Wildfire and Spark with VPN (Sonicwall)

Sergio · March 30, 2006, 5:41pm

My network has many VPN’'s, all using Sonicwall routers, how can I setup the Spark to access the Wildfire throgh the VPN ?

LG1 · March 30, 2006, 6:04pm

Welcome Sergio,

Spark connects to Wildfire port 5222. I’‘m not sure if you want to change the Spark setup or your VPN configuration. I did never saw a Sonicwall router before but I’'m quite sure that you can configure it that the connections to the Wildfire server are made using a VPN.

LG

Troy · March 30, 2006, 7:59pm

preid

Yes I agree with your statement. I was mistaken with my comments.

Usually with the VPN connections you are “inside” the network so usually no need really to have to open any ports.

Troy

Message was edited by: tduval

Paul_Reid · March 31, 2006, 2:56pm

If you’‘re using VPNs, there shouldn’‘t be anything blocking access to the Wildfire server - VPNs will pass most any kind of traffic through the tunnel from site to site. If your SonicWalls have the Intrusion Prevention Service installed on them, attempt to connect to the Wildfire server, then check the SonicWall’'s logs. The SonicWall IPS service will likely have flagged the IM traffic and blocked it. There are links in the log file to take you to the signature in question that you need to disable, if this case applies to you.

Otherwise, it should be easy as pie.

Message was edited by: preid

Jay · April 1, 2006, 4:50am

If the user is connected to the VPN, there should be nothing aditional needed unless you have some policy restricting connections. Just make sure the clients can connect to port 5222 on the Wildfire server.

Something to keep in mind is Sonicwall’'s are known for just killing off old mostly-idle sessions. Even non-idle sessions that last too long.

LG1 · April 1, 2006, 9:17am

Hi,

I have no idea how you do set up a VPN but I see most of the ports blocked in the VPN’'s I can access. Actually everything may be routed into it but only specific traffic reaches the other end and I bet this is a more common setup than allowing everything to reach the other end, especially if you are using some hardware and not a simple OpenVPN client.

LG

Paul_Reid · April 1, 2006, 11:12am

With SonicWall (we are a reseller for SonicWall), all ports are open by default (unless the Intrustion Prevention Service is installed, which I mentioned earlier). Unless the administrator has locked down traffic through the tunnel, all traffic should be able to pass on any port. The Intrusion Prevention Service is a packet inspection module that detects certain types of traffic - such as Jabber, MSN, Yahoo, etc. By default, the IPS service blocks Jabber traffic, so it must be disabled if IPS is installed on the unit on either end.