Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Answer/Article
Article Applies To:
Affected SonicWALL Security Appliance Platforms:
Gen5: NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400MX, NSA 240
Gen5 TZ Series: TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 Wireless,
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
Gen4: TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless
Firmware/Software Versions:
All versions of SonicOS Enhanced for UTM appliances.
All versions of SonicWALL Global VPN Client (GVC), including v.4.2.6.305, v.4.0.0.842
Description:
This article will show users how to configure a 'Route all Traffic' WAN GroupVPN Policy on a SonicWALL UTM appliance. The result is that remote
computers with SonicWALL Global VPN Client (GVC) software connected to the policy will route all internet traffic through its VPN connection to the UTM
network. Once traffic from remote users' GVC computers to the UTM network is decrypted and unencapsulated from the VPN, the original destinations
of the traffic from the remote computer are honored and used for routing. Traffic from the GVC client destined for the Internet will be routed to the
UTM device's WAN gateway router and traffic destined for the LAN and other internal networks will be routed as per the routing logic which applies to
local hosts. Routing All Traffic through the SonicWALL allows an administrator to protect a user by enforcing Intrusion Prevention, Gateway Anti-Virus,
Anti-Spyware, Client Anti-Virus, Content Filtering, and other policies on remote users traffic.
The related configurations on the UTM appliance which has subscriptions for the various Security Services mentioned above are done in the Network -
Zones screen. There are enforcement checkboxes for the various Security Services, and usually they are turned on the for the LAN and WAN zones.
To accomplish the abovementioned protection of traffic coming across a a 'Route all Traffic' WAN GroupVPN Policy, the administator must enable the
VPN zone enforcements for the Intrusion Prevention, Gateway Anti-Virus, Anti-Spyware, Client Anti-Virus, and / or Content Filtering services.
Recommended Versions
SonicOS Enhanced 5.0 and above on a Gen5 SonicWALL UTM Appliance
SonicWALL GVC 4.2.6.305 (the last released versions, supported on all versions of Windows XP and Vista, both 32- and 64-bit)
The examples in this article use the default access rules which are created when enabling the WAN Group VPN. These default access rules allow all VPN
Traffic to pass to the LAN and WAN.
Procedure:
Task list:
1. Configure Users (No need to configure if you are using an external LDAP server)
2. Configure WAN GroupVPN
3. Configure Internal DHCP Server (not needed if you are using an External DHCP Server)
4. Configure DHCP over VPN for External Server (Not needed if you are using an Internal DHCP Server)
5. Configure NAT Policies
Before You Begin
Decide if you are using an LDAP server or Local Users for authentication
Decide if you are using the SonicWALL Internal DHCP server or an External DHCP Server
Configure Users
Select Local Users from the Users Menu (not needed if using LDAP)
Click Add User
UTM - VPN: How to configure a 'Route all Traffic' WAN GroupVPN Policy
Page 1 of 10 UTM - VPN: How to configure a 'Route all Traffic' WAN GroupVPN Policy
08.02.2012 https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6430&p=t
Fill out the details on the Settings tab, then click the VPN Access Tab.
Be sure to give the user access to a Network, LAN Subnets is chosen in the example below. Click OK.
Configure Groups
(not needed if using Local Users)
Go to the Users - Local Groups screen
Click the Configure icon by the Group for which you are providing VPN Access configurations.
Page 2 of 10 UTM - VPN: How to configure a 'Route all Traffic' WAN GroupVPN Policy
08.02.2012 https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6430&p=t
Click on the VPN Access tab and be sure to select a Network this group has access to (LAN Subnets and WAN RemoteAccess Networks are
selected in the example below)
Click OK
Configure WAN GroupVPN