Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Options

Restrict access to a specific LAN host

I've newly installed the SSLVPN with our TZ400. Generally, once the user successfully logs into the VPN he/she is essentially part of the LAN and can access any host on the LAN.

Is there a way to restrict access to a specific LAN host? For example, once logged into the VPN the only think they can do is thisSpecificHost:port.

Category: SSL VPN
Reply
Tagged:

Answers

  • Options
    MustafaAMustafaA SonicWall Employee

    Hello @SYSADMIN ,

    We have the following KB article which should give you clarification.

    KB: How to Restrict VPN Access to SSL VPN Client Based on User, Service & Destination

    https://www.sonicwall.com/support/knowledge-base/how-to-restrict-vpn-access-to-ssl-vpn-client-based-on-user-service-destination/170505907430135/

  • Options
    AZSNWLAZSNWL Newbie ✭
    edited September 2023

    SSL VPN traffic is defined in the SSLVPN zone. You would be able to place an ACL to allow/restrict traffic via an Address Object.

    "Once the user successfully logs into the VPN he/she is essentially part of the LAN and can access any host on the LAN" --- kinda, Once a user successfully logs in, they would be provided a Virtual IP address that would be used by the Client to communicate in that broadcast domain where the VPN terminates.

    The term LAN could represent more than one broadcast domain/network range. Some people will terminate the VPN users on another broadcast network, in a separate zone, then use ACL to provide access into network resources, rather than have access to the entire LAN Subnets AoG.

    • Hope this is helpful.
Sign In or Register to comment.