Sonicwall SRA SSL VPN 5.0 ADMINISTRATORS GUIDE

COMPREHENSIVE INTERNET SECURITY
SonicWALL SRA SSL VPN 5.0
Administrator’s Guide
SonicWALL Secure Remote Access Appliances

SonicWALL SRA SSL VPN 5.0 Administrator’s Guide

2001 Logic Drive San Jose, CA 95124-3452
Phone: +1.408.745.9600 Fax: +1.408.745.9300 E-mail: info@sonicwall.com
SonicWALL SSL VPN 5.0 Administrator’s Guide
i

Copyright Notice

© 2010 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, cannot be copied, in whole
or part, without the written consent of the manufacturer, except in the normal use of th e software to make a backup copy. The same proprietary and copyright notices mu st be affixed to any permitted copies as were affixed to the original. This exception does not allo w copi es to be made fo r o ther s, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes transla ting into another language or format.
Specifications and descriptions subject to change without notice.

Trademarks

SonicWALL is a registered trademark of SonicWALL, Inc. Microsoft Windows 7, Windows Vista, Windows XP, Windows Server 2003, Windows 2000,
Windows NT, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation.
Firefox is a trademark of the Mozilla Foundation. Netscape is a registered trademark of Netscape Communications Corporation in the U.S. and
other countries. Netscape Navigator and Netscape Communicator are also trademarks of Netscape Communications Corporation and may be registered outside the U.S.
Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries.
Cisco Systems and Cisco PIX 515e and Linksys and Linksys Playtoy23 are either registered trademarks or trademarks of Cisco Systems in the U.S. and /or other countries.
Watchguard and Watchguard Firebox X Edge are either registered trademarks or trademarks of Watchguard Technologies Corporation in the U.S. and/or other countries.
NetGear, NetGear FVS318, and NetGear Wireless Router MR814 SSL are either registered trademarks or trademarks of NetGear, Inc., in the U.S. and/or other countries.
Check Point and Check Point AIR 55 are either registered trademarks or trademarks of Check Point Software Technologies, Ltd., in the U.S. and/or other countries.
Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies and are the sole property of their respective manufacturers.
ii
SonicWALL SSL VPN 5.0 Administrator’s Guide

SonicWALL GPL Source Code

GNU General Public License (GPL)

SonicWALL will provide a machine-readable copy of the GPL open source on a CD. To obtain a complete machine-readable copy, send your written request, along with a certified check or m oney order in the amount of US $25.00 payable to "SonicWALL, Inc." to: General Public License Source Code Request SonicWALL, Inc. Attn: Jennifer Anderson 2001 Logic Drive San Jose, CA 95124-3452

Limited Warranty

SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case commencing not more than ninety (90) days after the original shipment by SonicWALL), and continuing for a period of twelve (12) months, that the product will be free from defects in materials and workmanship under normal use. This Limited Warranty is not transferable and applies only to the original end user of the product. SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy under this limited warranty will be shipment of a replacement product. At SonicWALL's discretion the replacement product may be of equal or greater functionality and may be of either new or like-new quality. SonicWALL's obligations under this warranty are contingent upon the return of the defective product according to the terms of SonicWALL's then­current Support Services policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged by accident, abuse, misuse or misapplication, or has been modified without the written permission of SonicWALL.
DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply even if the express warranty set forth above fails of its essential purpose.
DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENT SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR
SonicWALL SSL VPN 5.0 Administrator’s Guide
iii
INABILITY TO USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

SonicWALL Technical Support

For timely resolution of technical support questions, visit SonicWALL on the Internet at
<http://www.sonicwall.com/us/support.html>. Web-based resources are available to help you
resolve most technical issues or contact SonicWALL Technical Support. To contact SonicWALL telephone support, see the telephone numbers listed below. See
<http://www.sonicwall.com/us/support/contact.html> for the latest technical support telephone
numbers.

North America Telephone Support

U.S./Canada - 888.777.1476 or +1 408.752.7819

International Telephone Support

Australia - + 1800.35.1642 Austria - + 43(0)820.400.105 EMEA - +31(0)411.617.810 France - + 33(0)1.4933.7414 Germany - + 49(0)1805.0800.22 Hong Kong - + 1.800.93.0997 India - + 8026556828 Italy - +39.02.7541.9803 Japan - + 81(0)3.3457.8971 New Zealand - + 0800.446489 Singapore - + 800.110.1441 Spain - + 34(0)9137.53035
iv
Switzerland - +41.1.308.3.977 UK - +44(0)1344.668.484
SonicWALL SSL VPN 5.0 Administrator’s Guide

More Information on SonicWALL Products

Contact SonicWALL, Inc. for information about SonicWALL products and services at:
Web: http://www.sonicwall.com E-mail: sales@sonicwall.com Phone: (408) 745-9600 Fax: (408) 745-9300
Current Documentation
Check the SonicWALL documentation Web site for that latest versions of this manual and all other SonicWALL product documentation.
http://www.sonicwall.com/us/support.html
SonicWALL SSL VPN 5.0 Administrator’s Guide
v
vi
SonicWALL SSL VPN 5.0 Administrator’s Guide

About This Guide

The SonicWALL SSL VPN Administrator’s Guide provides network administrators with a high­level overview of SonicWALL SSL VPN technology, including activation, configuration, and administration of the SonicWALL SSL VPN management interface and the SonicWALL SSL-VPN appliance.
Note Always check <http://www.sonicwall.com/support/documentation.html> for the latest
version of this guide as well as other SonicWALL products and services documentation.

Guide Conventions

The following conventions used in this guide are as follows:
Convention Use Bold Highlights dialog box, window, and screen names. Also
About This Guide
highlights buttons and tabs. Also used for file names and text or values you are being instructed to type into the inter­face.
Italic Indicate s the name of a technica l manual, e mphasis on cer-
Menu Item > Menu Item Indicates a multiple step Management Interface menu
Icons Used in this Manual
These special messages refer to noteworthy information, and include a symbol for quick identification:
Tip Useful information about security features and configurations on your SonicWALL.
Note Important information on a feature that requires callout for special attention.
Timesaver Useful tips about features that may save you time
tain words in a sentence, or the first instance of a significant term or concept.
choice. For example, System > Status means select the Status page under the System menu.
Indicates a client feature that is only supported on the Microsoft Windows platform.
Indicates a client feature that is supported on Microsoft Windows, Apple MacOS, and Linux
SonicWALL SSL VPN 5.0 Administrator’s Guide
vii
About This Guide

Organization of This Guide

The SonicWALL SSL VPN Administrator’s Guide is organized in chapters that follow the SonicWALL SSL VPN Web-based management interface structure.
This section contains a description of the following chapters and appendices:
“SSL VPN Overview” on page viii
“System Configuration” on page viii
“Network Configuration” on page ix
“Portals Configuration” on page ix
“NetExtender Configuration” on page ix
“Virtual Assist Configuration” on page ix
“Web Application Firewall Configuration” on page ix
“Users Configuration” on page ix
“Log Configuration” on page x
“Virtual Office Configuration” on page x
“Appendix A: Accessing Online Help” on page x
“Appendix B: Configuring SonicWALL SSL VPN with a Third-Party Gateway” on page x
“Appendix C: Use Cases” on page x
“Appendix D: NetExtender Troubleshooting” on page x
“Appendix E: FAQ” on page x
“Appendix F: Glossary” on page xi
“Appendix G: SMS Email Formats” on page xi
SSL VPN Overview
“SSL VPN Overview” on page 7 provides an introduction to SSL VPN technology and an
overview of the SonicWALL SSL-VPN appliance and Web-based management interface features. The SSL VPN Overview chapter includes SSL VPN concepts, a Web-based management interface overview, and deployment guidelines.
System Configuration
“System Configuration” on page 59 provides instructions for configuring SonicWALL SSL VPN
options under System in the navigation bar of the management interface, including:
Registering the SonicWALL appliance
Setting the date and time
Working with configuration files
Managing firmware versions and preferences
General appliance administration
Certificate management
Viewing SSL VPN monitoring reports
Using diagnostic tools
viii
SonicWALL SSL VPN 5.0 Administrator’s Guide
Network Configuration
“Network Configuration” on page 91 provides instructions for configuring SonicWALL SSL VPN
options under Network in the navigation bar of the management interface, including:
Configuring network interfaces
Configuring DNS settings
Setting network routes and static routes
Configuring hostname and IP address information for internal name resolution
Creating reusable network objects representing network resources like FTP, HTTP, RDP,
SSH and File Shares
Portals Configuration
“Portals Configuration” on page 105 provides instructions for configuring SonicWALL SSL VPN
options under Portals in the navigation bar of the management interface, including portals, domains (including RADIUS, NT , LDAP and Active Directory authentication), and custom logos.
NetExtender Configuration
“NetExtender Configuration” on page 167 provides instructions for configuring SonicWALL SSL
VPN options under NetExtender in the navigation bar of the management interface, including NetExtender status, setting NetExtender address range, and configuring NetExtender routes.
About This Guide
Virtual Assist Configuration
“Virtual Assist Configuration” on page 177 provides instructions for configuring SonicWALL
SSL VPN options under Virtual Assist in the navigation bar of the management interface, including Virtual Assist status, settings and licensing.
High Availability Configuration
“High Availability Configuration” on page 189 provides information and configuration tasks
specific to High Availability in the navigation bar of the management interface.
Web Application Firewall Configuration
“Web Application Firewall Configuration” on page 195 provides instructions for configuring
SonicWALL SSL VPN options under Web Application Firewall in the navigation bar of the management interface, including Web Application Firewall status, settings, signatures, log, and licensing.
Users Configuration
“Users Configuration” on page 237 provides instructions for configuring SonicWALL SSL VPN
options under Users in the navigation bar of the management interface, including:
Access policy hierarchy overview
Configuring local users and local user policies
Configuring user groups and user group policies
Global configuration
SonicWALL SSL VPN 5.0 Administrator’s Guide
ix
About This Guide
Log Configuration
“Log Configuration” on page 291 provides instructions for configuring SonicWALL SSL VPN
options under Log in the navigation bar of the management interface, including viewing and configuring logs and creating alert categories.
Virtual Office Configuration
“Virtual Office Configuration” on p age 301 provides a brief introduction to the Virtual Office, the
user portal feature of SonicWALL SSL VPN. The administrator can access the Virtual Office user portal using Virtual Office in the navigation bar of the SonicWALL SSL VPN Web-based management interface. Users access the Virtual Office using a Web browser. The SonicWALL SSL VPN User’s Guide provides detailed information about the Virtual Office.
Appendix A: Accessing Online Help
“Online Help” on page 305 provides a description of the help available from the Online Help
button in the upper right corner of the management interface. This appendix also includes an overview of the context-sensitive help found on most pages of the SonicWALL SSL VPN management interface.
Appendix B: Configuring SonicWALL SSL VPN with a Third-Party Gateway
“Configuring SonicWALL SSL VPN with a Third-Party Gateway” on page 307 provides
configuration instructions for configuring the SonicWALL SSL-VPN appliance to work with third­party gateways, including:
Cisco PIX
Linksys WRT54GS
WatchGuard Firebox X Edge
NetGear FVS318
Netgear Wireless Router MR814
Check Point AIR 55
Microsoft ISA Server 2000
Appendix C: Use Cases
“Use Cases” on page 327 provides use cases for importing CA certificates and for configuring
group-based access policies for multiple Active Directory groups needing access to Outlook Web Access and SSH.
Appendix D: NetExtender Troubleshooting
“NetExtender Troubleshooting” on page 345 provides troubleshooting support for the
SonicWALL SSL VPN NetExtender feature.
Appendix E: FAQ
“FAQs” on page 349 provides a list of frequently asked questions about the SonicWALL SSL
VPN Web-based management interface and SonicWALL SSL-VPN appliance.
x
SonicWALL SSL VPN 5.0 Administrator’s Guide
Appendix F: Glossary
“Glossary” on page 373 provides a glossary of technical terms used in the
SonicWALL SSL VPN Administrator’s Guide.
Appendix G: SMS Email Formats
“SMS Email Formats” on page 375 provides a list of SMS email formats for selected worldwide
cellular carriers.
About This Guide
SonicWALL SSL VPN 5.0 Administrator’s Guide
xi
About This Guide
xii
SonicWALL SSL VPN 5.0 Administrator’s Guide

