SonicWALL SSL VPN 2.5 User Manual
Secure Remote Access
SonicWALL SSL VPN 2.5 for SSL-VPN 200
Contents
Platform Compatibility
New Features
Known Issues
Resolved Issues
Upgrading SonicWALL SSL VPN Software Procedures
Related Technical Documentation
Platform Compatibility
The SonicWALL SSL VPN 2.5 release is supported on the following platforms:
• SonicWALL SSL VPN 200
New Features
The following new features are supported on the SonicWALL SSL VPN 2.5 release:
• NetExtender for Mac & Linux: SSL VPN 2.5 has a NetExtender client that is compatible with MacOS and
Linux systems. It uses a similar graphical layout and has many of the same basic features as the
NetExtender client for Windows for ease of use.
Mac Requirements:
o Mac OS X 10.4+
o Apple Java 1.4+ (can be installed/upgraded by going to Apple Menu > Software Update; should be
pre-installed on OS X 10.4+)
Linux Requirements:
o i386-compatible distribution of Linux
o Fedora Core and Ubuntu.
o Sun Java 1.4+
• NetExtender Windows Client Enhancements: The NetExtender client for Windows from SSL VPN 2.5
comes with added features and improved functionality including a new log system and log viewer that
supports flexible log formats, such as binary log files. The standalone log viewer can filter logs by time and
log levels.
Another new feature is the stand-alone client upgrade feature. The NetExtender client will automatically
check for a newer version of the client at the SSL-VPN appliance and automatically upgrade. Older
versions do not check for a newer version and must be upgraded manually to remain compatible with future
features.
• Portal Enhancements: SSL VPN 2.5 features numerous enhancements to the Portal configuration
capabilities including new management rules that can be set for HTTP, HTTPS, and Ping.
• Per Bookmark Single Sign-On Credentials: SSL VPN 2.5 supports custom Single Sign-On credentials
for individual RDP and FTP bookmarks.
• Reverse-Proxy Enhancements:
o URL/Port based policies
o Variable response size
• RDP Enhancements: SSL VPN 2.5 supports the ‘Login as Console’ option, the ability to control the number
of colors used in RDP sessions, the ‘Execute in Folder’ option, Plugin DLLs, and the Wake-on-LAN option.
The Wake-on-LAN option can invoke multiple machines if their MAC addresses are separated by spaces.
SonicWALL SSL VPN 2.5 for 200
P/N 232-001390-00 – Rev A
• Plugin DLLs: The plugin DLLs feature allows for the use of certain third party programs such as print
drivers, on a remote machine. This feature requires RDP Client Control version 5 or higher.
Client DLLs which need to be accessed by remote desktop or terminal service need to put in the Plugin
DLLs field separated by commas. Make sure those DLLs are located in %SYSTEMROOT%\system32\ (i.e.
C:\WINDOWS\system32\). If they are not in this directory, the user needs to manually copy those files to
that location.
Troubleshooting Plugin DLLs:
If your system cannot get Plugin DLLs to work, please install our bundle version of MSRDP following these steps:
1. Go to
http://sslvpn_server/msrdp.cab
2. Download msrdp.cab and save it in your local system (such as C:\tmp )
3. Extract the contents of the msrdp.cab file
4. Navigate the command line to the location in where you extracted the msrdp file, run this command to
register it: “regsvr32 msrdp.ocx”
5. Restart your browser, it should now be able to access RDP-ActiveX bookmarks
If the above steps have been tried, and plugin DLLs still do not work, then try to un-register and re-register the RDP
file by following these steps:
1. Run the command line at the msrdp location, un-register it by running “regsvr32 /u msrdp.ocx”
2. Restart your browser, and retry the RDP-ActiveX bookmark.
3. Register it again by running “regsvr32 msrdp.ocx” and repeat step 2.
Window XP (service pack 2) has a compatibility issue with remote desktop web connection. Please refer to the
following link for more information:
http://dev.remotenetworktechnology.com/ts/fixmsrdp.htm.
You can download the latest msrdp version from Microsoft from the following location:
http://www.microsoft.com/downloads/d...DisplayLang=en.
1. Download the tswebsetup.exe file from above link and install in your system,
2. Navigate to C:\Inetpub\wwwroot\TSWeb (the install location)
2. Run the command “regsvr /u msrdp.ocx” (to un-register the original)
3. Run the command “regsvr msrdp.ocx” (to register the new one).
4. Restart your browser and try the plugin DLL
SonicWALL SSL VPN 2.5 for 200
P/N 232-001390-00 – Rev A
2
Known Issues
This section contains a list of known issues in the SonicWALL SSL VPN 2.5 release.
• 64005: Symptom: Importing appliance certificates can fail, instead redirecting the user to a blank page
titled: NetExtender for Windows. Condition: Occurs when attempting to import certificate from the portal on
Vista Ultimate when using IE7 browser.
Workaround: To import certificates on Vista Ultimate, follow these steps:
1. Right-click on Internet Explorer and select 'Run as Administrator.'
2. Navigate to your site, on the warning page select to continue to the site
3. Click on the Certificate Error in the address bar, and then view the certificate.
4. Click the option to install the cert.
5. When you're running the import cert wizard, choose the option to "place all certificates in the
following store".
6. Click Browse, then click to select 'Show physical locations'
7. Scroll up in the list, expand Trusted Root Certification Authorities and select Local Computer.
8. Click OK, then finish the import certificate wizard.
9. Close IE and restart it as normal user.
• 64026: Symptom: Importing appliance certificates can fail, instead redirecting the user to a blank p age.
Condition: Occurs when attempting to import certificate from the portal onto non-Windows clients and web
browsers that do not support VBScript browsers.
• 63827: Symptom: The appliance is unable to install an older firmware version. Attempting to do so results
in the appliance becoming unresponsive. Condition: Occurs when downgrading from 2.5 to 2.1.
Workaround: Make sure to boot the appliance with Factory Defaults when downgrading.
• 63965: Symptom: Passwords cannot be changed. Condition: Occurs when credentials are updated and
Active Directory is configured as an LDAP server. The new password will not be accepted at login, but the
original one will still work.
• 64010: Symptom: The client is able to access only one RDP session at a time. Connecting to more than
one terminal using multiple RDP-Java bookmarks is not possible. Condition: Occurs when the Java client
attempts to login to multiple RDP resources.
• 64077: Symptom: The user is not informed that the portal inactivity timeout period has expired and the user
has in fact been logged out. The browser will continue to display the portal until the user clicks on
something, at which point the user will be redirected to a login screen. Condition: Occurs when the timeout
period has expired.
• 64012: Symptom: NetExtender does not show a warning wh en using incorrect credentials. Instead, it just
keeps prompting for proxy authentication. Condition: Occurs when logging into a proxy server using
incorrect credentials.
• 64011: Symptom: NetExtender connects through the local connection if the proxy connection fails.
Condition: Occurs when NetExtender is set to use an automatic configuration script for the proxy
connection, and the script is incorrect (absent or badly formatted).
• 63967: Symptom: Some web URL with embedded Chinese characters may not be reachable through
bookmarks. Clicking the bookmark instead leads to the message “page cannot be found”. Condition:
Occurs when trying to reach Chinese URLs using the Firefox browser.
• 63959: Symptom: A user can still login even if he does not match the LDAP attribute requirements.
Condition: Occurs when the user was once a correct user and has previously logged in. The user will
remain able to login even if the requirements are updated in such a way that the user should no longer be
able to.
SonicWALL SSL VPN 2.5 for 200
P/N 232-001390-00 – Rev A
3
Loading...