Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

How can I setup a rule to only allow SSLVPN connections from address group on TZ-210.

I want to setup DDNS addresses that are the only addresses allowed to connect to my SSLVPN port 4433. Port 4433 should not be open to the world. Because "If you build it, they will come!".

I tried making a WAN to WAN rule, but the firewall moves the priority down. You cannot make the priority 1.

If I try changing the built-in SSLVPN rules, the FW just puts the rules back automatically.

I tried making a WAN to LAN rule that someone posted, but that does nothing.

I'm running firmware: SonicOS Enhanced 5.9.2.7-5o

Category: Entry Level Firewalls
Reply

Answers

  • AjishlalAjishlal Community Legend ✭✭✭✭✭
    edited March 2022

    @All_Mighty_Ruler

    Edit the default WAN-WAN default rule for the SSL VPN and change the SSLVPN port to HTTPS Management. Then create a new WAN-WAN rule for the SSLVPN and select your dyndns enabled wan interface.

    For example follow as same as below;


  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    @Ajishlal But then you just opened up HTTPS management to the world...

  • Thanks for responding, but I do not have SSLVPN open for the NetExtender. I only have a VPN tunnel. So I only have the 2 IKE rules that I am trying to protect. Any changes I make, the FW just puts back.

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @TKWITS

    Already there is a default rule for HTTPS management & we can prevent the unauthorized access through adding only trusted sources instead of "Source: ANY".


    @All_Mighty_Ruler

    " I want to setup DDNS addresses that are the only addresses allowed to connect to my SSLVPN port 4433. Port 4433 should not be open to the world".

    As per your above statement , I thought you need to open SSLVPN port for specified WAN interface which is enabled for dyndns & now you are telling that you dont have SSLVPN. So brief properly what kind of the support exactly you required then only we can give you the proper solution.

Sign In or Register to comment.