Table of Contents Previous Next Index


SSL_VPN

SSL VPN

 
Launching the standalone NetExtender client.
 
Configuring Users for SSL VPN Access
 
“SSL VPN > Status” on page 492
 
SSL VPN > Portal Settings
 
SSL VPN > Client Settings
 
SSL VPN > Client Routes
 
SSL VPN > Virtual Office
 
Accessing the SonicWALL SSL VPN Portal
 
Using NetExtender

SSL VPN NetExtender Overview

This section provides an introduction to the SonicOS Enhanced SSL VPN NetExtender feature. This section contains the following subsections:

 
What is SSL VPN NetExtender?
 
Benefits
 
NetExtender Concepts

What is SSL VPN NetExtender?

SonicWALL’s SSL VPN NetExtender feature is a transparent software application for Windows, Mac, and Linux users that enables remote users to securely connect to the remote network. With NetExtender, remote users can securely run any application on the remote network. Users can upload and download files, mount network drives, and access resources as if they were on the local network. The NetExtender connection uses a Point-to-Point Protocol (PPP) connection.

Benefits

NetExtender provides remote users with full access to your protected internal network. The experience is virtually identical to that of using a traditional IPSec VPN client, but NetExtender does not require any manual client installation. Instead, the NetExtender Windows client is automatically installed on a remote user’s PC by an ActiveX control when using the Internet Explorer browser, or with the XPCOM plugin when using Firefox. On MacOS systems, supported browsers use Java controls to automatically install NetExtender from the Virtual Office portal. Linux systems can also install and use the NetExtender client.

After installation, NetExtender automatically launches and connects a virtual adapter for secure SSL-VPN point-to-point access to permitted hosts and subnets on the internal network.

NetExtender Concepts

The following sections describe advanced NetExtender concepts:

 
“Stand-Alone Client” section
 
“Client Routes” section
 
“Tunnel All Mode” section
 
“Connection Scripts” section
 
“Proxy Configuration” section

Stand-Alone Client

NetExtender is a browser-installed lightweight application that provides comprehensive remote access without requiring users to manually download and install the application. The first time a user launches NetExtender, the NetExtender stand-alone client is automatically installed on the user’s PC or Mac. The installer creates a profile based on the user’s login information. The installer window then closes and automatically launches NetExtender. If the user has a legacy version of NetExtender installed, the installer will first uninstall the old NetExtender and install the new version.

Once the NetExtender stand-alone client has been installed, Windows users can launch NetExtender from their PC’s Start > Programs menu and configure NetExtender to launch when Windows boots. Mac users can launch NetExtender from their system Applications folder, or drag the icon to the dock for quick access. On Linux systems, the installer creates a desktop shortcut in /usr/share/NetExtender. This can be dragged to the shortcut bar in environments like Gnome and KDE.

Client Routes

NetExtender client routes are used to allow and deny access for SSL VPN users to various network resources. Address objects are used to easily and dynamically configure access to network resources.

Tunnel All Mode

Tunnel All mode routes all traffic to and from the remote user over the SSL VPN NetExtender tunnel—including traffic destined for the remote user’s local network. This is accomplished by adding the following routes to the remote client’s route table:

 

0.0.0.0

0.0.0.0

0.0.0.0

128.0.0.0

128.0.0.0

128.0.0.0

NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any existing routes to force traffic destined for the local network over the SSL VPN tunnel instead. For example, if a remote user is has the IP address 10.0.67.64 on the 10.0.*.* network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the SSL VPN tunnel.

Tunnel All mode is configured on the SSL VPN > Client Routes page.

Connection Scripts

SonicWALL SSL VPN provides users with the ability to run batch file scripts when NetExtender connects and disconnects. The scripts can be used to map or disconnect network drives and printers, launch applications, or open files or Web sites. NetExtender Connection Scripts can support any valid batch file commands.

Proxy Configuration

SonicWALL SSL VPN supports NetExtender sessions using proxy configurations. Currently, only HTTPS proxy is supported. When launching NetExtender from the Web portal, if your browser is already configured for proxy access, NetExtender automatically inherits the proxy settings. The proxy settings can also be manually configured in the NetExtender client preferences. NetExtender can automatically detect proxy settings for proxy servers that support the Web Proxy Auto Discovery (WPAD) Protocol.

NetExtender provides three options for configuring proxy settings:

 
Automatically detect settings - To use this setting, the proxy server must support Web Proxy Auto Discovery Protocol (WPAD)), which can push the proxy settings script to the client automatically.
 
Use automatic configuration script - If you know the location of the proxy settings script, you can select this option and provide the URL of the script.
 
