Sonicwall Wan Remote Access Networks

[Jasmine Lemaitre]

Helloand thanks in advance for your advice. I recently started supporting a small business and have a problem I can't figure out. The office has 6 remote employees who access the office network via Global VPN software connecting to a TZ210 SonicWall. They use company supplied machines to run the VPN software and connect to desktops in the office. This company runs some data-intensive apps and they don't perform well over the internet so this was the preferred setup and it works very well.

I have found one exception. He doesn't remote into a machine in the office, he runs the apps from his desktop. Somehow, this user connects to the network without a VPN connection (and has no VPN account on the firwall) and has been working for months. I found out because he was having performance issues and started complaining. I created a VPN login and installed the software; it connects successfully. When we try to Remote Desktop to his machine in the office the RD software throws an "Internal Error" while connecting. However, if I don't enable the VPN, he can connect to his remote desktop. So, something in the firewall is letting him in but I have no clue where to start looking?

Here are some relevant details:("computer" refers to his machine outside the network) - Computer is running windows 7 - Computer is not joined to the domain - IP and DNS are set to dynamic - Firewall is a SonicWall TZ210

I would like to setup my network so that the amchien with IP address 192.168.1.40 can be accessed with a static IP provided by my ISP, let's call that one 50.149.12.741. On my last router (a sonicwall) there was a way to tell the router that an RDP request (either on our LAN or from an outside computer) to 50.149.12.741 should be routed to 192.168.1.40; but I cannot find how to do that one this Nighthawk R7000. Is this type of setup possible with the router I've chosen?

Thank you for te quick response! I've tried that, but I see nowhere to enter in the IP adress for external access. Where do I tell it what 50.149.12.741 "means"? I also have more than one computer I'd like to do this with - with different external static IPs.

While speed is important, the ultimate goal is to deliver a seamless user experience. By increasing throughput, you promote better productivity with fast and secure access to mission-critical cloud and on-premises applications.

Why upgrade: SonicWall Central Management Server (CMS) provides organizations with a single administrative user interface for reporting and management of all SMA appliances. This even includes SSL certificate management and policy roll-outs.

Downtime happens. But organizations do their best to ensure business continuity and scalability, not to mention service-level agreements are being met. Service providers vastly improve Quality of Service (QoS) and workforce productivity by being in proactive in this area.

Why upgrade: Appliances managed by CMS can be configured as Active/Active or Active/Standby high-availability (HA) clusters for redundancy, availability and reliability. The solution includes Global Traffic Optimizer (GTO) for intelligent load-balancing and universal session persistence in case of failovers.

While much storage today is outsourced to clouds or servers, having large onboard modules is still a key capability. It allows for the local storage of logs, reports, file transfer inspection, firmware backups and restores, and more.

SMA is an advanced access security gateway that offers secure access to network and cloud resources from any device. SMA provides centralized, granular, policy-based enforcement of remote and mobile access to any corporate resource delivered using a hardened Linux-based appliance. Available as hardened physical appliances or powerful virtual appliances, SMA fits seamlessly into any existing IT infrastructure.

I have a server which is a domain controller with active directory, a DHCP server, and which contains network drives. With my previous ISP, I used a SonicWall and had a VPN for my remote users to access the network drives. Once the VPN was connected I could "add a network location" as if I was on site.

I have not been able to configure a Client VPN in the MX67 to work in the same way. I got as far as having a remote computer connect to the Meraki Client VPN using the Meraki Cloud Authentication, but I can't get the network drives connected.

I did some tests and the Meraki won't let me access network drives that are not in the same subnet, even if they are connected to the same switch. I guess whatever is causing this is also preventing VPN clients from accessing the network as well. Do you have any idea of why this is happening?

Right now I have my server and another computer plugged directly into the MX using different ports. If I place them in the same VLAN I can access the network drives, but if they are in different VLANs I lose access. My guess is whatever is causing this is also giving me trouble with the Client VPNs.

@alemabrahao It's been ages since I used client VPN on an MX but I am sure I had to add in rules allowing traffic from VPN to Local LAN. If I am wrong or thats changed thats incredibly insecure as a default setting.

Layer 3 firewall rules are a powerful tool for permitting and denying Client VPN traffic. Although Client VPN users are considered part of the LAN, network administrators may see a need for limiting overall access. Firewall rules can be used to limit access for VPN users to specific addresses/ports or ranges of addresses. Such as allowing access to most information, but denying access to sensitive resources to VPN users.

We are having similar issues, users connect to VPN but can't access shared drive back on HQ network..never been an issue before..user having issue is running windows 11, looking to see if windows 10 users are having same issue..

so getting feedback from my users, anyone that did not do fresh VPN connection attempt in last 2 hours or so is still connected to VPN fine and can access the shared drive on our network. Any new connections get connected very briefly then dropped. Some get an error, some don't. Has to be an ongoing issue with Meraki MX firewalls since issue just started in last few hours.

Well, none of my customers have reported any issues and Meraki has not made any official announcements. You are using a native Windows Client VPN, so it could be that Microsoft has released an update that is affecting systems as it has in the past.

Same thing happening here. I discovered that the user was shutting down laptop while still connected to the VPN session. I asked the user to disconnect from the VPN before shutting down the laptop to see if that formal VPN termination fixes the issue. I am not sure why the Meraki client VPN service would keep alive a session for that long without activity, though.

I disabled the firewall but it didn't help. I did some tests and the Meraki won't let me access network drives that are not in the same subnet, even if they are connected to the same switch. I guess whatever is causing this is also preventing VPN clients from accessing the network as well. Do you have any idea of why this is happening?

I checked my URL list and saw that IP had been added by me earlier in the day, I removed it and bingo VPN connection stayed connected. Virus Total has mixed reviews on this IP, see below. Cisco Umbrella Investigate shows safe as well.

MILPITAS, Calif., July 18, 2024 /PRNewswire/ -- SonicWall announced today the launch of Cloud Secure Edge (CSE), offering an innovative suite of Zero Trust Access offerings designed specifically for MSPs who are meeting customers with increasingly remote work forces on their cloud migration journeys. With flexible, cost-effective solutions for remote access and internet access, CSE empowers organizations to securely connect employees and third-party users to resources from any device and location with unparalleled simplicity and security.

Born from years of delivering innovative Security Service Edge (SSE) solutions for mid-enterprise customers, CSE is a unified, cloud-delivered multi-tenant platform for MSPs of all sizes. Customers will be able to choose from a range of Secure Internet Access (SIA) and Secure Private Access (SPA) solutions that replace legacy VPNs with cloud-native solutions that deliver network security at all price points. For organizations that want to combine zero trust with firewall protection, SonicWall is embedding a Private Connector in SonicWall Next-Gen Firewalls (NGFW) to strengthen existing multi-layer security with a zero trust architecture, providing unprecedented ease of deployment while leveraging existing infrastructure.

"In today's dynamic threat landscape, where remote work and cloud adoption are accelerating, organizations need a flexible security solution that can seamlessly protect users and data across any network environment," said SonicWall Executive Vice President of Product Strategy Tarun Desikan. "Banyan was an early innovator and market leader in delivering SSE to enterprises of all sizes. CSE takes that experience and adds SonicWall's network security knowledge to launch highly flexible and cost-effective solutions - ensuring that any organization can maintain high-performance connectivity while safeguarding against evolving cyber threats. These innovative offerings, designed in consultation with SonicWall MSPs, not only simplify deployment and management but also enhance overall security posture, making them essential and accessible tools for evolving IT environments."

While established vendors offer complex SSE solutions geared toward large enterprises, CSE fills the gap experienced by SMEs by providing a straightforward, scalable ZTNA solution ideal for MSPs and their mid-market and SMB customers. CSE adds to our existing remote access solutions enabling SonicWall to help any business no matter what phase they're at in their transition to the cloud.

"When we acquired Banyan in January, we said we would empower partners by delivering a security architecture for any stage of their customers' evolving cloud journey," said SonicWall CEO and President Bob VanKirk. "Cloud Secure Edge is the first step of that delivery, with additional MSP-friendly components of the SSE stack to follow. We are redefining SSE for the SME market by combining simplicity and management with robust security, empowering organizations to embrace zero trust principles effortlessly. Our goal is to provide our partners and their customers with confidence that their data and resources are protected, regardless of where their workforce operates."

3a8082e126