Basic Configuration of SSL VPN with SonicWALL
By: Andre Ainsworth
No matter the hardware manufacturer, there is a continual growing trend with the use of SSL VPN capabilities over the standalone IPSEC VPN client. The use of SSL VPN connections has the following benefits:
- Ease of administration – There is no need to manually install a VPN client on each remote user’s end device.
- More widely usable – Some ISPs restrict IPSEC VPN client connectivity. As SSL is a standard for web connectivity, as long as the ISP allows basic web surfing, use of SSL VPN is usable mostly anywhere.
- Cross-platform support – Most operating systems, including mobile, now have support for SSL VPN connectivity.
- This guide references a SonicWALL device running SonicOS Enhanced 188.8.131.52-4o
- This is a basic configuration with local authentication. It can be used to establish initial connectivity for future enhancements such as web portal application bookmarks, LDAP/RADIUS authentication and VPN group policies.
- First, confirm the licensing of your device – Under “System”, select the “Licenses” option. Reference the “SSL VPN” section. The number listed under “Count” is the number of sessions you can have active at once. Please be aware of the difference between this field and the “Global VPN Client” field. The latter is the IPSEC VPN license.
- Enable SSL VPN capabilities – On the left side-bar, click “SSL VPN” and select “Server Settings”. Here, you’ll have to click the red button beside “WAN” to enable SSL VPN connectivity to the WAN interface. I like to enable it on the LAN as well for initial testing. This will allow SSL VPN connectivity in case you, or the end user, only have internal connectivity. In this window, you can also change the SSL VPN port. The SonicWALL default is TCP 4433.
- Add a local user – On the left side-bar, click “Users” and select “Local Users”. Here is where we add a user to the local database stored on the SonicWALL device itself. Click the “Add User” button.
- Add User – Fill in the name and password fields
- Add User – Next, select the “Groups” tab. Select “SSLVPN Services” and click the “->” button. Confirm it is now listed under the “Member Of” window.
- Add User – Next, select the “VPN Access” tab. Select “LAN Subnets” and click the “->” button. Confirm it is now listed under the “Access List” window.
- Test Connectivity – You should now be able to open a web browser and surf to https://<<EXTERNAL-IP-ADDRESS>>:4433 . Login using the credentials you configured previously. The default Domain should be “LocalDomain”.
- If a successful logon, you should see the SonicWALL Virtual Office welcome screen. This tests SSL VPN connectivity. Here, you can configure the portal bookmarks and/or download the NetExtender application for future use.