Help With SSLVPN - Allow by FQDN /IP
stokie21
Newbie ✭
HI All,
First off i am new to Sonicwall and have very limited experience. I am having trouble with a hacker who is constantly battering the sslvpn port 4433, so I would like to tighten up who can connect, changing the port will only buy time so i need a solution. In my head I have thought what could I do to make it more difficult for users to see 4433, and I have come up with this idea and wondered if this can be done on sonicwall.
First off I could install the Dynamic DNS Update Client (DUC) on my home computers and other computers who connect via the SSL, this will update all IP address everytime they or I reboot, or it times out and automatically updates it. I then put this FQDN into an address object on Sonicwall so it then knows my home computers ip's.
With this info is it possible to create some sort of rule that says if the connection is coming from the IP of the FQDN allow port 4433 with a high priority rule, and then do a lower priority rule to deny anything on 4433?
I have jumped on SonicWALL and don't see an option to allow a group of FQDN's, and hoped one of you guys would have a better idea or maybe could tell me if this would work
Thanks
Answers
You can add multiple FQDN address objects to an address object group, and use this group in the WAN>WAN rule for SSLVPN services.
thanks for the reply
I have done a couple of tests and its not working as it lets me connect via my mobile phone, so i must be doing the rule wrong. As i mentioned I am new to sonicwall and firewalls in general so this is not my best skillset ;)
just to confirm this is a firewall access rule?
from WAN to WAN
these are my two rules i have created, which get 0 hits
Thank You
Thank you for the help.
I have deleted both of the custom rules. I have done an all to all and used the key word ssl and it shows 13 rules.
I picked rule 13 WAN to WAN as an example, and tried to edit the Source and it will not let me edit a default rule
so i have took a screen shot of the13 rules and hope it's one of these, as there are over 130 rules in total
@stokie21 I'am sorry, I've told you only the half of the story.
You have to enable the Option "Enable the ability to remove and fully edit auto-added access rules" on the internal settings page, then you can edit the default Access Rule.
Sorry for that.
--Michael@BWC
Thank you
You have to edit the SSLVPN Rule that's in the WAN-to-WAN selection, it's #13 in your latest screenshot.
If you're in the WAN-to-WAN rules anyways, you should check if you can limit the Management Rules (HTTP + HTTPS Management, SNMP and SSH) to avoid any access to your Firewall that is not wanted, just as precaution.
--MIchael@BWC
Thank you, this now works on my laptop and my phone will not connect ( as expected ) as I have not entered the FQDN into the group.
would this be my two custom rules?
I am all ears, if you have a suggestion on how to improve them
No, you don't need any custom rules for this, delete them. Deny is implicit and the Allow Rule is the Default (no modified with your source object).
I meant the default rules for management, you can limit them as well to only allow specific addresses, if this is possible in your scenario.
You can add Botnet and GeoIP Filtering as well, to block certain countries etc.
--Michael@BWC
Thank you I will delete them now, to be honest I don't remember why I added them in the first place