How it Works
Dell
Loading...
SRA 7.0
User Manual
174 pgs12.38 Mb0
Table of contents
Loading...

Dell SRA 7.0 User Manual

SRA 7.0
User Guide
| 1
Notes, Cautions, and Warnings
NOTE: A NOTE indicates important information that helps you make better use of your system.
CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are
not followed.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
2 | SRA 7.0 User Guide
© 2013 Dell Inc.
Trademarks: Dell™, the DELL logo, SonicW ALL™, SonicWALL ViewPoint™, Reassembly-Free Deep Packet Inspection™, Dynamic Security for the Global Network™, SonicWALL Clean VPN™, SonicWALL Clean Wireless™, SonicWALL Global Response Intelligent Defense (GRID) Network™, SonicWALL Mobile Connect™, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc.
2013 – 4 P/N 232-002179-00 Rev. A
Table of Contents
Chapter 1. Using This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Organization of this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Guide Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Current Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Quick Access Work Sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Chapter 2. Virtual Office Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Virtual Office Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Accessing Virtual Office Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Browser Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Web Management Interface Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Logging Out of the Virtual Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 3. Using Virtual Office Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Importing Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Using Two-Factor Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
User Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
User Configuration Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Using One-Time Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
User Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
User Configuration Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Verifying User One-Time Password Configuration. . . . . . . . . . . . . . . . . . . . . . 24
Chapter 4. Using NetExtender . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
User Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Prerequisites for MacOS Clients: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Prerequisites for Linux Clients: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Using Mobile Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Prerequisites for Apple iOS Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Prerequisites for Android Smartphone Clients . . . . . . . . . . . . . . . . . . . . . . . . . 27
User Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Table of Contents | 3
Installing NetExtender Using the Mozilla Firefox Browser . . . . . . . . . . . . . . . . 28
Installing NetExtender Using the Internet Explorer Browser . . . . . . . . . . . . . . 30
Installing NetExtender Using the Chrome Browser. . . . . . . . . . . . . . . . . . . . . . 32
Launching NetExtender Directly from Your Computer . . . . . . . . . . . . . . . . . . . 33
Configuring NetExtender Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Configuring NetExtender Connection Scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configuring Batch File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Configuring Proxy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Configuring NetExtender Log Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring NetExtender Advanced Properties. . . . . . . . . . . . . . . . . . . . . . . . . 41
Configuring NetExtender Packet Capture Properties . . . . . . . . . . . . . . . . . . . . 42
Viewing the NetExtender Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Disconnecting NetExtender . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Upgrading NetExtender. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Changing Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Authentication Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Uninstalling NetExtender. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Verifying NetExtender Operation from the System Tray . . . . . . . . . . . . . . . . . 46
Using the NetExtender Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 47
Installing NetExtender on MacOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Using NetExtender on MacOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Installing NetExtender on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Using NetExtender on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Installing and Using NetExtender for Windows Mobile. . . . . . . . . . . . . . . . . . . 56
Passwords in NetExtender Mobile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Installing NetExtender on Android Smartphones. . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Using NetExtender on Android Smartphones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Connecting to NetExtender. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Exiting or Disconnecting from NetExtender . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Checking Status, Routes, and DNS Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Configuring Profiles, Preferences, and Proxy Servers . . . . . . . . . . . . . . . . . . . 71
Changing Your Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Chapter 5. Using Secure Virtual Assist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Using Secure Virtual Assist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Installing and Launching Secure Virtual Assist . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuring Secure Virtual Assist Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Selecting a Secure Virtual Assist Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Launching a Secure Virtual Assist Technician Session . . . . . . . . . . . . . . . . . . 81
Performing Secure Virtual Assist Technician Tasks . . . . . . . . . . . . . . . . . . . . . 83
Initiating a Secure Virtual Assist Session from the Customer View . . . . . . . . 89
4 | SRA 7.0 User Guide
Initiating Secure Virtual Assist on a Linux Client . . . . . . . . . . . . . . . . . . . . . . . . 96
Using Secure Virtual Assist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Using Secure Virtual Assist in Unattended Mode . . . . . . . . . . . . . . . . . . . . . . 100
Enabling a System for Secure Virtual Access . . . . . . . . . . . . . . . . . . . . . . . . . 101
Using the Request Assistance Feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Using Secure Virtual Meeting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
User Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Coordinator Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Participant Role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Chapter 6. Using File Shares. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Using the File Shares Applet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
User Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Configuration Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Using HTML-Based File Shares. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Chapter 7. Managing Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Adding Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Citrix Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
RDP ActiveX and Java Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Web Bookmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
FTP Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
SSHv2 Bookmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Editing Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Removing Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Using Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Using Remote Desktop Bookmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Using VNC Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Using FTP Bookmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Using Telnet Bookmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Using SSHv1 Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Using SSHv2 Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Using Web Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Using File Share Bookmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Using Citrix Bookmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Global Bookmark Single Sign-On Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Per-Bookmark Single Sign-On Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Appendix A. Support Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
GNU General Public License (GPL) Source Code . . . . . . . . . . . . . . . . . . . . . . . . 167
Limited Hardware Warranty. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
End User Licensing Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Table of Contents | 5
6 | SRA 7.0 User Guide

