.SSLVPNbookmarks
Topics:
• Configuring SSL VPN Bookmarks
• Creating Bookmarks with Custom SSO Credentials
• Using Remote Desktop Bookmarks
1. On the SSL VPN > Virtual Office web portal, click Add Bookmark. The Add Portal Bookmark window displays.
2. Enter a descriptive name for the bookmark in the Bookmark Name field.
3. Enter the fully qualified domain name (FQDN), IP Address, or IPv4 address of a host machine on the LAN in the Name or IP Address field. In some environments you can enter the host name only, such as when creating a VNC (Virtual Network Computing) bookmark in a Windows local network.
IPv6 addresses should be enclosed in brackets (i.e. the [ and ] symbols). You may also enter the wildcard variable %USERNAME% to display the current user name. Variables are case-sensitive.
Some services can run on non-standard ports, and some expect a path when connecting. Depending on the choice in the Service field, format the Name or IP Address field like one of the examples shown in the following table.
|
Tip When creating a VNC bookmark to a Linux server, you must specify the port number and server number in addition to the Linux server IP in the Name or IP Address field in the form of ipaddress:port:server. For example, if the Linux server IP address is 192.168.2.2, the port number is 5901, and the server number is 1, the value for the Name or IP Address field would be 192.168.2.2:5901:1.
4. Select one of the following service types from the Service drop-down menu:
Note For the specific service you select from the Service drop-down menu, different options will appear. Fill in the information for the service you selected.
• Terminal Services (RDP - ActiveX); go to 5..
Note If you select Terminal Services (RDP - ActiveX) while using a browser other than Internet Explorer, the selection is automatically switched to Terminal Services (RDP - Java). A popup dialog box notifies you of the switch.
• Terminal Services (RDP - Java); go to 5..
• Virtual Network Computing (VNC); go to 14..
• Telnet; go to 26..
• Secure Shell Version 1 (SSHv1); go to 26..
• Secure Shell Version 1 (SSHv1); go to 24..
Terminal Services options
5. In the Screen Size drop-down menu, select the default terminal services screen size to be used when users execute this bookmark:
• 640x480
• 800x600
• 1024x768 (default)
• 1280x1024
• full-screen
Because different computers support different screen sizes, when you use a remote desktop application, you should select the size of the screen on the computer from which you are running a remote desktop session. Additionally, you may want to provide a path to where your application resides on your remote computer by typing the path in the Application and Path field.
6. In the Colors drop-down menu, select the default color depth for the terminal service screen when users execute this bookmark.
• 256 Colors
• High Color(15bit)
• High Color(16bit) (default)
• High Color(24bit)
• Highest Quality (32bit)
7. Optionally enter the local path for this application in the Application and Path (optional) field.
8. In the Start in the following folder (optional) field, optionally enter the local folder in which to execute application commands.
9. For Windows clients or Mac clients running Mac OS X 10.5 or above with RDC installed, expand Show windows advanced options (only available in 32-bit Windows client) and select the checkboxes for any of the following options for use in this bookmark session:
Note Click the Expand icon to display the options.
• Terminal Services (RDP ActiveX and Java) options to redirect those devices or features on the local network for use in this bookmark session:
– Redirect printers
Note To see local printers show up on your remote machine (Start > Settings > Control Panel > Printers and Faxes), select Redirect Ports as well as Redirect Printers.
– Redirect drivers
– Redirect ports
– Redirect smartCards
• Terminal Services (RDP Java on Windows clients or on Mac clients running Mac OS X 10.5 or above with RDC installed) options:
Note Starred (*) options are available in RDP 6.
– Display connection bar
– * Dual monitors
– Redirect clipboard
– Redirect plug and play devices
– Auto reconnection
– Desktop background
– * Font smoothing
– * Desktop composition
– Window drag
– Menu/window animation
– Themes
– Bitmap caching
10. Select the Login as console session checkbox to allow login as console or admin. Login as admin replaces login as console in RDC 6.1 and newer.
11. For RDP - ActiveX on Windows clients, optionally select Enable plugin DLLs and enter the name(s) of client DLLs which need to be accessed by the remote desktop or terminal service in the PluginDLLs field. Multiple entries are separated by a comma with no spaces.
Ensure that any necessary DLLs are located on the individual client systems in %SYSTEMROOT% (for example: C:\Windows\system32).
Note The RDP Java client on Windows is a native RDP client that supports Plugin DLLs by default. The Enable plugin DLLs option is not available for RDP - Java. See Enabling Plugin DLLs.
