Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Configure VPN and Global VPN Client step b step

Hi All, My TZ300 has been reset and I need step by step configuration of the VPN in the firewall and also GVC

I have run through the default wizard and I am unable to connect using the GVC.

I have an modem from ISP and a utp cable connected to the X1 - In the interface the dhcp is set and I see a dynamic ip from the modem/router being assingned.

X0 is connected to the switch and my computers are connected to the switch. I am able to get internet on the computers. DHCP server is also configure in the Sonicwall

But where do I set the public ip address for the GVC in the firewall. In the X1 interface if I set the Public IP address as static IP, I dont get internet on the computers. Any help appreciated.

What should be the step by step.

  1. What needs to be configured on the modem
  2. What should be the steps on the Sonicwall Firewall

Objective: Get int the network from a different location using GVC. and also uninterrupted internet on the computers connected to the switch



Category: Entry Level Firewalls
Reply
Tagged:

Best Answer

Answers

  • shiprasahu93shiprasahu93 Moderator

    Hello @VickyBoy,

    Based on my understanding you have a modem which has the public address and providing DHCP to the firewall's X1 interface. For users to connect using GVC, they would need to use that public address. But for successful connection, you would need to set up a port forwarding on the modem to forward UDP 500, 4500 and ESP traffic to the private X1 IP of the SonicWall. The steps for that is dependent on the modem you are using.

    On SonicWall, you would need to configure WAN Group VPN to make GVC connection possible. You can either configure it in split tunnel or route all mode.

    Split tunnel:

    The end users will be able to connect using GVC and access the local resources present behind the firewall. They will use their local internet connection. This youtube link should be helpful for the same.

    Tunnel all mode:

    The users will be able to successfully connected, access the resources behind the SonicWall as well as send their internet traffic to the firewall. Basically all the traffic from the VPN client machine will be sent to the SonicWall.

    On the client end, you would need to install GVC client to make this connection:

    If you have any more questions, let me know!

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Poorni_5Poorni_5 SonicWall Employee
    edited June 10

    Hi @VickyBoy ,


    To configure WAN Group VPN, please check the following KB.



    Now regarding the WAN settings, do you have a public or private IP on the X1 interface?

    If it is a private IP address then you need to use the public IP address on the modem to connect using GVC at the same time the ports UDP 4500 and 500 need to be open on the modem.


    Thanks & Regards,

    Poornima.T.R

  • NevyadithaNevyaditha Moderator

    Hi @VickyBoy

    The GVC client is only supported for Windows Operating System.

    Please refer the link below for different types of WAN Group VPN / Global VPN Client Scenarios And Configurations

    For clients using MAC OS you can refer to SSLVPN related KB article below:


    Nevyaditha P

    Technical Support Advisor, Premier Services

  • VickyBoyVickyBoy Newbie ✭

    It was a weekend and I could not connect back with office. I will be trying the first suggestion made by POORNI by today or tomorrow.

    Will keep you posted on the progress.

  • shiprasahu93shiprasahu93 Moderator

    @VickyBoy,

    I am moving this post to 'Entry level firewalls' category for better tracking and results. VPN client category is for our SSLVPN clients associated to SMA (Secure Mobile Access) devices.

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • VickyBoyVickyBoy Newbie ✭

    Hi I have configured the WAN Group VPN. But to connect from the other location I have issues.

    I am able to make a successful VPN connection when I connect to 192.168.100.3 - This is the ip address assigned by the router to the Sonicwall on X1. I have created the port forward in the router to 192.168.100.3

    Which essentially means if I assign a public IP Adrress to my router I should be able to connect.

    Now that we had a public address before....I wanted to know if we can assing the public ip address 217.x.x.x directly to the Sonicwall . SO that clients can reach to this public ipaddress through the modem internet?




  • shiprasahu93shiprasahu93 Moderator

    @VickyBoy,

    If you ISP allows that, yes you can assign the public IP directly on the SonicWall's X1 interface. If not, just leave the port forwarding on your upstream router from 217.x.x.x to 192.168.100.3 and use the 217.x.x.x IP on the client side to connect using VPN.

    The upstream modem should forward that connection to SonicWall and the VPN should still be successful.

    Let me know how things go!

    Thanks!!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • VickyBoyVickyBoy Newbie ✭

    We are still working on the Public Ip adress part. Currently the Public IP is dynamic. And I was able to get the VPN Client connected using this dynamic IP adresss and port forwarding to 193.168.100.3.

    Now if we are able to get back our 217.x.x.x address, you are saying it should be possible to assign this to the X1 interface directly and we should be able to get the vpn connect directly to 217.x.x.x though there is the modem connected to X1?

    Sorry for the bugging question :)

  • shiprasahu93shiprasahu93 Moderator

    @VickyBoy,

    No problem, I am here to help!

    Usually when you would like to assign the static IP on the SonicWall's X1 interface directly, we put the modem on something called as pass through mode. So, please consult with your ISP as it is clearly set on NAT mode at the moment. Every ISP has it's own naming scheme so I am not sure what it might be called.

    Just let them know that you would like to have the public IP directly available on the SonicWall and then it should be possible to have that assigned directly on SonicWall and have VPN connection to it.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • VickyBoyVickyBoy Newbie ✭

    Thanks Shipra. I will keep you posted.

  • VickyBoyVickyBoy Newbie ✭

    Hi Shipra, We got the public IP assigned to the router. VPN users are connecting fine.

    At this point this seems better than having to spend few more weeks with the noncooperating ISP to get the pass through enabled.

    Thanks for your help.

    It would be great if you can guide on what other configs can be done to secure the Network using sonicwall TZ300. Just drop a link and I would follow. This thread can be closed as resolved.

  • shiprasahu93shiprasahu93 Moderator

    Hello @VickyBoy,

    Please use this link to set up the security services on the firewall.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • MikeBMillerMikeBMiller Newbie ✭
    edited July 21

    Hello everyone. New guy here.

    I have a TZ350 that I am trying to set up for VPN Client access, but I am having trouble following the instructions in the various videos and articles that I am seeing referenced on here. Specifically, when I open the VPN base settings, I don't see an entry for WAN Group VPN listed under policies. If I click to add a policy, my only options are either site to site or tunnel interface. Is tunnel interface the same thing as WAN Group VPN?

    I have tried running through the quick config VPN wizard, but that did not seem to help. We do have 7 VPN client licenses available.

    My firmware is 6.5.4.4-44n






    I'm sure there is something simple I am missing here, but I am not a full time Sonicwall guy, so I'm not sure where else to look.

    Thanks for any help.

  • MikeBMillerMikeBMiller Newbie ✭

    Thank you. That was just what I needed. Although it does raise the question of what is the point of having a Quick Config wizard if it doesn't actually work?

  • NevyadithaNevyaditha Moderator

    Hi @MikeBMiller ,

    Only for Firmware 6.5.4.4, the profile for WAN group was missing and we had to enable it specifically on zone level.

    Upon upgrading the firmware to 6.5.4.5 and above the profile for WAN group VPN is available by default under the VPN tab.

    Sorry for the inconvenience caused.

    Thanks

    Nevyaditha P

    Technical Support Advisor, Premier Services

Sign In or Register to comment.