SonicWALL Internet Security Appliances Require authentication of local users, Require authentication of remote users, Enable Windows Networking (NetBIOS) broadcast, Apply NAT and firewall rules, Forward Packets to Remote VPNs

Page 188 SonicWALL Internet Security Appliance Administrator’s Guide

Require authentication of local users

Selecting this check box requires that all outbound VPN traffic on this SA is from an authenticated

user. Unauthenticated traffic is not allowed on the VPN tunnel.

Require authentication of remote users

Enabling this feature requires that all inbound traffic on this SA is from an authenticated user.

Unauthenticated traffic is not allowed on the VPN tunnel. Select Remote users behind VPN gateway

if remote users have a VPN tunnel terminating on the VPN gateway. Select Remote VPN clients

behind VPN gateway if remote users require authentication using XAUTH and are accessing the

SonicWALL via a VPN client.

Enable Windows Networking (NetBIOS) broadcast

Computers running Mi cr os of t Wi nd ows® co mmunicate with one another through NetBIOS broadcast

packets. Select the Enable Windows Networking (NetBIOS) broadcast check box to access remote

network resources by browsin g the Wi nd ow s® Ne two rk Ne ighb orhood.

Apply NAT and firewall rules

This feature allows a remote site’s LAN subnet to be hidden from the corporate site, and is most

useful when a remote office’s network traffic is initiated to the corporate off ic e. The IPSec tunnel is

located between the SonicWALL WAN interface and the LAN segment of the corporation. To protect

the tra ffic, NAT (Network A ddress Tr anslation ) is perfor med on the outbound packet be fore it is s ent

through the tunnel, and in turn, NAT is performed on inbound packets when they are received. By

using NAT for a VPN connection, computers on the remote LAN are viewed as one address (the

SonicWALL public address) from the corporate LAN.

If the SonicWALL uses the Standard network configuration, using this ch eck box applies the firewall

access rules and checks for attacks, but not NAT.

Alert You cannot use this feature if you hav e Route all internet tra ffic through this SA enab led.

Alert Offices can have overlapping LAN IP ranges if the Apply NAT and firewall rules option is

selected.

Forward Packets to Remote VPNs

Selecting the Forward Packets to Remote VPNs check box for a Security Association allows the

remote VPN tun ne l to p ar ti cip at e i n th e So ni cW ALL r ou tin g t ab le . I nb ou nd tr aff ic is de cr yp ted a nd

can now be forwarded to a remote site via another VPN tunnel. Normally, inbound traffic is

decrypted and o nly forwarded to the S o nicWALL LAN or a speci fic route on the LAN specified on the

Routes tab located under the Advanced section.

Enabling this feature allows a network administrator to create a “hub and spoke” network

configuration by forwarding inbound traffic to a remote site via a VPN secur ity ass ociation. To create

a “hub and spoke” network, enable the Forward Packets to Remote VPNs check box for each