12. Optionally select Automatically log in and select one of these:
• Use SSL VPN account credentials to forward credentials from the current SSL VPN session for login to the RDP server.
• Use custom credentials to enter a custom username, password, and domain for this bookmark.
For more information about custom credentials, see Creating Bookmarks with Custom SSO Credentials.
13. Go to 26..
Virtual Network Computing (VNC) options
14. Select the type of encoding from the Encoding drop-down menu:
• Raw (default)
• RRE
• CoRRE
• Hextile
• Zlib
• Tight (default)
Hextile is a good choice for fast networks, while Tight is better suited for low-bandwidth connections. From the other side, the Tight decoder in TightVNC Java viewer is more efficient than Hextile decoder, so this default setting can also be acceptable for fast networks.
15. Select the compression level from the Compression Level drop-down menu: 0 - 9.
Use the specified compression level for Tight and Zlib encodings. Level 1 uses minimum of CPU time on the server, but achieves weak compression ratios. Level 9 offers best compression, but may be slow in terms of CPU time consumption on the server side. Use high levels with very slow network connections, and low levels when working over higher-speed networks. The server's default compression level should be used.
16. Select the JPEG image quality from the JPEG Image Quality drop-down menu: 0 - 9, JPEG OFF,
Note The default is 6 This cannot be modified.
17. Select the cursor shape updates from the Cursor Shape Updates drop-down menu:
• Enable (default)
• Ignore
• Disable
Cursor shape updates is a protocol extension used to handle remote cursor movements locally on the client side, saving bandwidth and eliminating delays in mouse pointer movement.
Note Note that current implementation of cursor shape updates does not allow a client to track mouse cursor position at the server side. This means that clients would not see mouse cursor movements if the mouse was moved either locally on the server, or by another remote VNC client.
Set this parameter to Disable if you always want to see real cursor position on the remote side. Setting this option to Ignore is similar to Enable, but the remote cursor will not be visible at all. This can be a reasonable setting if you don't care about cursor shape and don't want to see two mouse cursors, one above another.
18. Select the Use CopyRect option to save bandwidth and drawing time when parts of the remote screen are moving around. Most likely, you don't want to change this setting.
19. By default, a 24-bit color format is used to represent pixel data. Selecting the Restricted colors option restricts pixel representation to only 8 bits. The restriction saves bandwidth; the colors, however, may look very inaccurate.
20. Select Reverse Mouse Buttons 2 and 3 to have the right mouse button (button 2) act as if it was the middle mouse button (button 3), and vice versa.
21. Select View Only to have all keyboard and mouse events in the desktop window disabled and not passed to the remote side.
22. Select Share Desktop to have the desktop shared between clients. If this option is set not selected, then an existing user session will end when a new user accesses the desktop.
23. Go to 26..
Secure Shell version 2 (SSHv2) options
24. Optionally select the Automatically accept host key checkbox.
25. If using an SSHv2 server that does not require authentication in the initial connection session, such as a SonicWALL firewall, you can select the Bypass username checkbox.
26. Click OK to update the configuration.
27. Once the configuration has been updated, the new bookmark will be displayed in the Virtual Office Bookmarks table. Click a bookmark description to go to the bookmark location that you have defined.
The plugin DLLs feature is available for RDP (ActiveX or Java), and allows for the use of certain third party programs such as printer drivers, on a remote machine.
Note This feature requires RDP Client Control version 5 or higher.
The RDP Java client on Windows is a native RDP client that supports Plugin DLLs by default. No action (or checkbox) is needed.
If plugin DLLs were not enabled when a bookmark was configured, you can enable the feature on the bookmark or user.
Topics:
• Enabling Plugin DLLs in a User’s Bookmarks
• Enabling Plugin DLLs in a Bookmark
Enabling Plugin DLLs in a User’s Bookmarks
Note Ensure that your Windows system and RDP client are up to date prior to using the Plugin DLLs feature. This feature requires RDP 5 Client Control or higher.
To enable plugin DLLs for the RDP ActiveX client:
1. Navigate to Users > Local Users.
2. Click the Edit icon in the Configure column corresponding to the user’s bookmark you wish to edit. The Edit User window displays.
3. Click the Bookmarks tab.
4. In the Bookmarks tab, click Add Bookmark. The Add Portal Bookmark window displays.
5. Configure the bookmark as described in Configuring SSL VPN Bookmarks, being sure to select Enable plugin DLLs.
6. Enter the name(s) of client DLLs which need to be accessed by the remote desktop or terminal service in the PluginDLLs field. Multiple entries are separated by a comma with no spaces.
