Answer: Yes, the HTTP, HTTPS, CIFS, FTP are Web-based proxies, where the native Web browser is the client. VNC, RDP - ActiveX, RDP - Java, Citrix, SSHv2, SSHv1, and Telnet use browser-delivered HTML5, Java, or ActiveX clients. NetExtender on Windows uses a browser-delivered client.
Answer: Currently supported browsers and versions are listed in the Browser Requirements section of this document.
|
•
|
Answer: You will need to install SUN’s JRE 1.6.0_10 or higher (available at http://www.java.com) to use some of the features on the SRA appliance. On Google Chrome, you will need Java 1.6.0 update 10 or higher.
Answer: If you cannot reach your server by its NetBIOS name, there might be a problem with name resolution. Check your DNS and WINS settings on the SRA appliance. You might also try manually specifying the NetBIOS name to IP mapping in the “Network > Host Resolution” section, or you could manually specify the IP address in the UNC path, e.g. \\192.168.100.100\sharefolder.
Answer: No. It must be combined with a Dell SonicWALL security appliance or other third-party firewall/VPN device.
Answer: No, it requires HTTPS. HTTP connections are immediately redirected to HTTPS. You may wish to open both 80 and 443, as many people forget to type https: and instead type
http://. If you block 80, it will not get redirected.
Answer: One-port mode, where only the X0 interface is utilized, and the appliance is placed in a separated, protected “DMZ” network/interface of a Dell SonicWALL security appliance, such as the Dell SonicWALL TZ appliance or NSA appliance.
Answer: This method of deployment offers additional layers of security control plus the ability to use Dell SonicWALL’s Unified Threat Management (UTM) services, including Gateway Anti-Virus, Anti-Spyware, Content Filtering and Intrusion Prevention, to scan all incoming and outgoing NetExtender traffic.
Answer: Yes, when it would be necessary to bypass a firewall/VPN device that may not have an available third interface, or a device where integrating the SRA appliance may be difficult or impossible.
Answer: No, this is not supported.
Answer: The default IP address of the appliance is 192.168.200.1 on the X0 interface. If you cannot reach the appliance, try cross-connecting a system to the X0 port, assigning it a temporary IP address of 192.168.200.100, and attempt to log into the SRA appliance at https://192.168.200.1. Then verify that you have correctly configured the DNS and default route settings on the Network pages.
Answer: No, it is only a client-access appliance. If you require this, you will need a Dell SonicWALL TZ series or NSA series security appliance.
Answer: No, only NetExtender and proxy sessions are supported.
Answer: Yes, although performance will be slow, even over a 56K connection it is usable.
Answer: Starting with 7.5 firmware or newer, Dell SonicWALL only uses HIGH security ciphers with TLSv1, TLSv1.1, and TLSv1.2. In 8.0 firmware or newer, SSL Perfect Forward Secrecy (PFS) is supported.
Answer: Yes, if your browser supports it.
Answer: Yes, actually you may see better performance as NetExtender uses multiplexed PPP connections and runs compression over the connections to improve performance.
Answer: Yes, this is supported.
Answer: Yes, over NetExtender connections.
Answer: Yes.
Answer: Not at this time. Look for this in a future firmware release.
Answer: Syslog forwarding to up to two external servers is supported in the current software release. SNMP is supported beginning in the 5.0 release. MIBs can be downloaded from MySonicWALL>
Answer: Yes, the SRA 4600, 4200, 1600, and 1200 have a simple CLI when connected to the console port. The SRA Virtual Appliance is also configurable with the CLI. The Dell SonicWALL SRA 6.0 CLI allows configuration of only the X0 interface on the Dell SonicWALL SRA appliances or SRA Virtual Appliance.
Answer: No, neither Telnet or SSH are supported in the current release of the SRA appliance software as a means of management (this is not to be confused with the Telnet and SSH proxies, which the appliance does support).
Answer: The Web cache cleaner is an ActiveX-based applet that removes all temporary files generated during the session, removes any history bookmarks, and removes all cookies generated during the session.
Answer: In order for the Web cache cleaner to run, you must click on the Logout button. If you close the Web browser using any other means, the Web cache cleaner cannot run.
Answer: This setting will encrypt the settings file so that if it is exported it cannot be read by unauthorized sources. Although it is encrypted, it can be loaded back onto the SRA appliance (or a replacement appliance) and decrypted. If this box is not selected, the exported settings file is clear-text and can be read by anyone.
Answer: By default, the settings are automatically stored on a SRA appliance any time a change to programming is made, but this can be shut off if desired. If this is disabled, all unsaved changes to the appliance will be lost. This feature is most useful when you are unsure of making a change that may result in the box locking up or dropping off the network. If the setting is not immediately saved, you can power-cycle the box and it will return to the previous state before the change was made.
Answer: This feature allows you to create a backup snapshot of the firmware and settings into a special file that can be reverted to from the management interface or from SafeMode. Dell SonicWALL strongly recommends creating system backup right before loading new software, or making significant changes to the programming of the appliance.