Use proxy server - You can use this option to specify the IP address and port of the proxy server. Optionally, you can enter an IP address or domain in the BypassProxy field to allow direct connections to those addresses and bypass the proxy server. If required, you can enter a user name and password for the proxy server. If the proxy server requires a username and password, but you do not specify them, a NetExtender pop-up window will prompt you to enter them when you first connect.

When NetExtender connects using proxy settings, it establishes an HTTPS connection to the proxy server instead of connecting to the SonicWALL security appliance. server directly. The proxy server then forwards traffic to the SSL VPN server. All traffic is encrypted by SSL with the certificate negotiated by NetExtender, of which the proxy server has no knowledge. The connecting process is identical for proxy and non-proxy users.

Configuring Users for SSL VPN Access

In order for users to be able to access SSL VPN services, they must be assigned to the SSLVPN Services group. Users who attempt to login through the Virtual Office who do not belong to the SSLVPN Services group will be denied access. The following sections describe how to configure user accounts for SSL VPN access:

 
“Configuring SSL VPN Access for Local Users” section
 
“Configuring SSL VPN Access for RADIUS Users” section
 
“Configuring SSL VPN Access for LDAP Users” section

Configuring SSL VPN Access for Local Users

To configure users in the local user database for SSL VPN access, you must add the users to the SSLVPN Services user group. To do so, perform the following steps:

Step 1
Navigate to the Users > Local Users page.
Step 2
Click on the configure icon for the user you want to edit, or click the Add User button to create a new user. The Edit User window is launched.
Step 3
Click on the Groups tab.
Step 4
In the User Groups column, click on SSLVPN Services and click the right arrow to move it to the Member Of column.
Step 5
Click OK.

Configuring SSL VPN Access for RADIUS Users

To configure RADIUS users for SSL VPN access, you must add the users to the SSLVPN Services user group. To do so, perform the following steps:

Step 1
Navigate to the Users > Settings page.
Step 2
Click the Configure button for Authentication Method for login. The RADIUS Configuration window displays.
Step 3
Click on the RADIUS Users tab.
Step 4
In the Default user group to which all RADIUS users belong pulldown menu, select SSLVPN Services.
Step 5
Click OK.

Configuring SSL VPN Access for LDAP Users

To configure LDAP users for SSL VPN access, you must add the LDAP user groups to the SSLVPN Services user group. To do so, perform the following steps:

Step 1
Complete the LDAP configuration.
Step 2
Navigate to the Users > Local Groups page and click the Import from LDAP button to import the LDAP user groups. The LDAP Import User Groups window displays.
Step 3
Select the appropriate LDAP user groups and click Save.
Step 4
Click the Configure button for the SSLVPN Services group. The Edit Group window displays.
Step 5
Click on the Members tab.
Step 6
In the User Groups column, click on the LDAP groups and click the right arrow to move them to the Member Of column.
Step 7
Click OK.

Another option for configure LDAP users for SSL VPN access is to set the SSLVPN Services user group as the default LDAP User Group. To do so, perform the following steps:

Step 1
Navigate to the Users > Settings page.
Step 2
Set the Authentication method for login to either LDAP or LDAP + Local Users.
Step 3
Click the Configure button to launch the LDAP Configuration window.
Step 4
Click on the LDAP Users tab.
Step 5
In the Default LDAP User Group pulldown menu, select SSLVPN Services.
Step 6
Click OK.

SSL VPN > Status

The SSL VPN > Status page displays a summary of active NetExtender sessions, including the name, the PPP IP address, the physical IP address, login time, length of time logged in and logout time.

The following table provides a description of the status items.

 

User Name

The user name.

Client Virtual IP

The IP address assigned to the user from the client IP address

Client WAN IP

The physical IP address of the user.

Login Time

The amount of time since the user first established connection with the SonicWALL SSL VPN appliance expressed as number of days and time (HH:MM:SS).

Logged In

The time when the user initially logged in.

Statistics Icon

Mousing over the statistics icon provides a summary of traffic statistics for the user.

Logout

Provides the administrator the ability to logout a NetExtender session.

SSL VPN > Portal Settings

The SSL VPN > Portal Settings page is used to configure the appearance and functionality of the SSL VPN Virtual Office web portal. The Virtual Office portal is the website that uses log in to launch NetExtender. It can be customized to match any existing company website or design style.

The following settings configure the appearance of the Virtual Office portal:

 
Portal Site Title - The text displayed in the top title of the web browser.
 
Portal Banner Title - The the text displayed next to the logo at the top of the page.
 
Home Page Message - The HTML code that is displayed above the NetExtender icon.
 
Login Message - The HTML code that is displayed when users are prompted to log in to the Virtual Office.
 
Example Template - Resets the Home Page Message and Login Message fields to the default example template.
 
Preview - Launch a pop-up window that displays the HTML code.

