Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blocking Ip Addresses With Sonic Wall


  • Please log in to reply
5 replies to this topic

#1 Securities

Securities

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 27 February 2007 - 11:13 PM

This should be easy for someone here. We have several servers, each in a different location. Each server is solitary, no network. Each server needs to be occasionally accessed from a remote location through the Internet by the client that uses that server.

I know the Sonic Wall SOHO2 has a lot of fancy features that we probably donít need. OK, here is the question. How can we block ALL IP addresses except two or three we want to have access.

Second question: IF we can block all IP addresses except the two or three we may use, do we still need other features enabled to prevent intrusion. Hint, someone invaded one of our servers, loaded in their own software, and used it to run a scam.

Have I missed anything?

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:17 PM

Posted 27 February 2007 - 11:18 PM

Are you currently using the SOHO2 firewall? If so are you running in NAT mode. You would be in nat mode if your internal computers are running on a private IP addresses like 192.168.x.x or 10.0.0.x

#3 Securities

Securities
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 27 February 2007 - 11:44 PM

Thank you.

I bought the SOHO2 used and have not hooked it up yet. I wanted to find out everything I could before going to the client location to install it. As noted, each server is a single separate unit in a unique location. We will be adding a firewall to each server. The server does not interface with any other internal computers.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:17 PM

Posted 28 February 2007 - 10:51 AM

Are the remote clients using static ip addresses? Or do they get random ip addresses assigned to them?

If they are static ip addresses, then I would just setup each firewall using NAT. That way each server gets an IP address that is private . For example:

Location 1
Router Internet Ethernet: 192.168.1.1
Server Ethernet: 192.168.1.2

Location 2
Router Internet Ethernet: 192.168.2.1
Server Ethernet: 192.168.2.2

Location 3
Router Internet Ethernet: 192.168.3.1
Server Ethernet: 192.168.3.2

Then at each location, you would plug the ethernet cable to the Internet router or switch in the wan port of the firewall. Then on each firewall, map the ports that you need open back to the server using port forwarding. Then add filters into the router that only the specific ip addresses that your clients use can access it.

Now on the other hand, if your clients are using random ip addresses, ie home users, then this can become a bit more difficult. Since you do not know the IP address that the remove client will use, you can't make a filter that allows it in. In this situations the only thing that works is to use a VPN. I believe the soho2 has a VPN upgrade that you can purchase.

#5 Securities

Securities
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 28 February 2007 - 11:58 AM

Thank you.

Each server has three remote clients, the customer and us. Each customer has a random IP address, while we have two static IP addresses.

If I understand this correctly, we would require a Firewall at the remote client end as well as the server end. That would be difficult because some of those are in other states. Also, since Sonicwall uses IPSec VPN implementation, isnít that another place that can be hacked?

Would it be practical to use NAT to enable a certain range of IP addresses?

Edited by Securities, 28 February 2007 - 11:59 AM.


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:17 PM

Posted 01 March 2007 - 11:36 AM

VPNs are typically secure enough that you should not need to worry about it.

Would it be practical to use NAT to enable a certain range of IP addresses?


It would, but unfortunately you do not know the ip address that will be connecting to you, therefore it is hard to make a rule allowing that IP address in.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users