|
1
|
Configuring Device Profile Settings (for all Device Profiles)
|
|
2
|
Configuring Security Attributes (for all Device Profiles)
|
|
3
|
Configuring Client Routes (only for Allow Device Profiles)
|
|
4
|
Configuring Client Settings (only for Allow Device Profiles)
|
|
1
|
Enter the following information on the Settings tab:
|
•
|
Name – A brief name for the Device Profile.
|
|
•
|
Description – (Optional) A description of the Device Profile.
|
|
•
|
Action – Select whether it is an Allow Device Profile or Deny Device Profile.
|
|
•
|
Zone – (Only for Allow Device Profiles) Select the zone that clients are assigned to when matching this Device Profile. Only zones with type “SSL VPN” can be selected.
|
|
•
|
Network Address – (Only for Allow Device Profiles) Select the Address Object for the IP address pool for this device profile. Clients that match this profile are assigned an IP address from the pool. Only Address Objects for the zone selected above can be used for the Device Profile. Each Device Profile must use a unique Address Object.
|
|
•
|
Select Create net network to create a new Address Object. For the Zone Assignment, select the same zone you selected above. For Type, select Range.
|
|
•
|
Deny Message – (Only for Deny Device Profiles) Enter the HTML text for the message that is displayed to users who are denied access. Click the Example Template to auto-populate the Quarantine Message with formatted HTML text. The pop-up message is displayed in a window that is 500 pixels wide. Edit the text of the message and click Preview to view how it is displayed to users.
|
|
1
|
Click on the Security Attributes tab.
|
|
2
|
In the Select Attribute(s) pulldown menu, select the appropriate type of attribute.
|
|
3
|
Complete the attribute-specific configuration (described in the following sections) and click Add to current attributes.
|
|
5
|
Select Enabled from the Tunnel All Mode drop-down list to force all traffic for NetExtender users over the SSL VPN NetExtender tunnel—including traffic destined for the remote user’s local network. This is accomplished by adding the following routes to the remote client’s route table:
|
1
|
Select the appropriate Address Object in the Networks list.
|
|
2
|
Click > to add it to the Client Routes list.
|
|
4
|
When finished, click the Client Settings tab. When you are finished with configuring the Device Profile, see the following section on how to configure SSL VPN users and groups for SSL VPN access.
|
|
1
|
|
2
|
Click Configure for the SSL VPN NetExtender user or group.
|
|
3
|
Click the VPN Access tab.
|
|
5
|
Click OK.
|
|
1
|
|
2
|
Click Configure for an SSL VPN NetExtender user or group.
|
|
3
|
Click the VPN Access tab.
|
|
4
|
|
5
|
Click OK.
|
The Client Settings tab is used to configure the DNS settings for SSL VPN clients as well as several options for the NetExtender client.To configure Client Settings, complete the following tasks:
|
1
|
Click the Default DNS Settings to use the default DNS settings of the SonicWALL security appliance. The DNS and WINS configuration is auto-propagated.
|
|
2
|
Or you can manually configure the DNS information. In the DNS Server 1 field, enter the IP address of the primary DNS server, or click the Default DNS Settings to use the default settings.
|
|
3
|
(Optional) In the DNS Server 2 field, enter the IP address of the backup DNS server.
|
|
5
|
(Optional) In the WINS Server 1 field, enter the IP address of the primary WINS server.
|
|
6
|
(Optional) In the WINS Server 2 field, enter the IP address of the backup WINS server.
|
|
•
|
Enable Client Autoupdate - The NetExtender client checks for updates every time it is launched.
|
|
•
|
Exit Client After Disconnect - The NetExtender client exits when it becomes disconnected from the SSL VPN server. To reconnect, users must either return to the SSL VPN portal or launch NetExtender from their Programs menu.
|
|
•
|
Uninstall Client After Disconnect - The NetExtender client automatically uninstalls when it becomes disconnected from the SSL VPN server. To reconnect, users must return to the SSL VPN portal.
|
|
•
|
Create Client Connection Profile - The NetExtender client creates a connection profile recording the SSL VPN Server name, the Domain name, and optionally the username and password.
|
|
•
|
User Name & Password Caching - Provide flexibility in allowing users to cache their usernames and passwords in the NetExtender client. The three options are Allow saving of user name only, Allow saving of user name & password, and Prohibit saving of user name & password. These options enable administrators to balance security needs against ease of use for users.
|
|
8
|
Click OK to complete the Device Profile configuration process.
|