The following options customize the functionality of the Virtual Office portal:

 
Launch NetExtender after login - Automatically launches NetExtender after a user logs in.
 
Display Import Certificate Button - Displays an Import Certificate button on the Virtual Office page. This initiates the process of importing the SonicWALL security appliance’s self-signed certificate onto the web browser. This option only applies to the Internet Explorer browser on PCs running Windows 2000 or Windows XP.
 
Enable HTTP meta tags for cache control - Inserts HTTP tags into the browser that instruct the web browser not to cache the Virtual Office page. SonicWALL recommends enabling this option.

The Customized Logo field is used to display a logo other than the SonicWALL logo at the top of the Virtual Office portal. Enter the URL of the logo in the Customized Logo field. The logo must be in GIF format of size 155 x 36, and a transparent or light background is recommended.

SSL VPN > Client Settings

The SSL VPN > Client Settings page allows the administrator to enable SSL VPN access on zones and configure the client address range information and NetExtender client settings. It also displays which zones have SSL VPN access enabled.

The following tasks are configured on the SSL VPN > Client Settings page:

 
“Configuring Zones for SSL VPN Access” section
 
“Configuring the SSL VPN Client Address Range” section
 
“Configuring NetExtender Client Settings” section

Configuring Zones for SSL VPN Access

All of the zones on the SonicWALL security appliance are displayed in the SSL VPN Status on Zones section of the SSL VPN > Client Settings page. SSL VPN access must be enabled on a zone before users can access the Virtual Office web portal. A green button to the left of the name of the zone indicates that SSL VPN access is enabled. A red button indicates that SSL VPN access is disabled. To change the SSL VPN access for a zone, simply click the name of the zone on the SSL VPN > Client Settings page.

SSL VPN Access can also be configured on the Network > Zones page by clicking the configure icon for the zone.

 
Note
WAN management must be enabled on the zone to terminate SSL VPN sessions. Even though the zone has SSL VPN enabled, if the management interface is disabled, SSL VPN will not work correctly.

Configuring the SSL VPN Client Address Range

The SSL VPN Client Address Range defines the IP address pool from which addresses will be assigned to remote users during NetExtender sessions. The range needs to be large enough to accommodate the maximum number of concurrent NetExtender users you wish to support plus one (for example, the range for 15 users requires 16 addresses, such as 192.168.200.100 to 192.168.200.115).

 
Note
The range must fall within the same subnet as the interface to which the SSL VPN appliance is connected, and in cases where there are other hosts on the same segment as the SSL VPN appliance, it must not overlap or collide with any assigned addresses.

To configure the SSL VPN Client Address Range, perform the following steps:

Step 7
Navigate to the SSL VPN > Client Settings page.In the Start IP field, enter the first IP address in the client address range.
Step 8
In the End IP field, enter the last IP address in the client address range.
Step 9
In the DNS Server 1 filed, enter the IP address of the primary DNS server, or click the Default DNS Settings to use the default settings.
Step 10
(Optional) In the DNS Server 2 filed, enter the IP address of the backup DNS server.
Step 11
(Optional) In the DNS Domain field, enter the domain name for the DNS servers.
Step 12
In the User Domain field, enter the domain name for the users.
Step 13
(Optional) In the WINS Server 1 filed, enter the IP address of the primary WINS server.
Step 14
(Optional) In the WINS Server 2 filed, enter the IP address of the backup WINS server.
Step 15
In the Interface pulldown menu, select the interface to be used for SSL VPN services.
 
Note
The IP address range must be on the same subnet as the interface used for SSL VPN services.
Step 16
Click Accept.

Configuring NetExtender Client Settings

NetExtender client settings are configured on the bottom of the SSL VPN > Client Settings page. The following settings to customize the behavior of NetExtender when users connect and disconnect.

 
Default Session Timeout (minutes) - The default timeout value for client inactivity, after which the client’s session is terminated.
 
Enable NetBIOS Over SSLVPN - Allows NetExtender clients to broadcast NetBIOS to the SSL VPN subnet.
 
Enable Client Autoupdate - The NetExtender client checks for updates every time it is launched.
 
Exit Client After Disconnect - The NetExtender client exits when it becomes disconnected from the SSL VPN server. To reconnect, users will have to either return to the SSL VPN portal or launch NetExtender from their Programs menu.
 
Uninstall Client After Disconnect - The NetExtender client automatically uninstalls when it becomes disconnected from the SSL VPN server. To reconnect, users will have to return to the SSL VPN portal.
 
Create Client Connection Profile - The NetExtender client will create a connection profile recording the SSL VPN Server name, the Domain name and optionally the username and password.
 
Communication Between Clients - Enables NetExtender clients that are connected to the same server to communicate.
 