About this Guide

Welcome to the Dell SonicWALL SRA User Guide. It provides information on using the Dell SonicWALL SRA user portal called Virtual Office that allows you to create bookmarks and run services over the Dell SonicWALL SRA appliance.
Always check http://www.sonicwall.com/us/Support.html for the latest version of this manual as well as other Dell SonicWALL products and services documentation.

Organization of this Guide

The Dell SonicWALL SRA User Guide organization is structured into the following parts:
Chapter 1 Using this Guide
This chapter provides helpful information for using this guide. It.includes conventions used in this guide, information on how to obtain additional product information, and a Quick Access Worksheet that you should complete before using the SRA appliance.
Chapter 1

Using This Guide

Chapter 2 Virtual Office Overview
This chapter provides an overview of new Dell SonicWALL SRA appliance user features, NetExtender, File Shares, Secure V irtual Assist, Secure Virtual Access, Secure Virtual Meeting, services, sessions, bookmarks, and service tray menu options.
Chapter 3 Using Virtual Office Features
This chapter provides procedures on importing certificates, using Two-Factor authentication, and using One-Time Passwords.
Chapter 4 Using NetExtender
This chapter provides procedures on installing, configuring, and using NetExtender.
Chapter 5 Using Virtual Assist
This chapter provides procedures on installing and using Virtual Assist and Virtual Meeting.
Chapter 6 Using File Shares
This chapter provides procedures on using file shares.
Chapter 7 Managing Bookmarks
This chapter provides procedures on configuring bookmarks.
Appendix A Support Information
This appendix provides the Limited Hardware Warranty, End User Licensing Agreement, and Dell SonicWALL Support contact information.
Using This Guide | 7

Guide Conventions

The following conventions used in this guide are as follows:
Convention Use
Bold Highlights dialog box, window, and screen names. Also highlights
buttons. Also used for file names and text or values you are being instructed to type into the interface.
Italic Indicates the name of a technical manual. Also indicates emphasis
on certain words in a sentence. Sometimes indicates the first instance of a significant term or concept.

Current Documentation

Check the Dell SonicWALL documentation Web site for the latest versions of all Dell SonicWALL product documentation at http://www.sonicwall.com/us/Support.html

Quick Access Work Sheet

Use the Quick Access Work Sheet to collect important information that you will need and should be completed by your network Administrator to allow remote users SSL VPN access.
IP Address:___________________________________________________ User Name:___________________________________________________ Password:___________________________________________________ Domain:_____________________________________________________
8 | SRA 7.0 User Guide
This chapter provides an overview of the Dell SonicWALL SSL VPN user portal. It also includes an introduction to the SRA appliance and its features and applications. This chapter contains the following sections:
“Virtual Office Overview” section on page 9
“Browser Requirements” section on page 10
“Web Management Interface Overview” section on page 12

Virtual Office Overview

Dell SonicWALL SSL VPN Virtual Of fice provides secure remote access to network resources, such as applications, files, intranet Web sites, and email through Web access interface such as Microsoft Outlook Web Access (OWA). The underly ing protocol used for these sessions is SSL.
With SSL VPN, mobile workers, telecommuters, partners, and customers can access information and applications on your intranet or extranet. What information should be accessible to the user is determined by access policies configured by the Dell SonicWAL L SSL VPN Administrator.
Chapter 2

