Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

how to get a VPN user to get Public IP used by Firewall.

GustrastrenGustrastren Newbie ✭
in VPN Client

Hello,

We have a hosted website on the Internet.

This website is only accessible, if the public IP address matches our Office public IP. ( ex:2.2.2.2)

Now all users inside the office network can access the website. (ie: From 192.168.x.x)

We have a few users who travel, and they cannot access the website since their remote locations public IP address is different does not match the office Public IP address.

Request guidance on what is needed to set up SSL-VPN so that remote user can access the Internet website as if they were using PC inside the office.

Thank you

RT

Category: VPN Client
Reply
Tagged:

Answers

  • MustafaAMustafaA SonicWall Employee

    Hello @Gustrastren

    There are two available options to address your specific requirement. The initial option involves channeling all (Tunnel All) internet traffic from remote users through the SSLVPN. This implies that remote users will access Internet resources using the public IP address associated with the firewall/office. For a comprehensive understanding of the configuration details, please refer to the provided Knowledge Base (KB) documentation.

    How can I allow SSLVPN users access to the Internet when using tunnel all mode?

    https://www.sonicwall.com/support/knowledge-base/how-can-i-allow-sslvpn-users-access-to-the-internet-when-using-tunnel-all-mode/170505877560278/

    An alternative approach involves directing the traffic of the public website through SSLVPN. To implement this, it is necessary to incorporate the Public IP Address of the website into the "Client Routes" section of the SSLVPN server settings and into the "VPN Access" parameters of the corresponding user. Additionally, the establishment of an outbound Network Address Translation (NAT) policy may be requisite to facilitate the translation of the source IP address of the traffic to the public IP address of the firewall.

  • BlacksuitBlacksuit Newbie ✭

    Good day @MustafaA ,


    Is there any documentation on the second option you have stated or could you point me into the right direction? We are a 1 man IT shop with limited network background as we are a small company. I have a similar scenario but using the Tunnel All mode creates a major impact on network performance that I would love to alleviate.


    Thank you for any info you can provide.

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    As Mustafaa said create an address object for this external IP address, add this to the client VPN routes


    Adding Client Routes (sonicwall.com)

  • BlacksuitBlacksuit Newbie ✭

    After reading more about this I believe I understand. Not a network guru when it comes to firewalls so I appreciate the help.

Sign In or Register to comment.