We aren’t sure if SonicWall supports the following requirements. Its probably no brainer type questions but if anyone can comment that would be great.
Mainly we don’t want users to have to install additional VPN software and for a subset we’d prefer if they logged in via a web page where they would then get access to Windows Terminal Server.
Are any of the following supported?
VPN access using Windows 10 built in VPN client?
VPN user authentication via Windows Active Directory?
Is VPN access via a web interface supported?
Bit more detail: we are looking at a TZ500 appliance at the moment.
If you use SSL-VPN then there’s a small app in the Windows App store called SonicWALL Mobile Connect. This basically installs the plumbing into the Windows 10 VPN guts that allows connections. After that app is installed, it acts just like the native client. For connecting directly to firewalls with IPSec, as far as I know you have to use their Global VPN Client.
Yes you can do AD auth with their VPN appliances. Personally, I’ve only done that on the SRA/SMA class devices. But I presume it would be similar if you enabled SSL-VPN on a firewall.
You can login to a webpage on the SRA and SMA devices. We barely use it so I’m not entirely sure what all you can do from there. Back before that mobile access app we used it as a place for our users to download the Net Extender app. But from what I recall you can host file shares, internal web apps, and a few other things through that site. Again, we never used it in that capacity so I’m hazy about the details.
Yes all these are supported by SonicWALL but you don’t want to use some of these.
The built in VPN access through the windows 10 vpn client is sub par at best. Even the SonicWall windows 10 store app is a dumpster fire of poor programming. You want your uses to use the SSLVPN client to make your life simple. Using the windows 10 / SonicWall app from the store will have you drowning in user support calls.
Yes you can use AD for authentication for VPN. Its very easy to setup and configure
VPN access is available by a configurable web page on the SonicWall. Its called SonicWall - Virtual Office. You can brand it with your company logo’s and everything. It will give your users a place to log in and will supply them with a link to download and install the SSLVPN client if they don’t have it. If they do have it they can simply click the link and it will launch the software and connect them. You can also put shortcuts on that webpage such as RDP, SSH, Telnet or VNC.
To add to this and clarify a couple of things, you absolutely can do Active Directory auth for vpn, I have hundreds of these devices in the field in this configuration. You simply use RADIUS or LDAPS for the connectivity to AD, RADIUS via Microsoft NPS is my preference here.
As for the VPN client for Windows 10, the app you get from the store IIRC just configures the inbuilt Windows 10 SSLVPN client via powershell.
Legacy IPSEC VPN is unfortunately done with a client, but the installer is customizable and deployable somewhat via GPO. (You’ll need to push a separate configuration file along with your msi)
Sonicwall gives you tons of licensing for IPSEC Client VPN at no additional cost, the SSLVPN licenses are a separate cost, typically only 2 come with the unit except on the Supermassive series.
As /u/f0gax said they do offer dedicated VPN appliances, which have a ton more features than is included in a firewall.
Specifically speaking to the web portal RDP thing, you can absolutely upload RDP files into the firewall ui, but the functionality is somewhat limited, where all of that type of stuff is included in the SRA/SMA dedicated appliance.