|
|
The SonicWALL can be configured as an Intranet firewall to prevent network users from accessing sensitive servers. By default, users on your LAN can access the Internet router, but not devices connected to the WAN port of the SonicWALL. To enable access to the area between the SonicWALL WAN port and the Internet, you must configure the Intranet settings on the SonicWALL.Creating an Intranet firewall is achieved by connecting the SonicWALL between an unprotected and a protected segment.
Note!
The Intranet page settings are needed only if the SonicWALL is in standard mode
and there are nodes other than the Internet router on the WAN.
Connect the LAN Ethernet port on the back of the SonicWALL to the network segment to be protected against unauthorized access.
Alert!
Devices connected to the WAN port do not have firewall protection. It is recommended
that you use another SonicWALL Internet security appliance to protect computers
on the WAN.
Connect the SonicWALL to a power outlet. For SonicWALL PRO 200,PRO 300, PRO 230, and PRO 330, press the Power Switch to the ON position.
To enable an Intranet firewall, you must specify which machines are located on the LAN, or you must specify which machines are located on the WAN.
Tip!
It is best to select the network area with the least number of machines. For
example, if only one or two machines are connected to the WAN, select Specified
address ranges are attached to the WAN link. That way, you only have to
enter one or two IP addresses in the Add Range section. Specify the IP
addresses individually or as a range.
Select one of the following four options:
SonicWALL WAN link is connected directly to the Internet router - Select this option if the SonicWALL is protecting your entire network. This is the default setting.
Specified address ranges are attached to the LAN link - Select this option if it is easier to specify the devices on your LAN. Then enter your LAN IP address range(s). If you do not include all computers on your LAN, the computers not included will be unable to send or receive data through the SonicWALL.
Specified address ranges are attached to the WAN link - Select this option if it is easier to specify the devices on your WAN. Then enter your WAN IP address range(s). Computers connected to the WAN port that are not included are inaccessible to users on your LAN.
Add Range - To add a range of addresses, such as "199.2.23.50" to "199.2.23.54", enter the starting address in the From Address field and the ending address in the To Address field. An individual IP address should be entered in the From Address field only.
Tip!
Up to 64 address ranges can be entered.
Click Update. Once the SonicWALL has been updated, a message confirming the update is displayed at the bottom of the browser window.
Note!
This feature is available only on the PRO 100, 200, 300, 230, 330, and GX series.
VPN Single-Armed Mode allows you to deploy a SonicWALL as a stand-alone VPN gateway with single port (WAN) utilized as a VPN tunnel termination point. Clear text traffic is routed to the single interface and the data is encapsulated to the appropriate IPSec gateway.
An example of a deployment is to place the SonicWALL between the existing firewall and the router connected to the Internet. Traffic is sent in clear text to the SonicWALL, then encrypted and sent to the appropriate VPN Gateway.
Alert!
VPN Single Armed Mode can only be enabled if the SonicWALL is in Standard mode
on the Network tab. If you are not using Standard for your Network mode, a warning
message is displayed.
If VPN Single-Armed Mode (stand-alone VPN gateway) is enabled, a warning message appears. Click OK to enable the SonicWALL in VPN Single Armed Mode.
You can use the following example information to configure the IP addresses on a SonicWALL for VPN Single Armed Mode:
WAN IP Address: 66.120.118.11
Subnet Mask: 255.255.255.0
LAN IP Address 192.168.1.1
Subnet Mask: 255.255.255.0
WAN IP Address:66.120.118.25
Subnet Mask: 255.255.255.0
LAN IP Address: 192.168.3.1
Subnet Mask: 255.255.255.0
WAN IP Address: 66.120.118.13
Subnet Mask: 255.255.255.0
LAN IP Address: 192.168.2.1
Subnet Mask: 255.255.255.0
To configure a SonicWALL in VPN Single Armed Mode in front of an existing SonicWALL, follow these steps.
Configure the Remote and Corporate SonicWALLs in your preferred networking mode.
Configure a VPN SA using IKE and Preshared Secret on the Remote SonicWALL using the VPN SonicWALL WAN IP address, 66.120.118.13, as the IPSec Gateway, and the Corporate SonicWALL WAN IP address, 66.120.118.25, as the Destination Network.
Configure a Static Route on the Local SonicWALL to send network traffic destined for the Remote SonicWALL to the VPN SonicWALL.
Configure the VPN SonicWALL in Standard networking mode.
Click Advanced, then Intranet. Select the VPN Single Armed Mode (stand alone VPN gateway) checkbox, and click Update. A rule is automatically added to the VPN SonicWALL for HTTPS management from the WAN. The LAN port is disabled when you configure a SonicWALL for VPN Single Armed mode.
Configure a VPN SA using IKE and Preshared Secret on the VPN SonicWALL to securely connect to the Remote SonicWALL. Enter the Remote SonicWALL WAN IP address as the IPSec Gateway and the Remote SonicWALL LAN IP Address range as the Destination Network, if configuring “Many to One NAT”.
Click Advanced, and then Routes. Enter the Corporate SonicWALL WAN IP address in the Dest. Network field. Enter the subnet mask in the Subnet Mask field. Enter the Local SonicWALL WAN IP address as the Gateway, and select WAN from the Link menu. Click Update.
Now that all SonicWALLs are configured, network traffic on the corporate SonicWALL destined for the remote office is routed to the VPN SonicWALL, encrypted, and sent to the remote SonicWALL.