- #SONICWALL SSL VPN CLIENT SETTINGS DIFFERENT HOW TO#
- #SONICWALL SSL VPN CLIENT SETTINGS DIFFERENT PASSWORD#
Take note of the setting “User Name and Password Caching” and adjust accordingly to your security policy! Enabling “Create Client Connection Profile” will allow the SonicWALL NetExtender client to save the profile (recommended).1 Configuring Windows Networking for the SonicWALL VPN Client Tech Notes Prepared by SonicWALL Inc Bordeaux Dr. Verify the DNS Server 1 and DNS Server 2 are properly specified. (These are the same networks (address objects) that you previously defined under the SSLVPN Service local group. In most cases, you would end up address the necessary Address Objects for all your internal networks. Verify the Zone IP v4 and Network Address IV V4 information Tab – Client RoutesĪdd all the applicable client routes that are necessary for VPN access. You MAY have to adjust this range accordingly to your network scheme (this is adjusted under Network -> Address Objects). Mouse-over the Address for IPv4 column, and note the address range selected for SSL VPN IP Pool. Go to SSL VPN -> Client Settings and click on the configuration/edit button. (note particular these settings seem to change with every release of the SonicWALL OS unfortunately…) On the same SSL VPN -> Server Settings page, Enable the “Use RADIUS in” checkbox and select the “MSCHAPv2 mode” radio button.Ĭlick on the Accept button to save the settings. I typically recommend changing the administration port to 444 or 4433 so 443 is available and can be used for SSL VPN functionality. Please note - you will have to make sure the SonicWALL’s administration webpage is set to something other than 443 for this to work (configured under System -> Administration -> HTTPS Port). Go to SSL VPN -> Server Settings and enable the WAN interface at port 443 (the round icon should turn green). On the VPN Access tab, make sure you add your internal networks (address objects) that users would need to access, otherwise you won’t be able to access any internal networks even if you’ve successfully connected to the VPN.Ĭonfigure SSL VPN settings Step 1 – Configure Server Settings Go to Users -> Local Groups and edit the properties of the SSLVPN Services local group. Step 3 – Save SettingsĬlick Accept at the bottom of the page Configure Local Group Access You should receive a response of, “Radius Client Authentication Succeeded”.
Change the radio button to MSCHAP or MSCHAPv2 and click Test. Specify a user account that you added as a member to the previously created “SSL-VPN Access” global group, enter the applicable user password. Make sure to change the Default User Group for all RADIUS users to belong to “SSLVPN Services” Setup the Primary and Secondary (optional) RADIUS server and previously defined Shared Secret password. Select the Configure RADIUS button and change the settings on each tab to the following: Tab – Settings I suggest keeping a local user setup in the event the RADIUS server(s) go down unexpectedly.) Go to Users -> Settings and change User Authentication method from “Local Users” to “RADIUS + Local Users” (this allows you to use either local user accounts created in the SonicWALL OR use Active Directory based user accounts during authentication. Configure SonicWALL for RADIUS authentication Step 1 – Change User Authentication mode Make sure the Access Granted radio button is selected for the Permission properties, and use the default selections for Authentication Methods, Configuration Constraints, and Configuration Settings, then select Finish in the Add Network Policy wizard. Specific the “SSL-VPN Access” global group you previously created in Active Directory. Add the condition Windows Groups, and click ADD. Step 4 – Create New Network Policy in NPSĬreate a new Network Policy and call the policy, “ SonicWALL SSL VPN“. In Active Directory, create a global group called “SSL-VPN Access” and add the applicable users to this group that will require remote VPN access.
Configure Windows Server for RADIUS authentication Step 1 – Install NPSĪdd the Network Policy Server role on your Windows server if it’s not yet already installed.Īdd a RADIUS client to NPS using the LAN IP address of the SonicWALL firewall, and create an applicable Shared Secret password.
#SONICWALL SSL VPN CLIENT SETTINGS DIFFERENT HOW TO#
The following article is a step by step guide how to configure the firewall and Windows Servers to accomplish this. Setting up the SonicWALL firewall for using SSL VPN is pretty simple, even when it comes to utilizing Windows Domain Accounts via RADIUS authentication.