Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Help With SSLVPN - Allow by FQDN /IP

HI All,

First off i am new to Sonicwall and have very limited experience. I am having trouble with a hacker who is constantly battering the sslvpn port 4433, so I would like to tighten up who can connect, changing the port will only buy time so i need a solution. In my head I have thought what could I do to make it more difficult for users to see 4433, and I have come up with this idea and wondered if this can be done on sonicwall.


First off I could install the Dynamic DNS Update Client (DUC) on my home computers and other computers who connect via the SSL, this will update all IP address everytime they or I reboot, or it times out and automatically updates it. I then put this FQDN into an address object on Sonicwall so it then knows my home computers ip's.

With this info is it possible to create some sort of rule that says if the connection is coming from the IP of the FQDN allow port 4433 with a high priority rule, and then do a lower priority rule to deny anything on 4433?


I have jumped on SonicWALL and don't see an option to allow a group of FQDN's, and hoped one of you guys would have a better idea or maybe could tell me if this would work



Thanks

Category: Entry Level Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    @stokie21 list custom & default rules (All Types), the default one is probably above your deny rule. Get rid of your two custom rules and set the Source of the default rule to your WAN_FQDN_HOME_WORKERS object.

    --Michael@BWC

Answers

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    You can add multiple FQDN address objects to an address object group, and use this group in the WAN>WAN rule for SSLVPN services.

  • stokie21stokie21 Newbie ✭

    thanks for the reply


    I have done a couple of tests and its not working as it lets me connect via my mobile phone, so i must be doing the rule wrong. As i mentioned I am new to sonicwall and firewalls in general so this is not my best skillset ;)


    just to confirm this is a firewall access rule?


    from WAN to WAN


    these are my two rules i have created, which get 0 hits



    Thank You

  • stokie21stokie21 Newbie ✭

    Thank you for the help.


    I have deleted both of the custom rules. I have done an all to all and used the key word ssl and it shows 13 rules.


    I picked rule 13 WAN to WAN as an example, and tried to edit the Source and it will not let me edit a default rule



    so i have took a screen shot of the13 rules and hope it's one of these, as there are over 130 rules in total



  • BWCBWC Cybersecurity Overlord ✭✭✭

    @stokie21 I'am sorry, I've told you only the half of the story.

    You have to enable the Option "Enable the ability to remove and fully edit auto-added access rules" on the internal settings page, then you can edit the default Access Rule.

    Sorry for that.

    --Michael@BWC

  • stokie21stokie21 Newbie ✭
    Agh ok I will give that a try shortly, could you possibly confirm which rule I am editing off my screen shots ?

    Thank you
  • BWCBWC Cybersecurity Overlord ✭✭✭

    You have to edit the SSLVPN Rule that's in the WAN-to-WAN selection, it's #13 in your latest screenshot.

    If you're in the WAN-to-WAN rules anyways, you should check if you can limit the Management Rules (HTTP + HTTPS Management, SNMP and SSH) to avoid any access to your Firewall that is not wanted, just as precaution.

    --MIchael@BWC

  • stokie21stokie21 Newbie ✭

    Thank you, this now works on my laptop and my phone will not connect ( as expected ) as I have not entered the FQDN into the group.




    would this be my two custom rules?


    I am all ears, if you have a suggestion on how to improve them

  • BWCBWC Cybersecurity Overlord ✭✭✭

    No, you don't need any custom rules for this, delete them. Deny is implicit and the Allow Rule is the Default (no modified with your source object).

    I meant the default rules for management, you can limit them as well to only allow specific addresses, if this is possible in your scenario.

    You can add Botnet and GeoIP Filtering as well, to block certain countries etc.

    --Michael@BWC

  • stokie21stokie21 Newbie ✭

    Thank you I will delete them now, to be honest I don't remember why I added them in the first place

Sign In or Register to comment.