Virtual Office Overview

Accessing Virtual Office Resources

Remote network resources can be accessed in the following ways:
Using a standard Web browser - To access network resources, you must log into the SSL
VPN portal. Once authenticated, you may access intranet HTTP and HTTPS sites, offloaded portals, Web-based applications, and Web-based email. In addition, you may upload and download files using FTP or Windows Network File Sharing. All access is performed through a standard Web browser and does not require any client applications to be downloaded to remote users’ machines.
Using Java thin-client access to corporate desktops and applications – The Dell
SonicWALL SRA security appliance includes several Java or ActiveX thin-client programs that can be launched from within the Dell SonicWALL SRA security appliance. Terminal Services and VNC Java clients allow remote users to access corporate servers and desktops, open files, edit and store data as if they were at the office. Terminal Services provides the ability to open individual applications and support remote sound and print services. In addition, users may access Telnet and SSH servers for SSH version 1 (SSHv1) and SSH version 2 (SSHv2), from the SSL VPN portal.
Using the NetExtender SSL VPN client – The Dell SonicWALL SSL VPN network
extension client, NetExtender, is available through the SSL VPN V irtual Of fice port al via an ActiveX control or through stand-alone applications for Windows, Linux, MacOS, Windows Mobile, and Android smartphone platforms. To connect using the SSL VPN client, log into the portal, download the installer application and then launch the NetExtender connector to establish the SSL VPN tunnel. The NetExtender Android client has a different installation process, described in this guide. Once you have set up the SSL VPN tunnel, you can access network resources as if you were on the local network.
Virtual Office Overview | 9
The NetExtender standalone applications are automatically installed on a client system the first time you click the NetExtender link in the Virtual Office portal. The standalone client can be launched directly from users’ computers without requiring them to log in to the SSL VPN portal first.
Using the SonicWALL Mobile Connect app – SonicWALL Mobile Connect is an app for
iPhone and iPad that, like NetExtender, uses SSL VPN to enable secure, mobile connections to private networks protected by Dell SonicWALL security appliances. For information about installing and using SonicWALL Mobile Connect, see the SonicWALL Mobile Connect User Guide available on www.sonicwall.com, at:
http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=482
For SSL VPN to work as described in this guide, the SonicW ALL SRA security appliance must be installed and configured according to the directions provided in the SonicWALL SRA Getting Started Guide for your model.

Browser Requirements

The following Web browsers are supported for the SSL VPN Virtual Office portal:
Internet Explorer 8.0+, 9.0+
Firefox 16.0+
Safari 5.0+
Chrome 22.0+
For Administrator management interface Web browser compatibility, refer to the SonicWALL SSL VPN Administrator Guide.
10 | SRA 7.0 User Guide
The following table provides specific browser requirements.
plication Proxy
atures and Browser
Requirements
NetExtender
RDP5 (ActiveX)
RDP5 (Java 1.6.0_10+)
VNC (Java 1.6.0_10+)
Telnet (Java 1.6.0_10+)
, SSHv2 ( Java 1.6.0_10+)
, HTTPS, FTP (Browser)
Windows XP Windows Vista Windows 7 Linux MacOS X
browser independent
(Java 1.6.0_10+)
browser independent
(Java 1.6.0_10+)
How to read this table:
RDP5 (Java 1.6.0_10)
Feature
OS Platform
Minimum Recommended
Browser
Browser Versions:
8
8
81622
8
5
16
16
16
16
22
22
22
File Sharing (Browser)
haring (Java 1.6.0_10+)
Citrix (ActiveX)
Citrix (Java 1.6.0_10+)
Virtual Assist
(Java not required)
browser independent
(Java 1.6.0_10+)
browser
1
independent
(Java 1.6.0_10+)
Notes:
1 MacOS and Linux supports Virtual Assist on the client­side only. Technician must be running a supported version of Windows operating system.
1
To configure SonicOS SSL VPN firmware, an Administrator must use a Web browser with JavaScript, cookies, and SSL enabled.
Virtual Assist is fully supported on Windows platforms. Virtual Assist is certified to work on Windows 7, Windows Vista and Windows XP. Limited functionality is supported on Mac OS where customers can request for assistance via web-requests.
Virtual Office Overview | 11