Ensure that any necessary DLLs are located on the individual client systems in %SYSTEMROOT% (for example: C:\Windows\system32).
7. Click OK.
Enabling Plugin DLLs in a Bookmark
Note Ensure that your Windows system is up to date prior to using the Plugin DLLs feature. This feature requires RDP 5 Client Control or higher.
To enable plugin DLLs in a bookmark:
1. Navigate to SSL VPN > Virtual Office.
2. In the Virtual Office Bookmark table, click on the Edit icon in the Configure column for the bookmark. The Edit Portal Bookmark window displays.
3. Click Enable plugin DLLs.
4. Enter the name(s) of client DLLs which need to be accessed by the remote desktop or terminal service in the PluginDLLs field. Multiple entries are separated by a comma with no spaces.
Ensure that any necessary DLLs are located on the individual client systems in %SYSTEMROOT% (for example: C:\Windows\system32).
5. Click OK.
Creating Bookmarks with Custom SSO Credentials
You can configure custom Single Sign On (SSO) credentials for each user or group, or globally in RDP bookmarks. This feature is used to access resources that need a domain prefix for SSO authentication. Users can log into SonicWALL SSL VPN as username, and click a customized bookmark to access a server with domain\username. Either straight textual parameters or variables may be used for login credentials.
Note More information about SSO can be found at Single Sign-On Overview.
To configure custom SSO credentials, perform the following steps:
1. Create or edit an RDP bookmark as described in Configuring SSL VPN Bookmarks or Enabling Plugin DLLs in a User’s Bookmarks.
2. In the Add Portal Bookmark window, select the Use Custom Credentials option.
3. Enter the appropriate username and password, or use dynamic variables as follows:
|
4. Click OK.
Topics:
• Using Remote Desktop Bookmarks
Using Remote Desktop Bookmarks
Remote Desktop Protocol (RDP) bookmarks enable you to establish remote connections with a specified desktop. SonicWALL SSL VPN supports the RDP5 standard with both Java and ActiveX clients. RDP5 ActiveX can only be used through Internet Explorer, while RDP5 Java can be run on any platform and browser supported by the SonicWALL SSL VPN. The basic functionality of the two clients is the same; however, the Java client is a native RDP client and supports the following features that the ActiveX client does not:
• Redirect clipboard
• Redirect plug and play devices
• Display connection bar
• Auto reconnection
• Desktop background
• Window drag
• Menu/window animation
• Themes
• Bitmap caching
If the Java client application is RDP 6, it also supports:
• Dual monitors
• Font smoothing
• Desktop composition
Note RDP bookmarks can use a port designation if the service is not running on the default port.
Tip To terminate your remote desktop session, be sure to log off from the Terminal Server session. If you wish to suspend the Terminal Server session (so that it can be resumed later) you may simply close the remote desktop window.
1. Click on the RDP bookmark. Continue through any warning screens that display by clicking Yes or OK.
2. Enter your username and password at the login screen and select the proper domain name from the pull-down menu.
3. A window is displayed indicating that the Remote Desktop Client is loading. The remote desktop then loads in its own windows. You can now access all of the applications and files on the remote computer.
1. Click the VNC bookmark. A window is displayed indicating the VNC client is loading.
Note VNC can have a port designation if the service is running on a different port.
2. When the VNC client has loaded, you will be prompted to enter your password in the VNC Authentication window.
3. To configure VNC options, click the Options button. The Options window is displayed.
The following table describes the options that can be configured for VNC.
|
1. Click on the Telnet bookmark.
Note Telnet bookmarks can use a port designation for servers not running on the default port.
2. Click OK to any warning messages that are displayed. A Java-based Telnet window launches.
3. If the device you are Telnetting to is configured for authentication, enter your username and password.
Note SSH bookmarks can use a port designation for servers not running on the default port.
1. Click on the SSHv1 bookmark. A Java-based SSH window is launched.
2. Enter your username and password.
3. A SSH session is launched in the Java applet.
Tip Some versions of the JRE may cause the SSH authentication window to pop up behind the SSH window.
Note SSH bookmarks can use a port designation for servers not running on the default port.
1. Click on the SSHv2 bookmark. A Java-based SSH window displays. Type your user name in the Username field and click Login.
2. A hostkey popup displays. Click Yes to accept and proceed with the login process.
3. Enter your password and click OK.
4. The SSH terminal launches in a new screen.