Table of Contents

SonicWALL SRA SSL VPN 5.0
Administrator’s Guide ...............................................................................................i
Copyright Notice ..................................................................................................................................................ii
Trademarks ............... ......................................... ........................................ ............................................................ii
SonicWALL GPL Source Code .................................................. ......................... ......................... ....................iii
GNU General Public License (GPL) .......................................................................................................iii
Limited Warranty ............................. ......................... ......................... ......................... .........................................iii
SonicWALL Technical Support ......................... ......................... ......................... ............................................ iv
More Information on SonicWALL Products .................................................................................. .. ...............v
About This Guide .............................................................................................................................................. vii
Guide Conventions ................................................................................................................................... vii
Organization of This Guide ....................................................................................................................viii
Table of Contents ......................................................................................................1
SSL VPN Overview ....................................................................................................7
Overview of SonicWALL SSL VPN ..................................................... .. ............................. .. ...........................8
SSL for Virtual Private Networking (VPN) .............................................................................................8
SSL VPN Software Components ...............................................................................................................9
SSL-VPN Hardware Components .............................................................................................................9
Concepts for SonicWALL SSL VPN .............................................................................................................11
Encryption Overview ...................... ......................... ......................... ......................... .............................. 11
SSL Handshake Procedure ....................................................................................................................... 11
IPv6 Support Overview ............................................................................................................................ 12
Browser Requirements for the SSL VPN Administr at o r ............................... ..................................... 14
Browser Requirements for the SSL VPN End User ............................................................................ 15
Portals Overview ............... ......................... ......................... ......................... .............................................15
Domains Overview ............. ......................... ......................... ......................... ...........................................16
NetExtender Overview ....................... ......................... ......................... ......................... .......................... 16
Network Resources Overview ........ .. ............................. .. ............................. .. ............................ ............. 20
SNMP Overview ....................................................................................................................................... 26
DNS Overview ................................... ......................... ......................... ......................... ............................ 26
Network Routes Overview .................................. ........................ ......................... ...................................26
Two-Factor Authentication Overview .. ......................... ......................... ......................... ...................... 26
One Time Password Overview ................................... ......................... ......................... ..........................28
Virtual Assist Overview .......................................... ......................... ........................ .................................30
Web Application Firewall Overview ...................................................................................................... 42
What is Web Application Firewall? ........................ ............................. .. ............................. .. ..................42
Benefits of Web Application Firewall ................................................... .. ............................. .. ................ 44
How Does Web Application Firewall Work? ... .. ............................. .. ............................. .. .................... 44
Navigating the SSL VPN Management Interface ......... ............................. .. ............................. .. .................. 49
Management Interface Introduct ion ............................ .. ............................. .. ............................. .. .......... 49
Navigating the Management Interface ................................................................................................... 51
Navigation Bar .............................................. ......................... ......................... ........................................... 54
SonicWALL SSL VPN 5.0 Administrator’s Guide
1
Deployment Guidelines ....................................................................................................................................56
Support for Numbers of User Connections ..........................................................................................56
Resource Type Support .............................................................................................................................57
Integration with SonicWALL Products ..................................................................................................57
Typical Deployment ........................... ......................... ........................ ......................... .............................57
System Configuration ............................................................................................59
System > Status .................................... ......................... ......................... ............................................................60
System > Status Overview ........ .......................................................... ... ............................. .. ....................60
Registering Your SonicWALL SSL-VPN from System Status ...........................................................62
Configuring Network Interfaces .............................................. ......................... .......................................64
System > Licenses ................ ......................... ......................... ......................... ...................................................64
System > Licenses Overview ................ .. ............................. .. ............................. .. ...................................64
Registering the SSL-VPN from System > Licenses .............................. .. ............................. .. ..............67
Activating or Upgrading Licenses ........................................... ......................... ......................... ..............69
System > Support Services ...............................................................................................................................70
System > Time .................................... ......................... ......................... ......................... .....................................71
System > Time Overview ....... .. ........................................................................................ .. ......................71
Setting the Time ........................................ ......................... ......................... ...............................................72
Enabling Network Time Protocol .......................... ... ............................. .. ............................. .. ................72
System > Settings .. ......................... ......................... ......................... ......................... .........................................73
System > Settings Overview ......................................................................................... ... ........................73
Managing Configuration Files ................................................ ......................... .........................................74
Managing Firmware ............................................ ......................... ......................... .....................................76
System > Administration ................ ......................... ......................... ......................... .......................................78
System > Administration Overview ........................................... .. ............................. .. ...........................78
Configuring Login Security ............. ........................ ......................... ......................... ...............................80
Enabling GMS Management ....................................................................................................................80
Configuring Web Management Setting s ............................... ......................... ......................... ................81
Configuring the Management Interface Language ...............................................................................81
System > Certificates ......................... ......................... ......................... ......................... .....................................81
System > Certificates Overview ........................................................................................ .. ....................82
Certificate Management .................................................... ......................... ......................... ......................83
Generating a Certificate Signing Reque st ................................................ ......................... ......................83
Viewing and Editing Certificate Information ........................................................................................84
Importing a Certificate ............................................. ......................... ......................... ...............................84
Adding Additional CA Certificates .........................................................................................................85
System > Monitoring ................. ......................... ......................... ......................... .............................................85
System > Monitoring Overview ................................................ .. ............................. .. .............................85
Setting The Monitoring Period ................... ......................... ......................... ......................... ..................87
Refreshing the Monitors ...........................................................................................................................87
System > Diagnostics .................. .. ......................... ......................... ......................... .........................................88
System > Diagnostics Overview .................. ............................. .. ............................. .. .............................88
Downloading the Tech Support Report .................................................................................................89
Performing Diagnostic Tests ...................... ............................. .. ............................. .. ...............................89
System > Restart . ......................... ......................... ......................... ......................... ...........................................90
System > Restart Overview ............................................................................... .. .....................................90
Restarting the SonicWALL SSL-VPN . ......................... ......................... ......................... ........................90
2
SonicWALL SSL VPN 5.0 Administrator’s Guide
Network Configuration ...........................................................................................91
Network > Interfaces ................... ......................... ......................... ......................... .........................................92
Network > Interfaces Overview ........ .. ............................. .. ............................. .. ..................................... 92
Configuring Network Interfaces ........................................... ......................... ......................... ................ 92
Network > DNS ...................... ......................... ......................... ......................... ............................................... 94
Network > DNS Overview .................. ......................... ......................... ......................... ........................94
Configuring Hostname Settings ............... ......................... ......................... ......................... ....................95
Configuring DNS Settings ........ ........................ ......................... ......................... .....................................95
Configuring WINS Settings ......................................... ......................... ......................... .......................... 95
Network > Routes ........................... ......................... ......................... ......................... .......................................96
Network > Routes Overview ........................... ........................................................... .. .......................... 96
Configuring a Default Route for the SSL-VPN Appliance ........... ............................. .. ...................... 97
Configuring Static Routes for the Appliance ................................................................ .. ...................... 97
Network > Host Resolution ................................. .. ............................. ... ............................. .. ..........................99
Network > Host Resolution Overview ............................. .. ............................. .. ............................. . ..... 99
Configuring Host Resolution ......................... .. .............................. .. ............................. .. ........................99
Network > Network Objects ........................................................................................................................100
Network > Network Objects Overview .............................................................................................. 100
Adding Network Objects .............................. .......................................................... ... ............................101
Editing Network Objects ................................................... ......................... ......................... ..................101
Portals Configuration ...........................................................................................105
Portals > Portals ........................................... ......................... ......................... ................................................. 106
Portals > Portals Overview ........... ......................... ......................... ........................ ............................... 106
Adding Portals ......................... ......................... ......................... ......................... .....................................107
Configuring General Portal Settings ..................... ......................... ........................ ............................... 109
Configuring the Home Page ..................................................................................................................110
Configuring Per-Portal Virtual Assist Settings ................................................................................... 114
Configuring Virtual Host Settings .......................... .......................................................... .. ..................115
Adding a Custom Portal Logo ....................................................... .. ............................. .. ......................116
Portals > Application Offloading .................................................................. .. .............................................118
Application Offloading Overview ........................................................................................................118
Configuring an Offloaded Application with HTTP/HTTPS .............................................. .. .......... 119
Configuring Generic SSL Offloading .. .......................................................... .. ............................. ........122
Portals > Domains ................ ......................... ......................... ......................... ...............................................124
Portals > Domains Overview ...................................... .. ............................. .. ......................................... 124
Viewing the Domains Table ..................................................................................................................125
Removing a Domain ............................................................................................................................... 125
Adding or Editing a Domain .............. .......................................................... .. ....................................... 125
Adding or Editing a Domain with Local User Authentication .............................. .. .. ...................... 127
Adding or Editing a Domain with Active Directory Authenticat ion .................... .......................... 128
Adding or Editing a Domain with LDAP Authentication ................................ .............................. . 130
Adding or Editing a Domain with NT Domain Authentication .. ............................. .. .................... 132
