SonicWall TZ370 - VPN Setup for Remote Site
It will be direct to an ISP, much like any home network, though there will not likely be high bandwidth. Two windows stand-alone Windows 10 systems that our customer needs to be able to remote desktop into as well as copy files from. There is also a third, F-OS fiber switch device that has a web-based interface they would like to access. Data is not critical or sensitive, but they want to at least protect with firewall and use VPN. Only one customer or a small handful of people would need to remote desktop into system to change software settings for sensors, so no heavy use. Systems should remain isolated from Internet, no need for updates or changes.
Have tried several options to make VPN work and watched many videos, but there seems to be too many options and I am not sure what the best and simplest option. Thank you for any help that can be offered.
Answers
HI @jcchat66 , the solution is simple. Use SSLVPN client (NetExtender) or IPSec client (GVC) to have a secure tunnel from the remote user's computer to the firewall and then the user can have access to the file server, have RDP connection, or access the web UI of the switch.
Is there a specific question you have?
That's the theory. But the videos and guides I have found are all a little different and the scenario is not quite the same. I've followed different instructions without success. And more information like, which is better, or what are the pros and cons of each SSLVPN and IPSec options? It seems like most of the instructions assume prior knowledge or experience with such setups.
SSLVPN gives you the flexibility of being able to use the Virtual Office which is a clientless connection. Also, there are client applications for macOS, iOS, Android, Chrome OS, Windows and Linux platforms.
The IPSec client application GVC, is available only for Windows platforms.
https://www.sonicwall.com/products/remote-access/vpn-clients/
Please review the following KB article which explains how to configure SSLVPN.
https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-the-ssl-vpn-feature-for-use-with-netextender-or-mobile-connect/170505401898786/
To address the only question I see. Pros and cons of IPSec vs SSLVPN can be pages worth of feedback. Some quick thoughts:
IPSec requires a bit more setup and maintenance for a truly secure connection. Certificates to be maintained on client devices and a third-party MFA solution must be used.
SSLVPN is much more straight forward to accomplish an equivalent setup. Certificate only needs to be maintained on the firewall and the firewall has built-in MFA options for SSLVPN.
Any reason a site-to-site VPN to / from the main office hasn't been considered?
Thank you, that is helpful. The site will have to be accessible from other sites and cannot be limited from just one location.
Thank you, that is helpful. The site will have to be accessible from other sites and cannot be limited from just one location.
That's the default with GVC and SSLVPN - when enabled, it's reachable from anywhere remotely.