Different SSL Certs for LAN and WAN interfaces
shultis
Newbie ✭
We have allowed limited access to WAN HTTPS management to a few source IPs. I'd like to use a commercially signed cert on the WAN ports, and our internally signed cert on the internal management ports. I've poked around a bit, and I'm not seeing how to do that. The certs are installed, and I can make either of them work in Appliance --> Base Setup.
I'm thinking this shouldn't be impossible.
Category: Firewall Management and Analytics
0
Answers
Hi @SHULTIS,
You can have two certs meant for WAN and LAN respectively. (This is under System | Certificates page in the GUI)
But the possibility of linking the certs to the WAN and LAN would be not possible. This is because, we can link only one cert as a whole for firewall management. (This is under Appliance | Base Setup in the GUI)
So, the best possible method for you is to use one cert on the SonicWall for both LAN and WAN management. The domain name used in the cert should point to public IP address when accessing the firewall from WAN. The same domain name should point to private IP address of the firewall when you are behind SonicWall for LAN management. Additionally, you have to use an internal DNS server to get the domain name used in the cert point to firewall's LAN IP.
Hope this helps.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services