Adding or Editing a Domain with RADIUS Authentication ........ ............................. .. .................... 133
Configuring Two-Factor Authentication ................................. .. .............................. .. ..........................136
Portals > Custom Logo .................................................. ......................... ........................ ...............................146
Portals > Load Balancing ........................ ......................... ......................... ......................... ............................147
Portals > Load Balancing Overview .......................... .. ............................. .. ............................. .. ..........147
Configuring a Load Balancing Group ............................................................... .. ................................. 148
SonicWALL SSL VPN 5.0 Administrator’s Guide
3
Services Configuration ........................................................................................153
Services > Settings ...........................................................................................................................................154
Services > Bookmarks .....................................................................................................................................157
Services > Policies ............................................................................................................................................164
NetExtender Configuration ..................................................................................167
NetExtender > Status ...................... ......................... ......................... ......................... .....................................168
NetExtender > Status Overview ........................................... ......................... ......................... ..............168
Viewing NetExtender Status ....................... ......................... ......................... ......................... ................168
NetExtender > Client Settings ...................................... ......................... ......................... ...............................169
NetExtender > Client Settings Overview ............................................... .. ............................. .. ............169
Configuring the Global NetExtender IP Address Range ..................................................................169
Configuring Global NetExtender Se ttings ................................. ......................... ......................... ........170
NetExtender > Client Routes ...... ......................... ......................... ......................... .......................................171
NetExtender > Client Routes Overview .......................... .. ............................. .. ............................. ......171
Adding NetExtender Client Routes ........................................................................................ .. ............171
NetExtender User and Group Settings .................................................. ............................. ... ......................172
Configuring User-Level NetExten der Settings .. ............................. ... ............................. .. ..................172
Configuring Group-Level NetExtender Settings ................................................................................175
Virtual Assist Configuration ................................................................................177
Virtual Assist > Status .....................................................................................................................................178
Virtual Assist > Status ...................................... ......................... ......................... .....................................178
Virtual Assist > Settings ..................................................................................................................................179
General Settings ........................... ......................... ......................... ......................... .................................179
Request Settings .......................................................................................................................................180
Notification Settings ................................................................................................................................181
Customer Portal Settings ........................... ......................... ......................... ...........................................182
Restriction Settings ..................................................................................................................................183
Virtual Assist > Log .........................................................................................................................................184
Virtual Assist > Licensing ...............................................................................................................................186
Virtual Assist > Licensing Overview ..................... ... ............................. .. ............................. .. ..............186
Enabling Virtual Assist ............................................................................................................................186
High Availability Configuration ...........................................................................189
High Availability Overview ....... ......................... ......................... ......................... ...........................................190
Stateful High Availability Support .........................................................................................................190
Supported Platforms ................................................................................................................................190
Configuring High Availability ........................................................................................................................191
Physical Connectivity ................................ ......................... ......................... .............................................191
Configuring a High Availability Pa ir .... ......................... ......................... ......................... ......................191
Technical FAQ ................................... ......................... ......................... ......................... ...................................193
Web Application Firewall Configuration .............................................................195
Licensing Web Application Firewall .............................................................................................................196
4
SonicWALL SSL VPN 5.0 Administrator’s Guide
Configuring Web Application Firewall ...................... .......................................................... .. ...................... 199
Viewing and Updating Web Application Firewall Status ...... .. .............................. .. .......................... 199
Configuring Web Application Firewall Settings ... .. .. ................................. ............................. .. .......... 200
Configuring Web Application Firewall Signature Act ions ................................. ... ............................ 205
Determining the Host Entry for Exclusions ....................... ............................. .. ............................. ....209
Configuring Web Application Firewall Custom Rules ............................. .. ............................. .. ........212
Using Web Application Firewall Monitoring ............................... .......................................................226
Using Web Application Firewall Logs .................................................... .. ............................. .. ............ 231
Verifying and Troubleshooting Web Application Firewall ....................................................................... 234
Users Configuration .............................................................................................237
Users > Status .................. ......................... ......................... ......................... ..................................................... 238
Access Policies Concepts .......................................................................................................................239
Access Policy Hierarchy ......................................................................................................................... 239
Users > Local Users ............ ......................... ......................... ......................... .................................................240
Users > Local Users Overview .......... .......................................................... .. .......................................240
Removing a User ..................................................................................................................................... 241
Adding a Local User ........................ ......................... ......................... ......................... ............................ 241
Editing User Settings .. ......................... ......................... ......................... ......................... ........................242
Users > Local Groups ................................... ......................... ......................... ............................................... 263
Users > Local Groups Overview ..... .. .. ............................................................ .. ................................... 263
Deleting a Group .....................................................................................................................................264
Adding a New Group .................... ......................... ......................... ........................ ...............................264
Editing Group Settings ......................................... ........................ ......................... .................................264
Group Configuration for LDAP Authentication Dom ains .......................................... .. .................. 276
Group Configuration for Active Directory, NT and RADIUS Domains .................. .................... 280
Creating a Citrix Bookmark for a Local Group .................................................................................. 282
Global Configuration ............................................... ......................... ......................... .....................................284
Edit Global Settings ........................... ......................... ......................... ......................... .......................... 284
Edit Global Policies .... ......................... ......................... ......................... ......................... ........................ 286
Edit Global Bookmarks ............... ......................... ........................ ......................... .................................288
Log Configuration .................................................................................................291
Log > View .......................................................................................................................................................292
Log > View Overview ............................................................................................................................292
Viewing Logs ................................... ......................... ......................... ........................ ............................... 294
Emailing Logs .............. ......................... ......................... ......................... .................................................295
Log > Settings .................................................................................................................................................. 296
Log > Settings Overview ....................................................................................................................... 296
Configuring Log Settings ................ ......................... ......................... ......................... ............................297
Configuring the Mail Server .................. ......................... ......................... ......................... ...................... 298
Log > Categories ............................................................................................................................................. 299
Log > ViewPoint .............................................................................................................................................300
Log > ViewPoint Overview ..................................................................................................................300
Adding a ViewPoint Server .............................................. ......................... ......................... ....................300
Virtual Office Configuration .................................................................................301
Virtual Office .............................................. ......................... ......................... ................................................... 301
Virtual Office Overview ......... ......................... ......................... ......................... .....................................302
Using the Virtual Office ........................................... ......................... ......................... ............................302
SonicWALL SSL VPN 5.0 Administrator’s Guide
5
Online Help ............................................................................................................305
Online Help .......................................................................................................................................................306
Using Context Sensitive Help ........................................................... ... ............................. .. ..................306
Configuring SonicWALL SSL VPN with a Third-Party Gateway .......................307
Cisco PIX Configuration for SonicWALL SSL-VPN Appliance Depl oyment ........... ...........................308
Before you Begin . ......................... ......................... ......................... ......................... .................................308
Method One – SonicWALL SSL-VPN Appliance on LAN Interface ................. .. .........................308
Method Two – SonicWALL SSL-VPN Appliance on DMZ Interface ................. ... .. ....................311
Linksys WRT54GS ..........................................................................................................................................315
WatchGuard Firebox X Edge ........ ......................... ......................... ......................... .....................................316
NetGear FVS318 ......................................... ......................... ........................ ....................................................318
Netgear Wireless Router MR814 SSL configuration ..................................................................................320
Check Point AIR 55 .........................................................................................................................................321
Setting up a SonicWALL SSL-VPN with Check Point AIR 55 ............................................... .. ......321
Static Route .. ......................... ......................... ......................... ......................... .........................................322
ARP ................... .................................... ................................. ....................................................................322
Microsoft ISA Server .......................................................................................................................................324
Deploying a SonicWALL SSL-VPN Behind a Microsoft ISA Server ......................... ....................324
Configuring ISA ................. ......................... ......................... ......................... ...........................................324
Use Cases ..............................................................................................................327
Importing CA Certificates on Windows ................ .. ............................. .. ............................. ... ......................327
Importing a goDaddy Certificate on Windows .................................................. .. ............................. ..327
Importing a Server Certificate on Windows .......................... .......................................................... ....330
Creating Unique Access Policies for AD Grou ps ........... ............................. .. ............................. .. ..............331
Creating the Active Directory Do main ....... ......................... ......................... ......................... ..............332
Adding a Global Deny All Policy ....................... ............................. .. .............................. .. ....................333
Creating Local Groups ............................................................................................................................334
Adding the SSHv2 PERMIT Policy ......................................................................................................336
Adding the OWA PERMIT Policies ....................................................................................................337
Verifying the Access Policy Configuration ..........................................................................................339
NetExtender Troubleshooting .............................................................................345
FAQs ......................................................................................................................349
Hardware FAQ ...... ......................... ......................... ......................... ......................... .......................................352
Digital Certificates and Certificate Authorities FAQ ..................................................................................357
NetExtender FAQ ............................. ......................... ......................... ......................... ...................................363
General FAQ ................................ ......................... ......................... ......................... .........................................366
Glossary ................................................................................................................373
SMS Email Formats ..............................................................................................375
6
SonicWALL SSL VPN 5.0 Administrator’s Guide
30