Web Management Interface Overview

From your workstation at your remote location, launch an approved Web browser and browse to your SRA appliance at the URL provided to you by your network Administrator.
Step 1 Open a Web browser and enter https://192.168.200.1 (the default LAN management IP
address) in the Location or Address field.
Step 2 A security warning may appear. Click the Yes button to continue.
Step 3 The SonicWALL SSL VPN Management Interface displays and prompts you to enter your
user name and password. As a default value, enter admin in the User Name field, password in the Password field, and select a domain from the Domain drop-down list and click the Login button. Only LocalDomain allows Administrator privileges. Note that your Administrator may have set up another login and password for you that has only user privileges.
12 | SRA 7.0 User Guide
The default page displayed is the Virtual Office home page. The default version of this page shows a SonicWALL logo, although your company’s system Administrator may have customized this page to contain a logo and look and feel of your company. Go to the Virtual
Office Overview, page 9 to learn more about the Virtual Office home page.
From the Virtual Office portal home page, you cannot navigate to the Administrator’s environment. If you have Administrator’s privileges and want to enter the Administrator environment, you need to go back to the login page and enter a username and password that
have Administrator privileges, and login again using the LocalDomain domain. Only the LocalDomain allows Administrator access to the management interface. Also note that the domain is independent of the privileges set up for the user.
Logging in as a user takes you directly to Virtual Office. The Virtual Of fice Home p age displays as shown here.
The Virtual Office content will vary based on the configuration of your network Administrator. Some bookmarks and services described in the SonicWALL SSL VPN User Guide may not be displayed when you log into the SonicWALL SRA security appliance.
The Virtual Office consists of the nodes described in the following table.
Node Description
File Shares Provides access to the File Shares utility, which gives remote users with
a secure Web interface access to Microsoft File Shares using the CIFS (Common Internet File System) or SMB (Server Message Block) proto­cols. Using a Web interface similar in style to Microsoft’s familiar Net­work Neighborhood or My Network Places, File Shares allow users with appropriate permissions to browse network shares, rename, delete, retrieve, and upload files, and to create bookmarks for later recall.
NetExtender Provides access to the NetExtender utility, a transparent SSL VPN cli-
ent for Windows, MacOS, Linux, Windows Mobile, or Android smart­phone users that allows you to run any application securely on the remote network. It acts as an IP-level mechanism provided by the vir­tual interface that negotiates the ActiveX component (on Windows with IE), using a Point-to-Point Protocol (PPP) adapter instance. On non­Windows platforms except Android, Java controls are used to automati­cally install NetExtender from the Virtual Office portal. After installation, NetExtender automatically launches and connects a virtual adapter for SSL secure NetExtender point-to-point access to permitted hosts and subnets on the internal network.
Virtual Office Overview | 13
Node Description
Secure Virtual Assist Provides access to Virtual Assist, an easy to use tool that allows Sonic-
WALL SSL VPN users to remotely support customers by taking control of their computers while the customer observes. Virtual Assist is a light­weight, thin client that installs automatically using Java from the Sonic­WALL SSL VPN Virtual Office without requiring the installation of any external software. For computers that do not support Java, Virtual Assist can be manually installed by downloading an executable file from the Virtual Office.
Secure Virtual Meeting Provides access to Virtual Meeting, which allows multiple users to view
a desktop and interactively participate in a meeting from virtually any­where with an Internet connection. Virtual Meeting is similar to the one­to-one desktop sharing provided by Virtual Assist except multiple users can share a desktop.
Secure Virtual Access (if config­ured by Administrator
Bookmarks Provides a list of available bookmarks which are objects that enable
Options Provides the option to change user password and use single sign-on, if
Online Help Launches online help for Virtual Office. Tips/Help Provides a short list of common questions and tips about the Virtual
Logout Logs you out of the Virtual Office environment.
Secure Virtual Access allows Technicians to gain access to systems outside the LAN of the SRA appliance. After downloading and installing the thin client for Secure Virtual Access mode, the system will appear only on that Technician’s Virtual Assist support queue, within the SRA ’s management interface.
you to connect to a location or application conveniently and quickly.
enabled by the Administrator.
Office.
The Home page provides customized content and links to network resources. The Home Page may contain support contact information, VPN instructions, company news, or technical updates.
Only a Web browser is required to access intranet Web sites, File Shares, and FTP sites. VNC, Telnet and SSHv1 require Java. SSHv2 provides stronger encryption than SSHv1, requires SUN JRE 1.4 or above and can only connect to servers that support SSHv2. T ermina l Services requires either Java or ActiveX on the client machine.
As examples of tasks you can perform and environments you can reach through V i rtual Of fice, you can connect to:
Intranet Web or HTTPS sites – If your organization supports Web-based email, such as
Outlook Web Access, you can also access Web-based email
The entire network by launching the NetExtender client
FTP servers for uploading and downloading files
The corporate network neighborhood for file sharing
Telnet and SSH servers
Desktops and desktop applications using Terminal Services or VNC.
Email servers via the NetExtender client.
The Administrator determines what resources are available to users from the SonicWALL SSL VPN Virtual Office. The Administrator can create user, group, and global policies that disable access to certain machines or applications on the corporate network.
The Administrator may also define bookmarks, or preconfigured links, to Web sites or computers on the intranet. Additional bookmarks may be defined by the end user.
14 | SRA 7.0 User Guide
SonicWALL NetExtender is a software application that enables remote users to securely connect to the remote network. With NetExtender, remote users can virtually join the remote network. Users can mount network drives, upload and download files, and access resources in the same way as if they were on the local network.

Certificates

If the SRA appliance uses a self-signed SSL certificate for HTTPS authentication, then it is recommended to install the certificate before establishing a NetExtender connection. If you are unsure whether the certificate is self-signed or generated by a trusted root Certificate Authority , SonicWALL recommends that you import the certificate. The easiest way to import the certificate is to click the Import Certificate button at the bottom of the Virtual Of fice home page.
If the certificate is not issued by an authorized organization, a message is displayed warning users of the risk. A user can then view detailed information and choose to continue or end the connection.

Logging Out of the Virtual Office

T o end your session, simply return to the V irtual Office home page from wherever you are within the portal and click the Logout button.
When using the Virtual Office with the admin username, the Logout button is not displayed. This is a security measure to ensure that Administrators log out of the administrative interface, and not the Virtual Office.
Virtual Office Overview | 15
16 | SRA 7.0 User Guide
This chapter provides details on how to use the features in the Dell SonicWALL SSL VPN user portal. This chapter contains the following sections:
“Importing Certificates” section on page 17
“Using Two-Factor Authentication” section on page 17
“Using One-Time Passwords” section on page 22

Importing Certificates

If the SSL VPN gateway uses a self-signed SSL certificate for HTTPS authentication, then it is recommended to install the certificate before establishing a NetExtender connection. If you are unsure whether the certificate is self-signed or generated by a trusted root Certificate Authority , Dell SonicWALL recommends that you import the certificate.
If using Internet Explorer, the easiest way to import the certificate is to click the Import Certificate button at the bottom of the Virtual Office home page. The following warning messages may be displayed:
Chapter 3

Using Virtual Office Features

Click Yes. The certificate will be imported.
Note Certificates can only be imported through this method if you are using Internet
Explorer. Certificates for other browsers such as Chrome or Firefox must be
imported manually.

Using Two-Factor Authentication

The following sections describe how to log in to the SSL VPN Virtual Office portal using two­factor authentication:
“User Prerequisites” on page 18
“User Configuration Tasks” on page 18
Using Virtual Office Features | 17

User Prerequisites

Before you can log in using two-factor authentication, you must meet the following prerequisites:
Your Administrator has created your user account.
You have an account with a two-factor authentication server that conforms to the RFC
standard.

User Configuration Tasks

The following sections describe how users log in to the Dell SonicWALL SRA appliance using the two types of two-factor authentication:
“RSA Two-Factor User Authentication Process” on page 18
“VASCO Two-Factor User Authentication Process” on page 20
“Other RADIUS Server Two-Factor Authentication Process” on page 21
RSA Two-Factor User Authentication Process
The following sections describe user tasks when using RSA two-factor authentication to log in to the Dell SonicWALL SSL VPN Virtual Office:
“Logging into the SSL VPN Virtual Office Using RSA Two-Factor Authentication” on
page 18
“Creating a New PIN” on page 19
“Waiting for the Next Token Mode” on page 20
Logging into the SSL VPN Virtual Office Using RSA Two-Factor Authentication
To log in to the Dell SonicWALL SSL VPN Virtual Office using RSA two-factor authentication, perform the following steps.
18 | SRA 7.0 User Guide
Step 1 Enter the IP address of the SRA appliance in your computers browser. The authentication
window is displayed.
Step 2 Enter your username in the Username field. Step 3 The first time you log in to the Virtual office, your entry in the password field depends on
whether your system requires a PIN:
If you already have a PIN, enter the passcode in the Password field. The passcode is
the user PIN and the SecurID token code. For example, if the user’s PIN is 8675 and
the token code is 30966673, then the passcode is 867530966673.
If a PIN is required, but you do not yet have a PIN, enter the SecurID token code in the
Password field. You will be prompted to create a PIN.
If the RSA server does not require a PIN, simply enter the SecurID token code.
Step 4 Select the appropriate Domain. If manually entering the Domain, it is case-sensitive. Step 5 Click Login.
Creating a New PIN
Note Consult with your network Administrator to determine if your configuration requires
a PIN.
The RSA Authentication Manager automatically determines when users are required to create a new PIN. will determines that user associated with a particular token requires a new PIN. The SRA appliance prompts the user to enter new PIN.
Using Virtual Office Features | 19
Enter the PIN in the New PIN field and again in the Confirm PIN field and click OK. The PIN must be between 4 and 8 characters long.
Step 6 The RSA Authentication Manager verifies that the new PIN is an acceptable PIN. If the PIN is
accepted, the user is prompted to log in with the new passcode.
Waiting for the Next Token Mode
If user authentication fails three consecutive times, the RSA server requires the user to generate and enter a new token. To complete authentication, the user is prompted to wait for the token to change and enter the next token.
VASCO Two-Factor User Authentication Process
The following sections describe user tasks when using RSA two-factor authentication:
“Logging into the SSL VPN Virtual Office Using VASCO Two-Factor Authentication” on
page 21
“Creating a New PIN” on page 19
20 | SRA 7.0 User Guide
Logging into the SSL VPN Virtual Office Using VASCO Two-Factor Authentication
T o log in to the Dell SonicW ALL SSL VPN Virtual Of fice using V ASCO two-factor authentication, perform the following steps:
Step 1 Enter the IP address of the SRA appliance in your computer’s browser. The authentication
window is displayed.
Step 2 Enter your username in the Username field. Step 3 Enter the passcode in the Password field. Y our entry in the p assword field depends on whether
your system requires a PIN:
If you already have a PIN, enter the passcode in the Password field. The passcode is
the user PIN and the VASCO Digipass token code. For example, if the user’s PIN is
8675 and the token code is 30966673, then the passcode is 867530966673.
If a PIN is required, but you do not yet have a PIN, enter the VASCO Digipass code in
the Password field. You will be prompted to create a PIN.
If the RSA server does not require a PIN, simply enter the VASCO Digipass code.
Note Consult with your network Administrator to determine if your configuration requires
a PIN.
Step 4 Select the appropriate Domain. If manually entering the Domain, it is case-sensitive. Step 5 Click Login.
Other RADIUS Server Two-Factor Authentication Process
T o log in to the Virtual Of fice using another type of RADIUS server for two-factor authentication, perform the following steps:
Step 1 Enter the IP address of the SRA appliance in your computers browser. The authentication
window is displayed.
Step 2 Enter your username in the Username field. Step 3 Enter your password in the Password field. Step 4 Select the appropriate Domain. If manually entering the Domain, it is case-sensitive. Step 5 Click Login.
Using Virtual Office Features | 21
Step 6 Y ou will be prompted to enter additional information, the det ails of which will depend on the type
of RADIUS server used. The example below shows an M.ID RADIUS server, which first prompt s you to “Please enter the M.ID PIN.” Enter the PIN in the Challenge field and click OK.
Step 7 You will then be prompted to “Please enter the M.ID Passcode.” Enter the passcode received
through email or text message in the Challenge field and click OK.

