Adding MyWorkDrive to a Sonicwall SSL VPN Appliance
Sonicwall VPN appliances support application offloading to reverse proxy internal web servers. While http(s) bookmarks may work for some websites they are very limited and do not do true reverse proxying of web applications. Sonicwall provides the following support document which describes Application Offloading.
To enable Application Offloading of the MyWorkDrive Website pointing to an internal IP address perform the following steps:
Ensure the MyWorkDrive WebClient site is bound to port 80 (if you wish you may also use port 443 if this is bound to the site with an SSL certificate however externally the Sonicwall SSL VPN/SMA Appliance will encrypt the site using your application offload site host name.
2. Ensure “Require SSL” is not enabled under settings on the MyWorkDrive admin (only needed if you not connecting over https/port 443).
3. Test internal access and resolve any Windows Firewall settings on the MyWorkDrive server to ensure site is accessible at http:// your ip address: e.g. http://192.168.1.34
4. Determine a hostname that you will use for users to reference this new portal site. It will be a 2nd site (not the same site) on your SMA appliance. For example your main site might be https://remote.yourcompany.com and your MWD site might be https://files.yourcompany.com. Install either a wildcard certicate to cover both hosts or an additional SSL certificate to for your new MWD application host name.
5. Create the Application Offload site on the Sonicwall Appliance – Go to Portals, Click “Offload Web Application” Leave default type of “General” selected and click next:
6. Enter a portal name, Portal Domain Name ( this will be an actual FQDN which you will point to in your public DNS):
7. Click Continue to setup security (assuming Web Application Firewall is licensed), then in step 4 customize the portal name to identify it as your MyWorkDrive site.
8. Click Finish. You Sonicwall Website portal will restart (less than 30 seconds).
9. Optionaly add the new portal to your active directory domains under portals. This will require users to login twice to connect to the site.
10. Test Access: Setup an external PC with a manual host entry to the external IP of your Sonicwall appliance that uses the host name you created in step 4 – e.g. files.yourcompany.com
11. Connect to your new virtual appliance application offload site – e.g. https://files.yourcompany.com and test access. You should be able to login without issue and access files on your MyWorkDrive server.
12. Complete setup by creating your public DNS records.
13. Optionally create an external bookmark on your primary Sonicwall SSL VPN portal pointing to your new portal URL – e.g. https://files.yourcompany.com
14. Optionally edit portal – Offloaded Web Application – Virtual Host settings to require secure communications with MWD back end site (assuming an SSL Certificate exists in the MWD Webclient site bound to port 443) and enable TLS 1.2 communications to encrypt all communications with the back end site. Click the box to Force SSL/TLS Version for Proxy Connections – Choose TLS v1.2: