This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Authenticating external users to firewall like Sonicwall?
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- Authenticating external users to firewall like Sonicwall?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-21-2013 06:56 PM
Hi all,
I am configuring a PA-500 for a POC exercise with a customer who is currently using a Sonicwall.
While there are obviously other/better ways to accomplish this and I realize how silly this is, given the limited scope I'm presently working in, I need to find a way to replicate a feature they presently "require".
In Sonicwall world, a user outside the corporate network can browse to the WAN IP of the firewall and log in with their credentials to become a "Trusted User" on the firewall. A firewall rule applying only to "Trusted Users" then allows them to RDP to a different IP in their /28 which gets NAT-ed through to a Remote Desktop server on the inside. Kind of a "Captive Portal in reverse", I guess.
Is there any way to replicate this functionality as closely as possible in PAN world??
Many thanks!
--jeff
Labels:
- Labels:
-
Configuration
-
User-ID
7 REPLIES 7
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-23-2013 02:48 AM
I imagine that if they buy this thing after the POC that they'll be deploying GP, but sadly for now I have to figure out how to do this without otherwise it isn't going to fly......................
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-23-2013 03:01 AM
The use case here is for some employees with Macs to be able to log into the terminal server from home. I'm told that connecting a Mac to a Sonicwall can be a pain in the backside. Obviously GP works on OS X, and I bet the built in VPN client would work fine as well... but the preference at this point is to rock the boat as little as possible to get the blue device in the door.
I considered throwing it in in vwire mode but one of their pain points is how pokey the Sonicwall is with all the security features turned on.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-23-2013 03:27 AM
VWIRE mode with following settings should be a good way to start.
1> All the tags allowed 0-4094
2>Non-Syn-tcp-reject turned off
3>assymetric bypass tuned on
These settings would ensure that PA functions as a transparent device, staying inline.
Security features can be selectively turned on an ad hoc basis.
-HTH...!
Related Content
- Adding an External Dynamic List Object and importing the Intermediate CA certificate from the external web server that the EDL is hosted on in Next-Generation Firewall Discussions
- v-wire security newbie in Next-Generation Firewall Discussions
- Cannot log into firewall if authentication profile specifies an AD group instead of AD username in General Topics
- How to prevent local overrides... in General Topics
- Looking to switch to PAN for NGFW, need insight into IPS, reporting and analytics, network visibility, etc in Next-Generation Firewall Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks