How to authenticate WAN users before they access the LAN ?
I have a WEB server on my LAN and need remote users be able to access it from WAN.
Setting up of this scenario is straight forward and it's working already, but what I need is that those remote users get authenticated by my TZ-400 before they reach my WEB server. I don't want my server asking for credentials directly to an unknown user in the WAN zone.
I've read several articles (some original from SonicWALL) explaining the reverse scenary (authenticate LAN users against the FW before the reach the Internet). Some of these articles says that this user authentication can be configured between whatever zones but I can't make it work.
Any advice would be apreciated.
BWC Cybersecurity Overlord ✭✭✭
I completely agree with @BWC. Please enable user login on the WAN interface and on the access rule created from WAN to LAN, use the Users included field as Trusted Users/Everyone. Leave the NAT policy as it is.
I tested this is my lab and it worked as expected. I created a local user on the firewall and once I successfully authenticated with it, I was redirected to the internal web server.
Could you please let us know how you have configured it at the moment. Also, what behavior do you see on your end?
Technical Support Advisor, Premier Services5
GAG Newbie ✭
Thanks BWC and Shiprasahu93 for your help. I've made already the steps both of you said.
I have Single-sign-on configured with 2 internal servers that runs SonicWALL SSO Agent.
I've just disabled SSO Agent on "Users->Settings->Authentication" and know it's running OK, just as I wanted (and as it's supossed to be)
I don't really need SSO so I'll keep it disabled.
Thanks for your help!!
Yes, the SSO feature uses NetAPI/ WMI queries to the end machine to find out the username which cannot reach a machine connecting from WAN side. But, good to know that things are working as expected.
Thanks for confirming. Have a good one!
Technical Support Advisor, Premier Services