Using One-Time Passwords

The following sections describe how to use one-time passwords:
User Prerequisites, page 22
User Configuration Tasks, page 23
Verifying User One-Time Password Configuration, page 24

User Prerequisites

Users must have a user account enabled in the SSL VPN management interface. Only users enabled by the Administrator to use the One-Time Password feature will need to perform the following configuration tasks. The Administrator must enable a correct email address that is accessible by the user . Users cannot enable the One-T ime Password feature and they must be able to access the SSL VPN Virtual Office portal.
22 | SRA 7.0 User Guide

User Configuration Tasks

To use the One-Time Password feature, perform the following steps:
Step 1 If you are not logged into the SSL VPN Virtual Office user interface, open a Web browser and
type the Virtual Office interface URL in the Location or Address bar and press Enter. Type in your user name in the User Name field and your password in the Password field, then select the appropriate domain from the Domain drop-down menu. Click Login.
Step 2 The prompt “A temporary password has been sent to user@email.com” will appear, displaying
your pre-configured email account.
Step 3 Login to your email account to retrieve the one-time password. Step 4 Type or p aste the one-time password into the Password: field where prompted and click Login. Step 5 You will be logged in to the Virtual Office.
Note One-time passwords are immediately deleted after a successful login, and cannot
be used again. Unused one-time passwords will expire according to each user’s
timeout policy.
Configuring One-Time Passwords for SMS-Capable Phones
One-Time Passwords can be configured to be sent via email directly to SMS-capable phones. Contact your cell phone service provider for further information about enabling SMS.
Below is a list of SMS email formats for selected major carriers, where 4085551212 represents a 10-digit telephone number and area code.
Note These SMS email formats are for reference only . These email formats are subject to
change and may vary. You may need additional service or information from your
provider before using SMS. Contact the SMS provider directly to verify these format s
and for further information on SMS services, options, and capabilities.
Verizon: 4085551212@vtext.com
Sprint: 4085551212@messaging.sprintpcs.com
AT&T: 4085551212@mobile.att.net
Cingular: 4085551212@mobile.mycingular.com
T-Mobile: 4085551212@tmomail.net
Nextel: 4085551212@messaging.nextel.com
Virgin Mobile: 4085551212@vmobl.com
Qwest: 4085551212@qwestmp.com
For a more complete list, see the Dell SonicWALL SSL VPN Administrator's Guide.
Using Virtual Office Features | 23

