New firmware SonicOS 6.5.4.13 allows for SSL VPN with Virtual Office disabled for Non Lan. I am on TZ400
I was looking through the logs and someone attempted to log in to my Virtual Office.
I just happen to see a post about a new firmware update on the subreddit and I went to check the release notes. What a lucky break.
I just tested it and no more “User login denied due to bad credentials” on port 8433
No more explaining to the insurance company why we need the 433 or derivatives ports to be open
No more explaining to pentesters why that is a critical port and cannot be closed
No more explaining to finance VP why we need to have it open (they would just forget it next week)
Under SSL VPN–> Portal Settings → Disable Virtual Office on Non-Lan Interfaces
I want to turn off the Portal, but this is used for enrolling users into 2fa with google authenticator. Is there a different way to enrol the users, rather than using the portal?
Unless I’m missing something, you still need the SSLVPN port open to allow NetExtender/MobileConnect users to connect. The setting just disables the virtual office so that no web page loads when visited in a browser.
Unless you don’t use SSLVPN, but in that case you would just have the service disabled on the SonicWall in the first place.
I just installed this yesterday. I have been waiting for a way to completely turn off the virtual office. What a useless thing.
Same boat and great question!
Excellent point. My guess would be SNWL haven’t addressed this
yes you are right. I meant the web page to be disable. Often the pentesters will ask us to close the port because they think we host a webserver
Disabling virtual office frontend does not affect SSLVPN services. Still need to have the port open, but nothing happens when you visit that port on the web.
I get the sense everyone excited about is not using 2fa on VPN which is also something that auditors ask. That was my question as well. Does Sonicwall expect us to enable and disable on demand when needed to register with an Authenticator.