production-like test environment.

    You should never open RDP traffic from the internet to internal devices unless you know what you are doing security-wise. What business purpose does RDP to these boxes serve? What is the required 'data transfer' method (SMB, SCP, SFTP, etc.)? Is this business under any regulatory requirements? You have a laundry list of requirements to be learning with.

    Happy to help but FYI this setup won't exactly be easy for someone with little network experience.

Sign In or Register to comment.