User Name & Password Caching - Provide flexibility in allowing users to cache their usernames and passwords in the NetExtender client. The three options are Allow saving of user name only, Allow saving of user name & password, and Prohibit saving of user name & password. These options enable administrators to balance security needs against ease of use for users.

SSL VPN > Client Routes

The SSL VPN > Client Routes page allows the administrator to control the network access allowed for SSL VPN users. The NetExtender client routes are passed to all NetExtender clients and are used to govern which private networks and resources remote user can access via the SSL VPN connection.

The following tasks are configured on the SSL VPN > Client Routes page:

 
“Configuring Tunnel All Mode” section
 
“Adding Client Routes” section

Configuring Tunnel All Mode

Select Enabled from the Tunnel All Mode drop-down list to force all traffic for NetExtender users over the SSL VPN NetExtender tunnel—including traffic destined for the remote user’s local network. This is accomplished by adding the following routes to the remote client’s route table:

 

0.0.0.0

0.0.0.0

0.0.0.0

128.0.0.0

128.0.0.0

128.0.0.0

NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any existing routes to force traffic destined for the local network over the SSL VPN tunnel instead. For example, if a remote user is has the IP address 10.0.67.64 on the 10.0.*.* network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the SSL VPN tunnel.

Adding Client Routes

The Add Client Routes pulldown menu is used to configure access to network resources for SSL VPN users. Select the address object to which you want to allow SSL VPN access. Select Create new address object to create a new address object. Creating client routes causes access rules to automatically be created to allow this access. Alternatively, you can manually configure access rules for the SSL VPN zone on the Firewall > Access Rules page. For more information, see “Firewall > Access Rules” on page 327.

SSL VPN > Virtual Office

The SSL VPN > Virtual Office page displays the Virtual Office web portal inside of the SonicOS UI.

Accessing the SonicWALL SSL VPN Portal

To view the SonicWALL SSL VPN Virtual Office web portal, navigate to the IP address of the SonicWALL security appliance. Click the link at the bottom of the Login page that says “Click here for sslvpn login.”

Using NetExtender

The following sections describe how to use NetExtender:

 
“User Prerequisites” section
 
“User Configuration Tasks” section
 
“Verifying NetExtender Operation from the System Tray” section

User Prerequisites

Prerequisites for Windows Clients:

Windows clients must meet the following prerequisites in order to use NetExtender:

 
One of the following platforms:
 
Windows Vista 64-bit, Windows Vista 32-bit, Windows XP Home or Professional, Windows 2000 Professional, Windows 2000 Server, Windows 2003 Server.
 
One of the following browsers:
 
Internet Explorer 6.0 and higher
 
Mozilla Firefox 1.5 and higher
 
To initially install the NetExtender client, the user must be logged in to the PC with administrative privileges.
 
Downloading and running scripted ActiveX files must be enabled on Internet Explorer.
 
If the SonicWALL security appliance uses a self-signed SSL certificate for HTTPS authentication, then it is necessary to install the certificate before establishing a NetExtender connection. If you are unsure whether the certificate is self-signed or generated by a trusted root Certificate Authority, SonicWALL recommends that you import the certificate. The easiest way to import the certificate is to click the Import Certificate button at the bottom of the Virtual Office home page.

Prerequisites for MacOS Clients:

MacOS clients meet the following prerequisites in order to use NetExtender:

 
MacOS 10.4 and higher
 
Java 1.4 and higher
 
Both PowerPC and Intel Macs are supported.

Prerequisites for Linux Clients:

Linux clients must meet the following prerequisites in order to use NetExtender:

 
Linux Fedora Core 3 or higher, Ubuntu 7 or higher, or OpenSUSE
 
Sun Java 1.4 and higher is required for using the NetExtender GUI.
 
Note
Open source Java Virtual Machines (VMs) are not currently supported. If you do not have Sun Java 1.4, you can use the command-line interface version of NetExtender.

User Configuration Tasks

SonicWALL NetExtender is a software application that enables remote users to securely connect to the remote network. With NetExtender, remote users can virtually join the remote network. Users can mount network drives, upload and download files, and access resources in the same way as if they were on the local network.

The following sections describe how to install NetExtender on a Windows platform:

 
“Installing NetExtender Using the Mozilla Firefox Browser” section
 
“Installing NetExtender Using the Internet Explorer Browser” section

The following sections describe how to use NetExtender on a Windows platform:

 
“Launching NetExtender Directly from Your Computer” section
 
“Configuring NetExtender Preferences” section
 
“Configuring NetExtender Connection Scripts” section
 
“Configuring Proxy Settings” section
 
“Viewing the NetExtender Log” section
 
“Disconnecting NetExtender” section
 
“Upgrading NetExtender” section
 
“Uninstalling NetExtender” section
 
“Verifying NetExtender Operation from the System Tray” section

The following section describe how to install and use NetExtender on a MacOS platform:

 
“Installing NetExtender on MacOS” section
 
“Using NetExtender on MacOS” section

The following section describe how to install and use NetExtender on a Linux platform:

 
“Installing and Using NetExtender on Linux” section

Installing NetExtender Using the Mozilla Firefox Browser

To use NetExtender for the first time using the Mozilla Firefox browser, perform the following:

Step 1
Navigate to the IP address of the SonicWALL security appliance. Click the link at the bottom of the Login page that says “Click here for sslvpn login.”
Step 2
Click the NetExtender button.
Step 3
The first time you launch NetExtender, it will automatically install the NetExtender stand-alone application on your computer. If a warning message is displayed in a yellow banner at the top of your Firefox banner, click the Edit Options... button.
Step 4
The Allowed Sites - Software Installation window is displayed, with the address of the Virtual Office server in the address window. Click Allow to allow Virtual Office to install NetExtender, and click Close.

Step 5
Return to the Virtual Office window and click NetExtender again.
Step 6
The Software Installation window is displayed. After a five second countdown, the Install Now button will become active. Click it.
Step 7
NetExtender is installed as a Firefox extension.

Step 8
When NetExtender completes installing, the NetExtender Status window displays, indicating that NetExtender successfully connected.

Closing the windows (clicking on the x icon in the upper right corner of the window) will not close the NetExtender session, but will minimize it to the system tray for continued operation.

Step 9
Review the following table to understand the fields in the NetExtender Status window.

Status

Indicates what operating state the NetExtender client is in, either Connected or Disconnected.

Server

Indicates the name of the server to which the NetExtender client is connected.

Client IP

Indicates the IP address assigned to the NetExtender client.

Sent

Indicates the amount of traffic the NetExtender client has transmitted since initial connection.

Received

Indicates the amount of traffic the NetExtender client has received since initial connection.

Duration

The amount of time the NetExtender has been connected, expressed as days, hours, minutes, and seconds.

Step 10
Additionally, a balloon icon in the system tray appears, indicating NetExtender has successfully installed.

Step 11
The NetExtender icon is displayed in the task bar.

Installing NetExtender Using the Internet Explorer Browser

SonicWALL SSL VPN NetExtender is fully compatible with Microsoft Windows Vista 32-bit and 64-bit, and supports the same functionality as with other Windows operating systems.

 
Note
It may be necessary to restart your computer when installing NetExtender on Windows Vista.

Internet Explorer Prerequisites

It is recommended that you add the URL or domain name of your SonicWALL security appliance to Internet Explorer’s trusted sites list. This will simplify the process of installing NetExtender and logging in, by reducing the number of security warnings you will receive. To add a site to Internet Explorer’s trusted sites list, complete the following procedure:

Step 1
In Internet Explorer, go to Tools > Internet Options.
Step 2
Click on the Security tab.
Step 3
Click on the Trusted Sites icon and click on the Sites... button to open the Trusted sites window.

Step 4
Enter the URL or domain name of your SonicWALL security appliance in the Add this Web site to the zone field and click Add.
Step 5
Click Ok in the Trusted Sites and Internet Options windows.

Installing NetExtender from Internet Explorer

To install and launch NetExtender for the first time using the Internet Explorer browser, perform the following:

Step 1
Navigate to the IP address of the SonicWALL security appliance. Click the link at the bottom of the Login page that says “Click here for sslvpn login.”
Step 2
Click the NetExtender button.

 

Step 3
The first time you launch NetExtender, you must first add the SSL VPN portal to your list of trusted sites. If you have not done so, the follow message will display.

Step 4
Click Instructions to add SSL VPN server address into trusted sites for help.

Step 5
In Internet Explorer, go to Tools > Internet Options.
Step 6
Click on the Security tab.
Step 7
Click on the Trusted Sites icon and click on the Sites... button to open the Trusted sites window.

Step 8
Enter the URL or domain name of your SonicWALL security appliance in the Add this Web site to the zone field and click Add.
Step 9
Click OK in the Trusted Sites and Internet Options windows.
Step 10
Return to the SSL VPN portal and click on the NetExtender button. The portal will automatically install the NetExtender stand-alone application on your computer. The NetExtender installer window opens.

Step 11
If an older version of NetExtender is installed on the computer, the NetExtender launcher will remove the old version and then install the new version.
Step 12
If a warning message that NetExtender has not passed Windows Logo testing is displayed, click Continue Anyway. SonicWALL testing has verified that NetExtender is fully compatible with Windows Vista, XP, 2000, and 2003.

Step 13
When NetExtender completes installing, the NetExtender Status window displays, indicating that NetExtender successfully connected.

