SonicWALL’s products are among the more popular unified threat management (UTM) devices available for small businesses. Let’s see how to set up a virtual private network (VPN) using the SonicWALL NSA 220 Network Security Appliance; other products in this line are very similar.
The NSA 220 Wireless-N is a small device with three antennas that can act as a wireless access point, along with a firewall, intrusion prevention and VPN. The device is administered through a Web browser, and the interface of the NSA 220 is similar to other UTM products that Dell offers through its SonicWALL brand. The company has a range of UTM appliances; choose one depending on how large a network is to be supported, how many users will connect to that network via the VPN, how fast an Internet connection is available.
(To understand why to use a VPN to enable remote network access by employees working from home or other remote locations, check out this post.)
NSA 220 configuration interfaces
The NSA 220 has a series of wired network ports; each port can be configured with its own firewall policy. For example, you can configure the device to mandate that all guest users connect to the device via one port. Alternatively, all the wired ports can be bridged together for a flat network.
There are three different major configuration interfaces for the NSA 220. First is a wizard that walks through the six different steps to specify which ports to use for the VPN, how the traffic will be encrypted, and other parameters. This is probably the fastest way to get a VPN going, and in most cases the default choice are appropriate.
The wizard might not handle your particular circumstances. Perhaps you need to deploy a Secure Sockets Layer (SSL) VPN. Make use of the Server Settings screen to connect the VPN to the user directory and to specify if it is permitted to manage the VPN via a browser link.
Finally, there are a series of screens that allow for more granular configuration. One displays the global VPN policies for the device, as you can see below. There is a simple switch to enable or disable the overall VPN functionality for the device. It also shows which active VPN connections, also known as tunnels, are currently in use. Click on the Add button to add a new policy to this list.
Once you’ve pressed the Add button, a screen appears with four tabs that allow you to fill out the various parameters needed to configure a new VPN policy. Pick the specific protocol, authentication method, and local network for the VPN when it has successfully connected.
The final series of settings is for the Web portal page that end users will see when first connected to the VPN. You may use a corporate logo and other explanatory text as well as other information on the settings page.
Setting up VPN clients
Once the SonicWALL VPN has been configured, the next step is to set up each of the individual clients that will be connecting to the VPN. Download the VPN client software and install it on each remote client that you wish to connect up to the VPN server.
This link is for the Windows VPN client for older versions of Windows. Use it for Windows XP, Windows Vista, Windows 7 and Windows 8.0. It comes in both 32-bit or 64-bit versions.
And here is the link for the a newer VPN client, called Mobile Connect. This client is for iOS version 6.0 or higher, Mac OS X 10.9 or higher, Android v4.0 and higher and Kindle Fire devices based on Android v4.0.3 or higher, as well as Windows 8.1.
Once the appropriate VPN client is downloaded and installed, enter the user credentials. The client will connect back to the office network through the SonicWALL appliance, and users should be able to see network shares and other local resources as if they were directly connected to that local network. Although their data is flowing through the public Internet, it is encrypted and protected end-to-end.
Learn about the four types of SSL certificates available.
Also published on Medium.