Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Restrict SSLVPN access to my LAN network

How do I restrict my LAN network to a user who connects to a single server, but doesn't want access to my LAN network. how do I do?

Category: SSL VPN


  • AjishlalAjishlal Community Legend ✭✭✭✭✭


    Instead giving the entire LAN Subnet access to the client VPN user, create a address object for the particular Server and provide the VPN client access to that Server;

    For example, Navigate to the Local users & groups-->Select the user-->Edit-->VPN access, add the created server address object.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    To expand Ajishlal's input, keep your SSLVPN Client Settings \ Client Routes the same (include LAN subnet address object), but adjust the VPN Access settings per-user.

  • AlbertoAlberto Enthusiast ✭✭

    How I can restrict access to a service for example RDP ? I dont' see the ACL from SSL to LAN for example. I must define this ACL manually and put it over the generic ACL from SSL to LAN ?

  • prestonpreston Enthusiast ✭✭
    edited June 2022

    Hi VictorManzanares, if you want more control and granularity you would be best trialing an SMA 500v

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    yes. you have to define the policy if you need custom tailored.

  • AlbertoAlberto Enthusiast ✭✭

    SMA hardware can check for example the status of windows update on remote client ?

  • rmrkrmrk Newbie ✭

    @Ajishlal How can I achieve this when the user is a member of SSLVPN services group which has VPN access to all my networks? If I make amend the users VPN access to a single address object, will that take precedence over the SSLVPN services unrestricted VPN access?

    Or will I have to remove all networks from SSLVPN services & separate into groups?

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    @rmrk Your last statement is what you'll need to do.

    Change the SSLVPN Services group to contain object(s) that ALL users MUST have access to e.g. a domain controller / DNS server.

    Then you can either adjust 'VPN Access' permissions per user, or use groups with the appropriate 'VPN Access' settings and add users to the groups.

Sign In or Register to comment.