Launching NetExtender Directly from Your Computer

After the first access and installation of NetExtender, you can launch NetExtender directly from your computer without first navigating to the SSL VPN portal. To launch NetExtender, complete the following procedure:

Step 1
Navigate to Start > All Programs.
Step 2
Select the SonicWALL SSL VPN NetExtender folder, and then click on SonicWALL SSL VPN NetExtender. The NetExtender login window is displayed.
Step 3
The IP address of the last server you connected to is displayed in the SSL VPN Server field. To display a list of recent servers you have connected to, click on the arrow.
Step 4
Enter your username and password.
Step 5
The last domain you connected to is displayed in the Domain field.
Step 6
The pulldown menu at the bottom of the window provides three options for remembering your username and password:
 
Save user name & password if server allows
 
Save user name only if server allows
 
Always ask for user name & password

 
Tip
Having NetExtender save your user name and password can be a security risk and should not be enabled if there is a chance that other people could use your computer to access sensitive information on the network.

Configuring NetExtender Preferences

Complete the following procedure to configure NetExtender preferences:

Step 1
Right click on the icon in the system tray and click on Preferences... The NetExtender Preferences window is displayed.
Step 2
The Connection Profiles tab displays the SSL VPN connection profiles you have used, including the IP address of the server, the domain, and the username.
Step 3
To delete a profile, highlight it by clicking on it and then click the Remove buttons. Click the Remove All buttons to delete all connection profiles.
Step 4
The Settings tab allows you to customize the behavior of NetExtender.
Step 5
To have NetExtender automatically connect when you start your computer, check the Automatically connect with Connection Profile checkbox and select the appropriate connection profile from the pulldown menu.
 
Note
Only connection profiles that allow you to save your username and password can be set to automatically connect.
Step 6
To have NetExtender launch when you log in to your computer, check the Automatically start NetExtender UI. NetExtender will start, but will only be displayed in the system tray. To have the NetExtender log-in window display, check the Display NetExtender UI checkbox.
Step 7
Select Minimize to the tray icon when NetExtender window is closed to have the NetExtender icon display in the system tray. If this option is not checked, you will only be able to access the NetExtender UI through Window’s program menu.
Step 8
Select Display Connect/Disconnect Tips from the System Tray to have NetExtender display tips when you mouse over the NetExtender icon.
Step 9
Select Automatically reconnect when the connection is terminated to have NetExtender attempt to reconnect when it loses connection.
Step 10
Select Uninstall NetExtender automatically to have NetExtender uninstall every time you end a session.
Step 11
Select Disconnect an active connection to have NetExtender log out of all of your SSL VPN sessions when you exit a NetExtender session
Step 12
Click Apply.

Configuring NetExtender Connection Scripts

SonicWALL SSL VPN provides users with the ability to run batch file scripts when NetExtender connects and disconnects. The scripts can be used to map or disconnect network drives and printers, launch applications, or open files or websites. To configure NetExtender Connection Scripts, perform the following tasks.

Step 1
Right click on the icon in the task bar and click on Preferences... The NetExtender Preferences window is displayed.
Step 2
Click on Connection Scripts.
Step 3
To enable the domain login script, select the Attempt to execute domain login script checkbox. When enabled, NetExtender will attempt to contact the domain controller and execute the login script.
 
Note
Enabling this feature may cause connection delays while remote client’s printers and drives are mapped. Make sure the domain controller and any machines in the logon script are accessible via NetExtender routes.
Step 4
To enable the script that runs when NetExtender connects, select the Automatically execute the batch file “NxConnect.bat” checkbox.
Step 5
To enable the script that runs when NetExtender disconnects, select the Automatically execute the batch file “NxDisconnect.bat” checkbox.
Step 6
To hide either of the console windows, select the appropriate Hide the console window checkbox. If this checkbox is not selected, the DOS console window will remain open while the script runs.
Step 7
Click Apply.

Configuring Batch File Commands

NetExtender Connection Scripts can support any valid batch file commands. For more information on batch files, see the following Wikipedia entry: http://en.wikipedia.org/wiki/.bat. The following tasks provide an introduction to some commonly used batch file commands.

Step 1
To configure the script that runs when NetExtender connects, click the Edit “NxConnect.bat” button. The NxConnect.bat file is displayed.
Step 2
To configure the script that runs when NetExtender disconnects, click the Edit “NxDisconnect.bat” button. The NxConnect.bat file is displayed.
Step 3
By default, the NxConnect.bat file contains examples of commands that can be configured, but no actual commands. Too add commands, scroll to the bottom of the file.
Step 4
To map a network drive, enter a command in the following format:
net use drive-letter\\server\share password /user:Domain\name
 

For example to if the drive letter is z, the server name is engineering, the share is docs, the password is 1234, the user’s domain is eng and the username is admin, the command would be the following:

net use z\\engineering\docs 1234 /user:eng\admin
 
Step 5
To disconnect a network drive, enter a command in the following format:
net use drive-letter: /delete
 