Chapter 1: SSL VPN Overview

This chapter provides an overview of the SonicWALL SSL VPN technology, concepts, basic navigational elements and standard deployment guidelines. This chapter includes the following sections:
“Overview of SonicWALL SSL VPN” section on page 8
“Concepts for SonicWALL SSL VPN” section on page 11
“Navigating the SSL VPN Management Interface” section on page 49
“Deployment Guidelines” section on page 56
SonicWALL SSL VPN 5.0 Administrator’s Guide
7

Overview of SonicWALL SSL VPN

Overview of SonicWALL SSL VPN
The SonicWALL SSL-VPN appliance provides organizations with a simple, secure and clientless method of access to applications and network resources specifically for remote and mobile employees. Organizations can use SonicWALL SSL VPN connections without the need to have a pre-configured, large-installation host. Users can easily and securely access email files, intranet sites, applications, and other resources on the corporate Local Area Network (LAN) from any location by accessing a standard Web browser.
Organizations use Virtual Private Networks (VPNs) to establish secure, end-to-end private network connections over a public networking infrastructure, allowing them to reduce their communications expenses and to provide private, secure connections between a user and a site in the organization. By offering Secure Socket Layer (SSL) VPN, without the expense of special feature licensing, the SonicWALL SSL-VPN appliance provides customers with cost­effective alternatives to deploying parallel remote-access infrastructures. This section contains the following subsections:
“SSL for Virtual Private Networking (VPN)” section on page 8
“SSL VPN Software Components” section on page 9
“SSL-VPN Hardware Components” section on page 9

