Installation / Configuration

The 200 is basically set up in a "one armed" connection (Figure 3). Unlike a router that has separate WAN and LAN ports, traffic flows in and out of the single X0 port, which you just plug into your LAN's switch. The four X1 ports are there mainly because the same chassis is used for Sonicwall's TZ150 firewall. But it also possible to establish a separate subnet behind the 200 using these ports and put clients there that will only be able to be accessed via the appliance.

The 200 comes set to 192.168.200.1, so you'll need to change the IP address of the computer that you use to access its built-in secure (HTTPS) web admin interface.

Figure 3: VPN 200 connection

Upon login, you'll be presented with the System > Status screen (Figure 4). A browse through the other System menus will find options for NTP server (Time), saving and restoring system settings and upgrading firmware (Settings), failed login attempt lockout (Administration), generating and managing security certificates (Certificates), various Diagnostics and Restarting the 200.

Figure 4: System Status screen

One of your first stops will be the Network > Interfaces screen, where you'll change the IP address of the X0 port to match your LAN, as I did in Figure 5.

Figure 5: Network Interfaces screen

I also stopped at the DNS and Routes screens to enter my LAN's DNS server and Gateway IP addresses. I didn't bother defining any Hosts in Host Resolution, so it held only the default "sslvpn" for the 200 itself. The Network Objects screen lets you define combinations of services and IP addresses that are handy to have when defining access policies later. Since my needs were simple I made no entries there.

Now we're ready to add a user to the 200 via the Users > Local Users page (Figure 6). There is a wealth of options available for controlling what users can see and do via the 200 and also how and from where they can log in. Options include idle timeout, ability to add, edit and delete "Bookmarks" (explained shortly) and permit/deny policies based on user, IP address, IP range and more.

Note that the same configuration options are available for Groups and both User and Groups have Global Policies, too. Note that policies can be edited and deleted, but not temporarily disabled.

Figure 6: Users > Local Users screen

Check out the slideshow for more 200 configuration options

Once you've finished defining a user, you're ready to see the 200 in action. But in order to access the 200 from outside your LAN, you'll need to forward port 443 (HTTPS) through your router to the 200's IP address—as you would for any server that you access from the Internet. If you want to have automatic redirection from HTTP to HTTPs, then also forward port 80 (HTTP). Contrary to the description in the Administrator's Guide, neither of these ports can be changed for the 200.

Comments (6)

Show/Hide comments

Tags: Sonicwall, SSL, VPN,

Related Articles: