NetExtender Concepts

Topics:
Stand-Alone Client
Client Routes
Tunnel All Mode
Connection Scripts
Proxy Configuration
SonicWALL Mobile Connect
Stand-Alone Client

NetExtender is a browser-installed lightweight application that provides comprehensive remote access without requiring users to manually download and install the application. The first time a user launches NetExtender, the NetExtender stand-alone client is automatically installed on the user’s PC or Mac. The installer creates a profile based on the user’s login information. The installer window then closes and automatically launches NetExtender. If the user has a legacy version of NetExtender installed, the installer will first uninstall the old NetExtender and install the new version.

Once the NetExtender stand-alone client has been installed, Windows users can launch NetExtender from their PC’s Start > Programs menu and configure NetExtender to launch when Windows boots. Mac users can launch NetExtender from their system Applications folder, or drag the icon to the dock for quick access. On Linux systems, the installer creates a desktop shortcut in /usr/share/NetExtender. This can be dragged to the shortcut bar in environments like Gnome and KDE.

Client Routes

NetExtender client routes are used to allow and deny access for SSL VPN users to various network resources. Address objects are used to easily and dynamically configure access to network resources.

Tunnel All Mode

Tunnel All mode routes all traffic to and from the remote user over the SSL VPN NetExtender tunnel—including traffic destined for the remote user’s local network. This is accomplished by adding the routes in Routes to Be Added to Remote Client’s Route Table to the remote client’s route table:

 

Routes to Be Added to Remote Client’s Route Table

IP Address

Subnet mask
0.0.0.0
0.0.0.0
0.0.0.0
128.0.0.0
128.0.0.0
128.0.0.0

NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any existing routes to force traffic destined for the local network over the SSL VPN tunnel instead. For example, if a remote user is has the IP address 10.0.67.64 on the 10.0.*.* network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the SSL VPN tunnel.

Tunnel All mode is configured on the SSL VPN > Client Routes page.

Connection Scripts

SonicWALL SSL VPN provides users with the ability to run batch file scripts when NetExtender connects and disconnects. The scripts can be used to map or disconnect network drives and printers, launch applications, or open files or Web sites. NetExtender Connection Scripts can support any valid batch file commands.

Proxy Configuration

SonicWALL SSL VPN supports NetExtender sessions using proxy configurations. Currently, only HTTPS proxy is supported. When launching NetExtender from the Web portal, if your browser is already configured for proxy access, NetExtender automatically inherits the proxy settings. The proxy settings can also be manually configured in the NetExtender client preferences. NetExtender can automatically detect proxy settings for proxy servers that support the Web Proxy Auto Discovery (WPAD) Protocol.

NetExtender provides three options for configuring proxy settings:
Automatically detect settings - To use this setting, the proxy server must support Web Proxy Auto Discovery Protocol (WPAD)), which can push the proxy settings script to the client automatically.
Use automatic configuration script - If you know the location of the proxy settings script, you can select this option and provide the URL of the script.
Use proxy server - You can use this option to specify the IP address and port of the proxy server. Optionally, you can enter an IP address or domain in the BypassProxy field to allow direct connections to those addresses and bypass the proxy server. If required, you can enter a user name and password for the proxy server. If the proxy server requires a username and password, but you do not specify them, a NetExtender pop-up window will prompt you to enter them when you first connect.

When NetExtender connects using proxy settings, it establishes an HTTPS connection to the proxy server instead of connecting to the SonicWALL security appliance. server directly. The proxy server then forwards traffic to the SSL VPN server. All traffic is encrypted by SSL with the certificate negotiated by NetExtender, of which the proxy server has no knowledge. The connecting process is identical for proxy and non-proxy users.

SonicWALL Mobile Connect

SonicWALL Mobile Connect is an app for iPhone, iPad, and iPod Touch that enables secure, mobile connections to private networks protected by SonicWALL security appliances. The SonicWALL Mobile Connect app for iPhone and iPad provides secure, mobile access to sensitive network resources using the iPhone and iPad. SonicWALL Mobile Connect establishes a Secure Socket Layer Virtual Private Network (SSL VPN) connection to private networks that are protected by SonicWALL security appliances. All traffic to and from the private network is securely transmitted over the SSL VPN tunnel.

The process for using SonicWALL Mobile Connect is as follows:

1
Install SonicWALL Mobile Connect from the App Store.
2
Enter connection information (server name, username, password, etc.).
3
Initiate a connection to the network.
4
SonicWALL Mobile Connect establishes a SSL VPN tunnel to the SonicWALL security appliance.
5
You can now access resources on the private network. All traffic to and from the private network is securely transmitted over the trouble shooting report SSL VPN tunnel.

From your perspective, SonicWALL Mobile Connect functions virtually the same as NetExtender. The configuration that is required:
Configure Users for NetExtender – For a user to be able to connect with SonicWALL Mobile Connect, their user account must be assigned to the SSLVPN Services group. See Configuring Users for SSL VPN Access for details.