Verifying User One-Time Password Configuration

If you are successfully logged in to Virtual Office, you have correctly used the One-Time Password feature.
If you cannot login using the One-Time Password feature, verify the following:
Are you able to login to the Virtual Office without being prompted to check your email for a
one-time password? You have not been enabled to use the One-Time Password feature. Contact your SSL VPN Administrator.
Is your email address correct? If your email address has been entered incorrectly, contact
your SSL VPN Administrator to correct it.
Is there no email with a one-time password? Wait a few minutes and refresh your email
inbox. Check your spam filter. If there is no email after several minutes, try to login again to generate a new one-time password.
Have you accurately typed the one-time password in the correct field? Re-type or copy and
paste the one-time password.
24 | SRA 7.0 User Guide
This chapter explains how to configure and use Dell SonicWALL NetExtender and includes the following sections:
“User Prerequisites” section on page 25
“User Configuration Tasks” section on page 27
“Verifying NetExtender Operation from the System Tray” section on page 46

User Prerequisites

Prerequisites for Windows Clients:
Windows clients must meet the following prerequisites in order to use NetExtender:
One of the following platforms:
Windows 7 Services Pack 1
Windows Vista Service Pack 2 (32-bit & 64-bit)
Windows XP Home or Professional, Windows XP Service Pack 3
Chapter 4

Using NetExtender

One of the following browsers:
Internet Explorer 8.0 and higher
Mozilla Firefox 16.0 and higher
Google Chrome 22.0 and higher
To initially install the NetExtender client, the user must be logged in to the PC with
administrative privileges.
Downloading and running scripted ActiveX files must be enabled on Internet Explorer.
If the SSL VPN gateway uses a self-signed SSL certificate for HTTPS authentication, it is
necessary to install the certificate before establishing a NetExtender connection. If you are unsure if the certificate is self-signed or generated by a trusted root Certificate Authority, Dell SonicWALL recommends that you import the certificate. The easiest way to import the certificate is to click the Import Certificate button on the Virtual Office home page.
Note Import Certificate is available from the Virtual Office port al only when using Internet
Explorer on Windows 2000 or Windows XP.

Prerequisites for MacOS Clients:

MacOS clients meet the following prerequisites in order to use NetExtender:
MacOS 10.5 and higher
Java 1.5 and higher
Both PowerPC and Intel Macs are supported.
Using NetExtender | 25

Prerequisites for Linux Clients:

Linux 32-bit or 64-bit clients are supported for NetExtender when running one of the following distributions (32-bit or 64-bit):
Linux Fedora Core 15 or higher, Ubuntu 11.10 or higher, or OpenSUSE 10.3 or higher
Java 1.5 and higher is required for using the NetExtender GUI.
The NetExtender client has been known to work on other distributions as well, but these are not officially supported.
Note Open source Java Virtual Machines (VMs) are not currently supported. If you do not
have Java 1.5 or higher, you can use the command-line interface version of
NetExtender.

Using Mobile Connect

SonicWALL Mobile Connect serves the same function as NetExtender on Apple iOS devices and Android devices, as listed below.

Prerequisites for Apple iOS Clients

SonicWALL Mobile Connect is supported on Apple iPhone, iPad, and iPod Touch devices running Apple iOS:
iPhone 4S – running Apple iOS 5 or higher
iPhone 4 – running Apple iOS 4.2 or higher
iPhone 3GS – running Apple iOS 4.2 or higher
iPhone 3G – running Apple iOS 4.2 or higher
iPad 3 – running Apple iOS 4.2 or higher
iPad 2 – running Apple iOS 4.2 or higher
iPad – running Apple iOS 4.2 or higher
iPod Touch (2nd Generation or later) – running Apple iOS 4.2 or higher
Mobile Connect acts as a NetExtender client when connecting to the Dell SonicWALL SRA. For Mobile Connect access to succeed, the portal must be set to allow NetExtender connections and the user account and group must be authorized to use NetExtender.
SonicWALL Mobile Connect is an app for iPhone and iPad that, like NetExtender, uses SSL VPN to enable secure, mobile connections to private networks protected by Dell SonicWALL security appliances. For information about installing and using SonicWALL Mobile Connect, see the SonicWALL Mobile Connect User Guide at:
http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=482
Mobile Connect is compatible with SRA and is a free download from iOS and Android (4.0+) app stores.
26 | SRA 7.0 User Guide

Prerequisites for Android Smartphone Clients

The NetExtender Android client is supported on rooted smartphones running the following versions of the Android operating system:
1.6 or higher
The NetExtender Android client is compatible with any Dell SonicWALL SSL VPN firmware version that supports the NetExtender Linux client, specifically:
SSL VPN 4.0 and higher
As new features are added, users must install the updated client to access all the features supported by the new firmware. Likewise, if a new client is used with older firmware, some client features may not be functional. For best results, the latest firmware should always be used with the latest client.
Note Only rooted devices are supported for NetExtender Android in Dell SonicWALL
SRA.
The rooting requirement is due to limitations and restrictions of the Android platform.
A layer 3 VPN client like NetExtender requires root permission for certain necessary
OS level operations.
Warning Rooting your phone may void your warranty. Consult your contract or User Guide, or call
your service provider for more information.
Alternatively, the SonicWALL Mobile Connect client can be used for smartphones running Android version 4.0 or higher.

