I don't understand the difference between GroupVPN and other VPN policies on the SonicWall VPN configuration page. I'm trying to set up multiple different VPN connections for specific destination networks behind the firewall (e.g. one VPN that can only connect to 10.1.1.1, and another VPN that can only connect to 10.2.2.2 through 10.4.4.4 etc.).
I can connect with GroupVPN but any other policy doesn't seem to have any effect, and the configuration pages are slightly different. Help?
I don't think different policies are what you need. If your end goal is to allow some users to access network 10.1.1.1, others to access 10.2.2.2 then all of that is still part of the GroupVPN (given that all of these networks are created by that SonicWall) and is controlled by permissions. As far as the policies are concerned, the GroupVPN Policy is what allows users to connect via the GVC, but then you'll have other policies like a Site-to-Site which connects two SonicWalls in two different locations together.
Recently I was tasked with a similar project to create a policy to allow some users to connect to network B which is completely cut off from our Network A, where all the servers and users are. Naturally, I thought I needed to create a new policy, but that idea was cut short when I found out that there wasn't an option to create a second "GroupVPN" policy. After a few calls to a foreign country, I found from tech support that it's all done through permissions.
By default, I believe the SonicWall allows everyone to access all networks through the VPN. The best way I found to completely control it is to go to Users > Local Groups. There, edit the groups "Everyone", "Trusted Users", and "GlobalVPN USers" and remove all access to LAN networks on the VPN Access tab (unless you work with A LOT of users, then defining permissions with these groups might be easier). Then go to Users > Local Users and add VPN Access permissions to whatever networks they need.
When I was doing this project, I had to have an outsourced company look at a server that was inside our network. We didn't want them to have unsupervised access to our LAN, so we created a new subnet, put the machine inside of it and made them a new VPN user with access only to that subnet. Doing so worked perfectly. We had them connect to the VPN using the GVC and they could only communicate with that one machine, while the rest of my VPN users could access everything.
Hope that helps.
Also, just to clarify the difference between GroupVPN and other policies, GroupVPN is designed for remote users using the Global VPN client. Other "normal" policies are generally for site-to-site VPNs.
