Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Custom Group VPN not working

I am setting up about 25 laptops that connect to my network using the GVC. I want the VPN clients to use a VLAN I configured. I followed this guide but when the laptop connects, it is still connected to the WAN GroupVPN and not the DMZ GroupVPN. Since its not connecting to the DMZ VPN, the NAT rules do not route to the proper VLAN on the DHCP server. I'm not sure what I'm missing here. Anyone have any suggestions?

Category: VPN Client


  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    Hi @NOLA26

    did you enable dhcp on vlan?

  • NOLA26NOLA26 Newbie ✭

    Yes DHCP is enabled for the VLAN as well as the IP helper. I have other VLANs configured but this is my first attempt at using the VPN client.

  • prestonpreston Enthusiast ✭✭
    edited January 2022

    Hi @ NOLA26 , are you running the VPN client from outside the firewall like at home for example via the Internet or are you running the VPN Client whilst on the actual DMZ network?

    the DMZ VPN client would be used if you were on a network connected to the Physical DMZ via an Interface set in the DMZ Zone, this would only be used if you wanted to have an encrypted connection from the DMZ to the LAN or other Internal Zones and in this scenario you would set the Gateway IP for the GVPN client to use the Interface IP of the SonicWall Interface in the DMZ.

    If you are connecting from the WAN you need to set up the WAN Group VPN even if you want to connect to the DMZ network, you would also need to set up the DHCP over VPN options so you can get an IP address from the SonicWall DHCP or an Internal DHCP server

    If you are trying to do what the document you refer to in your post is doing you will probably need to enable the Enable Management option in the firewall rule.

    Personally I would have just enabled the WAN Group VPN then created a FIrewall rule from the DMZ Zone to the WAN Interface IP for ANY and then selected Enable Management in the rule this would have worked also but less steps than the SW document (you would still need to go to the WAN IP as the gateway but like I said would only need one Group VPN policy configured the WAN one.)

Sign In or Register to comment.