SSL for Virtual Private Networking (VPN)

A Secure Socket Layer-based Virtual Private Network (SSL VPN) allows applications and private network resources to be accessed remotely through a secure connection. Using SSL VPN, mobile workers, business partners, and customers can access files or applications on a company’s intranet or within a private local area network.
Although SSL VPN protocols are described as clientless, the typical SSL VPN portal combines Web, Java, and ActiveX components that are downloaded from the SSL VPN portal transparently , allowing users to connect to a remote network without needing to manually inst all and configure a VPN client application. In addition, SSL VPN enables users to connect from a variety of devices, including Windows, Macintosh, and Linux PCs. ActiveX components are only supported on Windows platforms.
For administrators, the SonicWALL SSL VPN Web-based management interface provides an end-to-end SSL VPN solution. This interface can configure SSL VPN users, access policies, authentication methods, user bookmarks for network resources, and system settings.
For clients, Web-based SonicWALL SSL VPN customizable user portals enable users to access, update, upload, and download files and use remote applications installed on desktop machines or hosted on an application server. The platform also supports secure Web-based FTP access, network neighborhood-like interface for file sharing, Secure Shell versions 1 and 2 (SSHv1) and (SSHv2), Telnet emulation, VNC (Virt u a l Ne t wo r k Co m pu t i ng ) and RDP (Remote Desktop Protocol) support, Citrix Web access, bookmarks for offloaded portals (external Web sites), and Web and HTTPS proxy forwarding.
The SonicWALL SSL VPN network extension client, NetExtender , is available through the SSL VPN Web portal via an ActiveX control on Windows or using Java on MacOS or Linux systems. It is also available through stand-alone applications for Windows, Linux, and MacOS platforms. The NetExtender standalone applications are automatically installed on a client system the first time the user clicks the NetExtender link in the Virtual Office portal. SonicWALL SSL VPN NetExtender enables end users to connect to the remote network without needing to install and configure complex software, providing a secure means to access any type of data on the remote network. When used with a SonicWALL SSL-VPN 2000 or higher model, NetExtender supports IPv6 client connections from Windows systems running V ista or newer , and from Linux clients.
8
SonicWALL SSL VPN 5.0 Administrator’s Guide
Note The SSHv2 applet requires SUN JRE 1.6.0_10 or higher and can only connect to a server
that supports SSHv2. The RDP Java applet requires SUN JRE 1.6.0_10 or higher. Telnet, SSHv1 and VNC applets support MS JVM in Internet Explorer, and run on other browsers with SUN JRE 1.6.0_10 or higher.

SSL VPN Software Components

SonicWALL SSL VPN provides clientless identity-based secure remote access to the protected internal network. Using the Virtual Office environment, SonicW ALL SSL VPN can provide users with secure remote access to your entire private network, or to individual components such as File Shares, Web servers, FTP servers, remote desktops, or even individual applications hosted on Microsoft Terminal Servers.

SSL-VPN Hardware Components

See the following sections for descriptions of the hardware components on SonicWALL SSL-VPN appliances:
“SRA 4200 Front and Back Panels Overview” on page 9
Overview of SonicWALL SSL VPN
SRA 4200 Front and Back Panels Overview
Figure 1 SonicWALL SRA 4200 Front and Back Panels
SonicWALL SSL VPN 5.0 Administrator’s Guide
9
Overview of SonicWALL SSL VPN
Front Panel Feature Description
Console Port RJ-45 port, provides access to console messages with serial
USB Ports Provides access to USB interface (for future use). Reset Button Provides access to SafeMode. Power LED Indicates the SonicWALL SRA 4200 is powered on. Test LED Indicates the SonicWALL SRA 4200 is in test mode. Alarm LED Indicates a critical error or failure. X3 Provides access to the X3 interface and to SSL VPN
X2 Provides access to the X2 interface and to SSL VPN
X1 Provides access to the X1 interface and to SSL VPN
X0 Default management port. Provides connectivity between the
Table 1 SonicWALL SRA 4200 Front Panel Features
connection (1 15200 Baud). Provides access to command line interface (for future use).
resources.
resources.
resources.
SonicWALL SRA 4200 and your gateway.
Table 2 SonicWALL SRA 4200 Back Panel Features
Back Panel Feature Description
Exhaust fans Provides optimal cooling for the SonicWALL SRA 4200
appliance. Power plug Provides power connection using supplied power cord. Power switch Powers the SonicWALL SRA 4200 on and off.
10
SonicWALL SSL VPN 5.0 Administrator’s Guide

Concepts for SonicWALL SSL VPN

This section provides an overview of the following key concepts, with which the administrator should be familiar when using the SonicWALL SSL-VPN appliance and Web-based management interface:
“Encryption Overview” section on page 11
“SSL Handshake Procedure” section on page 11
“IPv6 Support Overview” section on page 12
“Browser Requirements for the SSL VPN Administrator” section on page 14
“Browser Requirements for the SSL VPN End User” section on page 15
“Portals Overview” section on page 15
“Domains Overview” section on page 16
“NetExtender Overview” section on page 16
“Network Resources Overview” section on page 20
“SNMP Overview” section on page 26
“DNS Overview” section on page 26
“Network Routes Overview” section on page 26
“Two-Factor Authentication Overview” section on page 26
“One Time Password Overview” section on page 28
“Virtual Assist Overview” section on page 30
“Web Application Firewall Overview” section on page 42
Concepts for SonicWALL SSL VPN

Encryption Overview

Encryption enables users to encode data, making it secure from unauthorized viewers. Encryption provides a private and secure method of communication over the Internet.
A special type of encryption known as Public Key Encryption (PKE) comprises a public and a private key for encrypting and decrypting data. With public key encryption, an entity, such as a secure Web site, generates a public and a private key . A secure W eb server sends a public key to a user who accesses the Web site. The public key allows the user’s Web browser to decrypt data that had been encrypted with the private key. The user ’s Web browser can also transparently encrypt data using the public key and this data can only be decrypted by the secure Web server’s private key.
Public key encryption allows the user to confirm the identity of the Web site through an SSL certificate. After a user contacts the SSL-VPN appliance, the appliance sends the user it s own encryption information, including an SSL certificate with a public encryption key.

