I'm in the process of setting up a TZ300 for remote VPN access. The TZ300 is currently setup behind a DrayTek Vigor2862 router, all PC's connect to the LAN port on TZ300 (192.168.10.1), the WAN port of the TZ300 (192.168.1.2) is connected to the LAN port of the router (192.168.1.1).
So all internet traffic is routed from the router to the TZ300 and then to the PC's.
I've setup WAN GroupVPN along with a test user on the TZ300 using the wizard and I'm now trying to connect to the VPN using the Global VPN Client.
I'm guessing that do this I'll need to setup a port forwarding rule on the router to route the public/WAN IP of the router to the WAN IP of the TZ300 but I do not know which ports to forward with it.
I'm also unsure whether I'll need to setup another rule on the TZ300 to forward traffic to the LAN side?
Any help or advice on this would be very much appreciated.
Thanks
Best Answer
You will need to forwards UDP ports 500 and 4500 to the TZ300, since Sonicwall uses IPSEC for GVC clients.
You should not need another firewall or NAT rule to allow GVC clients to the LAN, however, your users will need to have the propers Subnets/Address Objects in the VPN Access tab of the User/Group properties.
Reference: How to Restrict VPN Access to GVC Users