Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Making Virtual Office changes on the TZ series of firewalls -

DisconnectedDisconnected Newbie ✭
edited September 2020 in Entry Level Firewalls

Is there anyway to disable the virtual office login interface on the WAN and still keep SSLVPN enabled?

How to stop disclosing the domain name to the world if the Virtual office interface cannot be disabled from the external interface?

Category: Entry Level Firewalls
Reply

Answers

  • Hello @Disconnected,

    Unfortunately, the virtual office portal and NetExtender both use identical port numbers and web connection and that is the reason why we cannot keep one of them disabled while trying to use another.

    The only difference is the client that is being used to make the connection. You are either using a browser for Virtual office or NetExtender for SSLVPN. So, you can probably use a different port number and client authentication, but it will apply to both types of connection.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • DisconnectedDisconnected Newbie ✭
    edited September 2020

    Is there a way to reduce the data being leaked on this page (exposing its a Sonicwall firewall) to help mitigate the ease of an attacker enumerating the attack surface. I removed the "welcome" & modified stating its restricted for authorized users only, etc. But I didn't see an easy way to remove all the SonicWall branding on the external page.


    Also, what about any approaches to stop disclosing the internal network's domain?

  • Hello @Disconnected,

    Any vulnerabilities on the HTTPS management or the Virtual Office portal are regularly taken care on the firmware releases. But, if you are looking for something specific, please let the Support team know about it so that it can be forwarded to the engineering.

    Internal network's domain like your local network itself need not be used as the 'User Domain'. By default it is set to LocalDomain, but you can set that to anything else and need not mention the actual internal domain. To propagate the domain name to the end clients, the DNS suffix section under client settings is helpful.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Disconnected only 3 years later the latest Gen6 Firmware 6.5.4.13 got the option "Disable Virtual Office on Non-LAN Interfaces" which is what you asked for.

    Gen7 (SonicOS 7.x) does not provide this option at the moment but my guess is that'll follow "shortly".

    --Michael@BWC

  • MustafaAMustafaA SonicWall Employee

    Release Notes Page-1


  • CRISLCRISL Newbie ✭

    Hello, has anyone tested this yet? Actually a great idea. Can TOTP still be used if the Virtual Portal is disabled? Or can no app/device be paired anymore?

    Thanks

Sign In or Register to comment.