SSL Handshake Procedure

The following procedure is an example of the standard steps required to establish an SSL session between a user and an SSL VPN gateway using the SonicWALL SSL VPN Web-based management interface:
Step 1 When a user attempts to connect to the SonicWALL SSL-VPN appliance, the user’s Web
browser sends information about the types of encryption supported by the browser to the appliance.
SonicWALL SSL VPN 5.0 Administrator’s Guide
11
Concepts for SonicWALL SSL VPN
Step 2 The appliance sends the user its own encryption information, including an SSL certificate with
a public encryption key.
Step 3 The Web browser validates the SSL certificate with the Certificate Authority identified by the
SSL certificate.
Step 4 The Web browser generates a pre-master encryption key, encrypts the pre-master key using
the public key included with the SSL certificate and sends the encrypted pre-master key to the SSL VPN gateway.
Step 5 The SSL VPN gateway uses the pre-master key to create a master key and sends the new
master key to the user’s Web browser.
Step 6 The browser and the SSL VPN gateway use the master key and the agreed upon encryption
algorithm to establish an SSL connection. From this point on, the user and the SSL VPN gateway will encrypt and decrypt data using the same encryption key . This is called symmetric encryption.
Step 7 Once the SSL connection is established, the SSL VPN gateway will encrypt and send the Web
browser the SSL VPN gateway login page.
Step 8 The user submits his user name, password, and domain name. Step 9 If the user’s domain name requires authentication through a RADIUS, LDAP, NT Domain, or
Active Directory Server, the SSL VPN gateway forwards the user’s information to the appropriate server for authentication.
Step 10 Once authenticated, the user can access the SSL VPN portal.

IPv6 Support Overview

Internet Protocol version 6 (IPv6) is a replacement for IPv4 that is becoming more frequently used on networked devices. IPv6 is a suite of protocols and standards developed by the Internet Engineering Task Force (IETF) that provides a larger address space than IPv4, additional functionality and security, and resolves IPv4 design issues. You can use IPv6 without affecting IPv4 communications.
Supported on SonicWALL SSL-VPN models 2000 and higher, IPv6 supports stateful address configuration, which is used with a DHCPv6 server, and st ateless address configuration, where hosts on a link automatically configure themselves with IPv6 addresses for the link, called link- local addresses.
In IPv6, source and destination addresses are 128 bits (16 bytes) in length. For reference, the 32-bit IPv4 address is represented in dotted-decimal format, divided by periods along 8-bit boundaries. The 128-bit IPv6 address is divided by colons along 16-bit boundaries, where each 16-bit block is represented as a 4-digit hexadecimal number . This is called colon-hexadecimal.
The IPv6 address, 2008:0AB1:0000:1E2A:0123:0045:EE37:C9B4 can be simplified by removing the leading zeros within each 16-bit block, as long as each block has at least one digit. When suppressing leading zeros, the address representation becomes: 2008:AB1:0:1E2A:123:45:EE37:C9B4
12
When addresses contain contiguous sequences of 16-bit blocks set to zeros, the sequence can be compressed to ::, a double-colon. For example, the link-local address of 2008:0:0:0:B67:89:ABCD:1234 can be compressed to 2008::B67:89:ABCD:1234. The multicast address 2008:0:0:0:0:0:0:2 can be compressed to 2008::2.
SonicWALL SSL VPN 5.0 Administrator’s Guide
The IPv6 prefix is the part of the address that indicates the bits of the subnet prefix. Prefixes for IPv6 subnets, routes, and address ranges are written as address/prefix-length, or CIDR notation. For example, 2008:AA::/48 and 2007:BB:0:89AB::/64 are IPv6 address prefixes.
SonicOS SSL VPN supports IPv6 in the following areas:
Services
FTP Bookmark – Define a FTP bookmark using an IPv6 address.
Telnet Bookmark – Define a Telnet bookmark using an IPv6 address.
SSHv1 / SSHv2 Bookmark – Define an SSHv1 or SSHv2 bookmark using an IPv6 address.
Reverse proxy for HTTP/HTTPS Bookmark – Define an HTTP or HTTPS bookmark using
an IPv6 address.
Citrix Bookmark – Define a Citrix bookmark using an IPv6 address.
RDP Bookmark - Define an RDP bookmark using an IPv6 address.
VNC Bookmark - Define a VNC bookmark using an IPv6 address.
Note IPv6 is not supported for File Shares.
Settings
Interface Settings – Define an IPv6 address for the interface. The link-local address is
displayed in a tooltip on Interfaces page.
Route Settings – Define a static route with IPv6 destination network and gateway.
Network Object – Define the network object using IPv6. An IPv6 address and IPv6 network
can be attached to this network object.
Concepts for SonicWALL SSL VPN
NetExtender
When a client connects to NetExtender , it can get an IPv6 address from the SSL-VPN appliance if the client machine supports IPv6 and an IPv6 address pool is configured on the SSL-VPN. NetExtender supports IPv6 client connections from Windows systems running Vista or newer, and from Linux clients.
SonicWALL SSL VPN 5.0 Administrator’s Guide
13
Concepts for SonicWALL SSL VPN
SSL VPN
Management
Interface
Minimum Browser/Version
Requirements
44444
22
2
2
222
6
78
Browser
Windows XP
Windows Vista
Windows 7 Linux
MacOS X
Virtual Assist
Users and Technicians can request and provide support when using IPv6 addresses.
Rules
Policy rule – User or Group Policies. Three IPv6 options in the Apply Policy To drop-down
list:
IPv6 Address
IPv6 Address Range
All IPv6 Address
Login rule – Use IPv6 for address fields:
Define Login From Defined Addresses using IPv6
Two IPv6 options in the Source Address drop-down list: IPv6 Address / IPv6 Network
Virtual Hosts
An administrator can assign an IPv6 address to a virtual host, and can use this address to access the virtual host.
Application Offloading
An administrator can assign an IPv6 address to an application server used for application offloading, and can use this address to access the server.

Browser Requirements for the SSL VPN Administrator

The following Web browsers are supported for the SonicWALL SSL VPN Web-based management interface and the user portal, Virtual Office. Java is only required for various aspects of the SSL VPN Virtual Office, not the management interface.
Internet Explorer 6.0+, 7.0+, 8.0+
Firefox 2.0+
Safari 2.0+
Chrome 4.0+
The following table provides specific browser requirements.
14
To configure SonicWALL SSL-VPN appliance using the Web-based management interface, an administrator must use a Web browser with Java, JavaScript, ActiveX, cookies, popups, and SSLv3 or TLS 1.0 enabled.
SonicWALL SSL VPN 5.0 Administrator’s Guide
Concepts for SonicWALL SSL VPN
SSL VPN
Management
Interface
Minimum Browser/Version
Requirements
4444
2
2
222
6
78
Browser
Windows XP
Windows Vista
Windows 7 Linux

Browser Requirements for the SSL VPN End User

The following is a list of Web browser and operating system support for various SSL VPN protocols including NetExtender and various Application Proxy elements. Requirements are shown for Windows, Windows Vista, Windows 7, Linux, and MacOS.

