TZ370
Hi
I would like to introduce myself my name is Andy and I am currently providing support to local small businesses for their IT. I am part time and its keeping me busy on my days off from my real job. (non IT)
I was for many years in the IT industry but I had a change of career around 10 years ago so i am a but behind with the times.
So I need some advice.
I have a client who has 10 pc's that were on a peer to peer network but I have just installed a Windows Server to increase their security
Windows Server 2019 Standard Edition acting as primary DNS, DHCP, DC and file shares.
THere are a couple of users that what to be able to access their desktops using remote desktop, they are currently using remote PC which is not ideal.
The server sits behind a BT router on BT ADSL we do have a static IP provided but it terminates at the router.
So I would like to setup a dial in VPN to the network and then allow that connection to Remote Desktop onto their local computer. I dont want to setup Windows Server to VPN but rather use a sonicwall device to do this, I am told a TZ370 is ideal.
Im just unsure exactly how to configure it.
I have purchased a BT OpenReach Modem box to give me a ethernet port for the firewall.
Are there any guides out there that can help me achieve setting up this firewall?
Many thanks
Andy
Answers
Hi @Andyw77,
Thank you for visiting SonicWall Community.
Please try using SonicWall Global VPN (GVC) or SonicWall SSLVPN. Based on how many licenses you have for these GVC or SSLVPN, you can determine which one is suitable for you. I have given you the config articles pertained to both these features.
Hope this helps.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
You will need to have your connection to the ISP direct to the firewall (I'm guessing thats the OpenReach modem), and will need that connection to be 'bridged' so you have the public IP on the firewall interface.
I would recommended using SSLVPN. You may also want to consider using LDAP for SSLVPN authentication since you have a directory service.
https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-ldap-authentication-for-sslvpn-users
You will need to configure the Sonicwall WAN in PPPoE mode. Should be pretty straightforward to get it working, but check this discussion about static IPs from BT, it may be relevant:
https://community.sonicwall.com/technology-and-support/discussion/2592/gvpn-client-fails-to-connect-with-pppoe-fixed-ip
I am trying to test a SonicWall tz370 for a customer that will require this at a remote location directly plugged to an ISP. We are trying to test and also learn how to configure. We only need it to do two things. Allow remote desktop into Windows 10 machines behind the SonicWall, and transfer data from that remote network to our corporate site for retrieval and backup.
You suggest that SonicWall must be plugged directly into my Netgear Xfinity router? I did change it to bridge mode to have a direct connect to my home router (wireless and wired) and then was hoping to test SonicWall plugged into that router. But if it has to be plugged directly into my ISP modem router, I need to know that.
Was hoping to get clarity and the best configuration for this. Two Windows 10 machines that do not need internet access, isolated, except for remote desktop and data transfer. I am not a network person, but have been doing IT for two decades.
Thanks!
st it h
Sonicwalls really WANT a public IP address and direct internet connection on their WAN interface, so if you put it behind another router it will not get that. Being behind another router/firewall (Double NAT) is do-able, but you'll run into more issues with it that way, and its better to get practice in a production-like test environment.
You should never open RDP traffic from the internet to internal devices unless you know what you are doing security-wise. What business purpose does RDP to these boxes serve? What is the required 'data transfer' method (SMB, SCP, SFTP, etc.)? Is this business under any regulatory requirements? You have a laundry list of requirements to be learning with.
Happy to help but FYI this setup won't exactly be easy for someone with little network experience.
Those are great questions, but our Cyber people have addressed most of them and greenlighted this project. And because the data is not in any way confidential, but climatic sensor data about temperatures and seismic activity. But they want to at least protect it all with a firewall. Customer needs to be able to manipulate the sensors that use a stand-alone Windows 10 system as its interface. They will not need access to the internet. They only need to remote in to operate software on those systems, and collect data. Which will be painfully slow I suspect over any VPN.
This would be an upgrade from the current method of having to take several days to get to remote site and collect the data, and bring it back, with no ability to tweak or modify sensors. So basically, it will be like a home network on an ISP. For the moment, I am just trying to test within my network to see how VPN works and operates, and how this will be configured before even testing access from outside my network.
I am glad you say this is a complicated setup, as so far it has not been very intuitive to figure out even with all the videos and how-tos online. I am beginning to think we should just have the customer pay for SonicWall experts to help setup, instead of relying on inhouse IT people with no direct experience with this product.
Any help or advice would be greatly appreciated.
If you don't know what you're doing then your safest option would be to use Teamviewer or something of that ilk.
It's not clear what your actual question is here, or how it relates to this thread.
@jcchat66 you should start a new discussion if you want to pursue the project you outlined.