Answer: SafeMode is a feature of the SRA appliance that allows administrators to switch between software image builds and revert to older versions in case a new software image turns out to cause issues. In cases of software image corruption, the appliance will boot into a special interface mode that allows the administrator to choose which version to boot, or load a new version of the software image.
Answer: In emergency situations, you can access the SafeMode menu by holding in the Reset button on the SRA appliance (the small pinhole button located on the front of the SRA appliances) for 12-14 seconds until the ‘Test’ LED begins quickly flashing yellow. Once the SRA appliance has booted into the SafeMode menu, assign a workstation a temporary IP address in the 192.168.200.x subnet, such as 192.168.200.100, and attach it to the X0 interface on the SRA appliance. Then, using a modern Web browser (Microsoft IE6.x+, Mozilla 1.4+), access the special SafeMode GUI using the appliance’s default IP address of 192.168.200.1. You will be able to boot the appliance using a previously saved backup snapshot, or you can upload a new version of software with the Upload New Software image button.
Answer: This is not supported in the current releases, but is planned for a future software release.
Answer: Local database, RADIUS, Active Directory, NT4, and LDAP.
Answer: The appliances must be precisely time-synchronized with each other or the authentication process will fail. Ensure that the SRA appliance and the Active Directory server are both using NTP to keep their internal clocks synchronized.
Answer: If you are using a Windows-based FTP server, you will need to change the directory listing style to ‘UNIX’ instead of ‘MS-DOS’.
Answer: Dell SonicWALL has done extensive testing with RealVNC. It can be downloaded at:
http://www.realvnc.com/download.html
Answer: Yes.
Answer: Yes, this is supported with the ActiveX-based RDP client only. The Microsoft Terminal Server RDP connector must be enabled first for this to work. You may need to install the correct printer driver software on the Terminal Server you are accessing.
Answer: Yes, refer to the Dell SonicWALL Secure Wireless Networks Integrated Solutions Guide, available through Elsevier, http://www.elsevierdirect.com/.
Answer: Yes, you can manage on any of the interface IP addresses.
Answer: Yes. On the Users > Local Groups page, edit a group belonging to the Active Directory domain used for authentication and add one or more AD Groups under the AD Groups tab.
Answer: Yes.
Answer: Try adjusting the session and connection timeouts on both the SRA appliance and any appliance that sits between the endpoint client and the destination server. If the SRA appliance is behind a firewall, adjust the TCP timeout upwards and enable fragmentation.
Answer: This is not supported in the current release of software but may be supported in a future software release.
Answer: The CIFS browsing protocol is limited by the server's buffer size for browse lists. These browse lists contain the names of the hosts in a workgroup or the shares exported by a host. The buffer size depends on the server software. Windows personal firewall has been known to cause some issues with file sharing even when it is stated to allow such access. If possible, try disabling such software on either side and then test again.
Answer: It uses port 1812.
Answer: Yes. On the portal layout, you can enable or disable ‘Enforce login uniqueness’ option. If this box is unchecked, users can log in simultaneously with the same username and password.
Answer: Yes, in SRA 5.0 and later releases, backend Web servers using NTLM or Windows Integrated Authentication are supported. Single Sign-On with NTLM is also supported. NTLM support is specific to Application Offloading and/or reverse-proxy bookmarks.
Answer: In SRA 3.5 and earlier releases, the HTTP proxy does not support Windows Authentication (formerly called NTLM). Only anonymous or basic authentication is supported.
Answer: When the Java Service is started it does not use the proxy server. Transactions are done directly to the SRA appliance.
Answer: The Telnet server must support function keys. If it does, the keyboard used is relevant. Currently, the Telnet proxy uses vt320 and the SSHv1 proxy uses vt100 key codes. This is the default and the SRA appliance does not support other types such as SCO-ANSI yet. This may be supported in a future firmware release.
Answer: You can specify in the IP address box an ‘IPaddress:portid’ pair for HTTP, HTTPS, Telnet, Java, and VNC.
Answer: Add the path in the IP address box: IP/mydirectory/.
Answer: This is not currently supported on the appliance.
Answer: Citrix Portal Bookmarks have been tested and verified to support the following Citrix Application Virtualization platforms through the Citrix Web Interface:
For browsers requiring Java to run Citrix, you must have Sun Java 1.6.0_10 or above.
Answer: Application Offloading should support any application using HTTP/HTTPS. SRA has limited support for applications using Web services and no support for non-HTTP protocols wrapped within HTTP.
<a href="http://1.1.1.1/doAction.cgi?test=foo">
This can be done by enabling the Enable URL Rewriting for self-referenced URLs setting for the Application Offloading Portal, but all the URLs may not be rewritten, depending on how the Web application has been developed. (This limitation is usually the same for other WAF/SRA vendors employing reverse proxy mode.)
Answer: Yes, this is supported.