Portals Overview

File Shares
Custom Portals
The SonicWALL SSL-VPN appliance provides a mechanism called Virtual Office, which is a Web-based portal interface that provides clients with easy access to internal resources in your organization. Components such as NetExtender, Virtual Assist, and bookmarks to file shares and other network resources are presented to users through the Virtual Office portal. For organizations with multiple user types, the SSL-VPN allows for multiple customized portals, each with its own set of shared resource bookmarks. Portals also allow for individual domain and security certificates on a per-portal basis. The components in a port al are customized when adding a portal.
File shares provide remote users with a secure Web interface to Microsoft File Shares using the CIFS (Common Internet File System) or SMB (Server Message Block) protocols. Using a Web interface similar in style to Microsoft’ s familiar Network Neighborhood or My Network Places, File Shares allow users with appropriate permissions to browse network shares, rename, delete, retrieve, and upload files, and to create bookmarks for later recall. File shares can be configured to allow restricted server path access.
SonicWALL SSL VPN enables you to configure multiple portals, each with its own title, banner, login message, logo and set of available resources. Each portal also enables you to set individual Virtual Hosts/Domain Names (on SonicWALL SSL-VPN models 2000 and higher) to create a unique default portal URL. When a user logs into a port al, he or she sees a set of pre-configured links and bookmarks that are specific to that portal. You can
SonicWALL SSL VPN 5.0 Administrator’s Guide
15
Concepts for SonicWALL SSL VPN
configure whether or not NetExtender is displayed on a Virtual Office portal, and if you want NetExtender to automatically launch when users log in to the portal. The administrator configures which elements each portal displays through the Portal Set tings dialog box. For information on configuring portals, refer to the “Portals > Portals” section on page 106.

Domains Overview

A domain in the SonicWALL SSL VPN environment is a mechanism that enables authentication of users attempting to access the network being serviced by the SSL-VPN appliance. Domain types include the SSL VPN's internal LocalDomain, and the external platforms Microsoft Active Directory, NT Authentication, LDAP, and RADIUS. Often, only one domain will suffice to provide authentication to your organization, although a larger organization may require distributed domains to handle multiple nodes or collections of users attempting to access applications through the portal. For information about configuring domains, refer to the “Port als > Domains”
section on page 124.

NetExtender Overview

This section provides an overview to the NetExtender feature. This section contains the following subsections:
“What is NetExtender?” section on page 16
“Benefits” section on page 16
“NetExtender Concepts” section on page 17
For information on using NetExtender, refer to the “NetExtender > Status” section on page 168 or refer to the SonicWALL SSL VPN User’s Guide.
What is NetExtender?
SonicWALL NetExtender is a transparent software application for Windows, Mac, and Linux users that enables remote users to securely connect to the remote network. With NetExtender , remote users can securely run any application on the remote network. Users can upload and download files, mount network drives, and access resources as if they were on the local network. The NetExtender connection uses a Point-to-Point Protocol (PPP) connection.
Benefits
NetExtender provides remote users with full access to your protected internal network. The experience is virtually identical to that of using a traditional IPSec VPN client, but NetExtender does not require any manual client installation. Instead, the NetExtender Windows client is automatically installed on a remote user’s PC by an ActiveX control when using the Internet Explorer browser, or with the XPCOM plugin w hen using Firefox. On Linux or MacOS systems, supported browsers use Java controls to automatically install NetExtender from the Virtual Office portal.
The NetExtender Windows client also has a custom-dialer that allows it to be launched from the Windows Network Connections menu. This custom-dialer allows NetExtender to be connected before the Windows domain login. The NetExtender Windows client also supports a single active connection, and displays real-time throughput and data compression ratios in the client.
16
SonicWALL SSL VPN 5.0 Administrator’s Guide
After installation, NetExtender automatically launches and connects a virtual adapter for SSL­secure NetExtender point-to-point access to permitted hosts and subnets on the internal network.
NetExtender Concepts
The following sections describe advanced NetExtender concepts:
“Stand-Alone Client” section on page 17
“Multiple Ranges and Routes” section on page 17
“NetExtender with External Authentication Methods” section on page 18
“Point to Point Server IP Address” section on page 18
“Connection Scripts” section on page 18
“Tunnel All Mode” section on page 19
“Proxy Configuration” section on page 19
Stand-Alone Client
SonicWALL SSL VPN provides a stand-alone NetExtender application. NetExtender is a browser-installed lightweight application that provides comprehensive remote access without requiring users to manually download and install the application. The first time a user launches NetExtender, the NetExtender stand-alone client is automatically installed on the user’s PC or Mac. The installer creates a profile based on the user’s login information. The installer window then closes and automatically launches NetExtender. If the user has a legacy version of NetExtender installed, the installer will first uninstall the old NetExtender and install the new version.
Concepts for SonicWALL SSL VPN
Once the NetExtender stand-alone client has been installed, Windows users can launch NetExtender from their PC’s Start > Programs menu and configure NetExtender to launch when Windows boots. Mac users can launch NetExtender from their system Applications folder , or drag the icon to the dock for quick access. On Linux systems, the installer creates a desktop shortcut in /usr/share/NetExtender. This can be dragg ed to the shortcut bar in environments like Gnome and KDE.
Multiple Ranges and Routes
Multiple range and route support for NetExtender on SonicWALL SSL-VPN models 2000 and higher enables network administrators to easily segment groups and users without the need to configure firewall rules to govern access. This user segmentation allows for granular control of access to the network—allowing users access to necessary resources while restricting access to sensitive resources to only those who require it.
For networks that do not require segmentation, client addresses and routes can be configured globally as in the SSL VPN 1.0 version of NetExtender. The follo wing sections describe the new multiple range and route enhancements:
“IP Address User Segmentation” on page 18
“Client Routes” on page 18
SonicWALL SSL VPN 5.0 Administrator’s Guide
17
Loading...
+ 364 hidden pages