TZ350 behind existing ISP Router / Firewall for just VPN
Dirk
Newbie ✭
Hi,
I'm searching for a company a small VPN solution for Windows Clients...
The company has already a network with a router dsl network including firewall.
I don't want to change current setup. (if possible...)
Can I setup the TZ350 in same network (and IP range) as current internal Windows clients behind the router and just forward a port for VPN to the TZ350 for VPN entry?
Regards Dirk
Best Answer
-
CORRECT ANSWER
ThK
Cybersecurity Overlord ✭✭✭
@Dirk Hello Dirk,
i understand you have: WAN -DSLROUTER (with firewallfunctions) -LAN
and you would like to have WAN - DSLROUTER - SNWL TZ350 -LAN
You can set it up like this:
You should change the DSL Routers LAN IP range.
Connect the DSL Routers LAN to X1 TZ350 (you can edit a static IP on the X1 Port or use DHCP if the DSLRouter provides DHCP).
On X0 on the TZ350 you use the former DSLROUTERs LAN IP. So the clients will accept the firewall as Gateway.
Notice that it could be necessary to deactivate the integrated DHCP Service on the TZ350 if you have one on LAN already.
After that you have to setup some NAT and Access Rules for accessing the LAN machines from WAN if needed.
An important point is that you have to forward the ports you need to access on the LANside in the DSLRoutersfirewall.
Often there is a function called ExposedHost which then should be the TZ350s WAN IP. Now all ports will be forwarded to the TZ350.
That´s helpful to point all needed VPN Ports to the TZ350 as you like to setup an VPN connection too.
Now don´t forget activating the security services on the TZ350
regards Thomas
6
Answers
Hello @Dirk,
Welcome to SonicWall community.
Usually we connect to the WAN interface of the firewall to gain access to the internal resources on LAN. You can connect the TZ 350 and get the same IP scheme that you have at the moment on your network. The problem you would encounter would be that the network that you are trying to access will also be on WAN.
I would suggest using a SMA appliance that is solely for VPN purposes and uses SSLVPN for connectivity.
This KB article should help.
We also support this on virtual platforms for which you can use 500v model.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services