For example, to disconnect network drive z, enter the following command:

net use z: /delete
 
Step 6
To map a network printer, enter a command in the following format:
net use LPT1 \\ServerName\PrinterName /user:Domain\name
 

For example, if the server name is engineering, the printer name is color-print1, the domain name is eng, and the username is admin, the command would be the following:

net use LPT1 \\engineering\color-print1 /user:eng\admin
 
Step 7
To disconnect a network printer, enter a command in the following format:
net use LPT1 /delete
 
Step 8
To launch an application enter a command in the following format:
C:\Path-to-Application\Application.exe
 
Step 9
For example, to launch Microsoft Outlook, enter the following command:
C:\Program Files\Microsoft Office\OFFICE11\outlook.exe
 
Step 10
To open a website in your default browser, enter a command in the following format:
start http://www.website.com
 
Step 11
To open a file on your computer, enter a command in the following format:
C:\Path-to-file\myFile.doc
 
Step 12
When you have finished editing the scripts, save the file and close it.

Configuring Proxy Settings

SonicWALL SSL VPN supports NetExtender sessions using proxy configurations. Currently, only HTTPS proxy is supported. When launching NetExtender from the web portal, if your browser is already configured for proxy access, NetExtender automatically inherits the proxy settings.

To manually configure NetExtender proxy settings, perform the following tasks.

Step 1
Right click on the icon in the task bar and click on Preferences... The NetExtender Preferences window is displayed.
Step 2
Click on Proxy.
Step 3
Select the Enable proxy settings checkbox.
Step 4
NetExtender provides three options for configuring proxy settings:
 
Automatically detect settings - To use this setting, the proxy server must support Web Proxy Auto Discovery Protocol (WPAD)), which can push the proxy settings script to the client automatically.
 
Use automatic configuration script - If you know the location of the proxy settings script, select this option and enter the URL of the scrip in the Address field.
 
Use proxy server - Select this option to enter the Address and Port of the proxy server. Optionally, you can enter an IP address or domain in the BypassProxy field to allow direct connections to those addresses that bypass the proxy server. If required, enter a User name and Password for the proxy server. If the proxy server requires a username and password, but you do not specify them in the Preferences window, a NetExtender pop-up window will prompt you to enter them when you first connect.

 

Step 5
Click the Internet Explorer proxy settings button to open Internet Explorer’s proxy settings.

Viewing the NetExtender Log

The NetExtender log displays information on NetExtender session events. The log is a file named NetExtender.dbg. It is stored in the directory: C:\Program Files\SonicWALL\SSL VPN\NetExtender. To view the NetExtender log, right click on the NetExtender icon in the system tray, and click View Log.

To view details of a log message, double-click on a log entry, or go to View > Log Detail to open the Log Detail pane.

To save the log, either click the Export icon or go to Log > Export.

To filter the log to display entries from a specific duration of time, go to the Filter menu and select the cutoff threshold.

To filter the log by type of entry, go to Filter > Level and select one of the level categories. The available options are Fatal, Error, Warning, and Info, in descending order of severity. The log displays all entries that match or exceed the severity level. For example, when selecting the Error level, the log displays all Error and Fatal entries, but not Warning or Info entries.

To view the Debug Log, either click the Debug Log icon or go to Log > Debug Log.

 
Note
It may take several minutes for the Debug Log to load. During this time, the Log window will not be accessible, although you can open a new Log window while the Debug Log is loading.

To clear the log, click on Log > Clear Log.

Disconnecting NetExtender

To disconnect NetExtender, perform the following steps:

Step 1
Right click on the NetExtender icon in the system tray to display the NetExtender icon menu and click Disconnect.
Step 2
Wait several seconds. The NetExtender session disconnects.

You can also disconnect by double clicking on the NetExtender icon to open the NetExtender window and then clicking the Disconnect button.

When NetExtender becomes disconnected, the NetExtender window displays and gives you the option to either Reconnect or Close NetExtender.

Upgrading NetExtender

NetExtender can be configured by the administrator to automatically notify users when an updated version of NetExtender is available. Users are prompted to click OK and NetExtender downloads and installs the update from the SonicWALL security appliance.

If auto-update notification is not configured, users should periodically launch NetExtender from the Virtual Office to ensure they have the latest version. Check with your administrator to determine if you need to manually check for updates.

Uninstalling NetExtender

The NetExtender utility is automatically installed on your computer. To remove NetExtender, click on Start > All Programs, click on SonicWALL SSL VPN NetExtender, and then click on Uninstall.

