Whitelisting a IP Range to access SonicWALL
Twizz728
Newbie ✭
Hello all,
I've been researching and Googling and I believe this is the best place to ask.
I want to white list an IP Range for an external vendor who does pen testing and vulnerability testing for my facility. I just need to ensure that none of the controls like IPS, IDS, Spam filtering and other misc. services are applied to their range. I was told the best way was to whitelist their IP Range but wasn't for sure if this was done within the objects in SonicWALL or if there was a list to actual add the range.
Thanks!
Best Answer
-
CORRECT ANSWER
Larry
All-Knowing Sage ✭✭✭✭
Step 1. Create one or more Address Objects and add them to an Address Group (e.g., External Security Vendor Group).
Step 2. Go to each of the Security Services and add that Address Group to the appropriate Exclusion list.
Step 3. Test and see if any errors are issued in the log when the security testing takes place and fix as needed.
0
Answers
Hi @Twizz728 ,
Please find the KB articles listed below for the assistance:
Thanks
Nevyaditha P
Technical Support Advisor, Premier Services
Thank you NEVYADITHA. I will review all of the documents. I was hoping there was a way to add the range once and it would whitelist it for everything, but it appears in your documents that I have to go in and manually allow for each security service.
Thanks Larry,
I've went in and done this process. I'm now looking at NEVYADITHA's comment to see if I have to allow the IP within each security service.
Thanks!
@Larry I believe that solves my issue with the external IP Range. The pen testers were able to do their external pen test but now I have a different question that's somewhat related I believe.
My vendor is doing two types of test. They needed their IP Range allowed so they could penetrate the network to see what they could find, and then they use a different IP range to do the same thing and they compare results to see what I'm guessing is what a hacker would see. They're also doing an internal pen test which is via a device they have setup in my facility connected to my switch running through my SonicWALL. Today they showed up and plugged their device up, it was setup with a static IP so I had to ensure the range they needed in my internal network was available and once they were connected they were trying to VPN into their device and they kept getting blocked. We though this had something to do with SSL or the Deep Packet Inspection provided by the SonicWALL. I went in and ensure that the SSL Control was turned off and that didn't seem to resolve anything. I then went in and created an address object with the internal IP Range set and then created an access rule to allow anything from LAN within that IP Range out to the WAN. I thought this was enough to bypass the security controls but they were still not allowed access via VPN to their device.
Does any of this make sense? I know its probably confusing as heck.
@Twizz728 - I suggest you post a new question about the VPN connection problem rather than mix-n-match in this thread.
Also describe how you have the VPN setup in your SW, what mechanism the third-party is using to connect, and the error messages they get, along with anything that appears in the SW log.