User Configuration Tasks

Dell SonicWALL NetExtender is a software application that enables remote users to securely connect to the remote network. With NetExtender, remote users can virtually join the remote network. Users can mount network drives, upload and download files, and access resources in the same way as if they were on the local network.
The following sections describe how to use NetExtender on the various supported platforms:
Windows Platform Installation
“Installing NetExtender Using the Mozilla Firefox Browser” section on page 28
“Installing NetExtender Using the Internet Explorer Browser” section on page 30
Windows Platform Usage
“Launching NetExtender Directly from Your Computer” section on page 33
“Configuring NetExtender Properties” section on page 35
“Configuring NetExtender Connection Scripts” section on page 37
“Configuring Proxy Settings” section on page 39
“Configuring NetExtender Log Properties” section on page 40
“Disconnecting NetExtender” section on page 44
“Upgrading NetExtender” section on page 44
“Authentication Methods” section on page 45
“Verifying NetExtender Operation from the System Tray” section on page 46
Using NetExtender | 27
“Using the NetExtender Command Line Interface” section on page 47
MacOS Platform
“Installing NetExtender on MacOS” section on page 48
“Using NetExtender on MacOS” section on page 50
Linux Platform
“Installing NetExtender on Linux” section on page 51
“Using NetExtender on Linux” section on page 53
Windows Mobile Platform
“Installing and Using NetExtender for Windows Mobile” section on page 56
Android Smartphone Platform
“Installing NetExtender on Android Smartphones” section on page 60
“Using NetExtender on Android Smartphones” section on page 63

Installing NetExtender Using the Mozilla Firefox Browser

To use NetExtender for the first time using the Firefox browser, perform the following:
Step 1 To launch NetExtender, first log in to the SSL VPN portal. Step 2 Click the NetExtender button.
Step 3 The first time you launch NetExtender, it will automatically add an add-on to Firefox.
28 | SRA 7.0 User Guide
Step 4 Click the Install button. The portal will automatically install the NetExtender stand-alone
application on your computer. If an older version of NetExtender is installed on the computer, the NetExtender launcher removes the old version and installs the new version.
Step 5 Once the NetExtender application is installed, a message appears instructing you to restart
Firefox. Click the Restart Now button.
Step 6 When Firefox restarts, the NetExtender Status window displays, indicating that NetExtender
successfully connected.
The Status tab provides the following information:
Field Description
Server Indicates the name of the server to which the NetExtender
client is connected. Client IP Indicates the IP address assigned to the NetExtender client. Sent Indicates the amount of traffic the NetExtender client has
transmitted since initial connection. Received Indicates the amount of traffic the NetExtender client has
received since initial connection. Throughput Indicates the current NetExtender throughput rate.
Using NetExtender | 29
Closing the window (clicking the x icon in the upper right corner of the window) does not close the NetExtender session, but minimizes it to the system tray for continued operation. Also, a balloon icon in the system tray appears, indicating NetExtender has successfully installed.
Step 7 The NetExtender icon is displayed in the task bar.

Installing NetExtender Using the Internet Explorer Browser

Dell SonicWALL SSL VPN NetExtender is fully compatible with Microsof t Windows 7 32-bit and 64-bit, and supports the same functionality as with other Windows operating systems. NetExtender is also compatible with the Mac OS X Lion 10.7.
Note It may be necessary to restart your computer when installing NetExtender Windows 7.
Internet Explorer Prerequisites
It is recommended that you add the URL or domain name of your SSL VPN server to Internet Explorer’s trusted sites list. This will simplify the process of installing NetExtender and logging in, by reducing the number of security warnings you will receive. To add a site to Internet Explorer’s trusted sites list, complete the following procedure:
Step 1 In Internet Explorer, go to Tools > Internet Options. Step 2 Click the Security tab. Step 3 Click the Trusted Sites icon and click the Sites... button to open the Trusted sites window.
30 | SRA 7.0 User Guide
Loading...
+ 144 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use