You can also configure NetExtender to automatically uninstall when your session is disconnected. To do so, perform the following steps:

Step 1
Right click on the NetExtender icon in the system tray and click on Preferences... The NetExtender Preferences window is displayed.
Step 2
Click on the Settings tab.
Step 3
Select Uninstall NetExtender automatically to have NetExtender uninstall every time you end a session.

Verifying NetExtender Operation from the System Tray

To view options in the NetExtender system tray, right click on the NetExtender icon in the system tray. The following are some tasks you can perform with the system tray.

Displaying Route Information

To display the routes that NetExtender has installed on your system, click the Route Information option in the system tray menu. The system tray menu displays the default route and the associated subnet mask.

Displaying Connection Information

You can display connection information by mousing over the NetExtender icon in the system tray.

Installing NetExtender on MacOS

SonicWALL SSL VPN supports NetExtender on MacOS. To use NetExtender on your MacOS system, your system must meet the following prerequisites:

 
MacOS 10.4 and higher
 
Java 1.4 and higher
 
Both PowerPC and Intel Macs are supported.

To install NetExtender on your MacOS system, perform the following tasks:

Step 1
Navigate to the IP address of the SonicWALL security appliance. Click the link at the bottom of the Login page that says “Click here for sslvpn login.”
Step 2
Click the NetExtender button.
Step 3
The Virtual Office displays the status of NetExtender installation. A pop-up window may appear, prompting you to accept a certificate. Click Trust.

Step 4
A second pop-up window may appear, prompting you to accept a certificate. Click Trust.

Step 5
When NetExtender is successfully installed and connected, the NetExtender status window displays.

Using NetExtender on MacOS

Step 1
To launch NetExtender, go the Applications folder in the Finder and double click on NetExtender.app.

Step 2
The first time you connect, you must enter the server name or IP address in the SSL VPN Server field.
Step 3
Enter your username and password.
Step 4
The first time you connect, you must enter the domain name.
Step 5
Click Connect.
Step 6
You can instruct NetExtender remember your profile server name in the future. In the Save profile pulldown menu you can select Save name and password (if allowed), Save username only (if allowed), or Do not save profile.
Step 7
When NetExtender is connected, the NetExtender icon is displayed in the status bar at the top right of your display. Click on the icon to display NetExtender options.

Step 8
To display a summary of your NetExtender session, click Connection Status.
Step 9
To view the routes that NetExtender has installed, go to the NetExtender menu and select Routes.

Step 10
To view the NetExtender Log, go to Window > Log.

Step 11
To generate a diagnostic report with detailed information on NetExtender performance, go to Help > Generate diagnostic report.

Step 12
Click Save to save the diagnostic report using the default nxdiag.txt file name in your NetExtender directory.

Installing and Using NetExtender on Linux

SonicWALL SSL VPN supports NetExtender on Linux. To use NetExtender on your Linux system, your system must meet the following prerequisites:

 
i386-compatible distribution of Linux
 
Linux Fedora Core 3+, Ubuntu 7+ or OpenSUSE Linux 10.3+
 
Sun Java 1.4 and higher is required for using the NetExtender GUI.
 
Note
Open source Java Virtual Machines (VMs) are not currently supported. If you do not have Sun Java 1.4, you can use the command-line interface version of NetExtender.

To install NetExtender on your Linux system, perform the following tasks:

Step 1
Navigate to the IP address of the SonicWALL security appliance. Click the link at the bottom of the Login page that says “Click here for sslvpn login.”
Step 2
Click the NetExtender button. A pop-up window indicates that you have chosen to open the NetExtender.tgz file. Click OK to save it to your default download directory.
Step 3
To install NetExtender from the CLI, navigate to the directory where you saved NetExtender.tgz and enter the tar -zxf NetExtender.tgz command.

Step 4
Type the cd netExtenderClient command.
Step 5
Type ./install to install NetExtender.
Step 6
Launch the NetExtender.tgz file and follow the instructions in the NetExtender installer. The new netExtender directory contains a NetExtender shortcut that can be dragged to your desktop or toolbar.
Step 7
The first time you connect, you must enter the server name or IP address in the SSL VPN Server field. NetExtender will remember the server name in the future.
Step 8
Enter your username and password.
Step 9
The first time you connect, you must enter the domain name. NetExtender will remember the domain name in the future.
 
Note
You must be logged in as root to install NetExtender, although many Linux systems will allow the sudo ./install command to be used if you are not logged in as root.
Step 10
To view the NetExtender routes, go to the NetExtender menu and select Routes.
Step 11
To view the NetExtender Log, go to NetExtender > Log.
Step 12
To generate a diagnostic report with detailed information on NetExtender performance, go to Help > Generate diagnostic report.
Step 13
Click Save to save the diagnostic report using the default nxdiag.txt file name in your NetExtender directory.

 


Table of Contents Previous Next Index