SSL_VPN_client

SSL_VPN_client_settings

SSL VPN > Client Settings

The SSL VPN > Client Settings page allows you to enable SSL VPN access on zones and configure the client address range information and NetExtender client settings. The page also displays which zones have SSL VPN access enabled.

Topics:

• Configuring Zones for SSL VPN Access

• Configuring the SSL VPN Client Address Range

• Configuring NetExtender Client Settings

Configuring Zones for SSL VPN Access

All of the zones on the SonicWALL security appliance are displayed in the SSL VPN Status on Zones section of the SSL VPN > Server Settings page. SSL VPN access must be enabled on a zone before users can access the Virtual Office web portal. A green button to the left of the name of the zone indicates that SSL VPN access is enabled. A red button indicates that SSL VPN access is disabled. To change the SSL VPN access for a zone, simply click the name of the zone on the SSL VPN > Server Settings page. For further information, see SSL VPN > Server Settings.

SSL VPN Access can also be configured on the General tab of the Edit Zone window of the Network > Zones page by clicking the Edit icon in the Configure column for the zone. For further information, see Network > Zones.

Configuring the SSL VPN Client Address Range

The SSL VPN Client Address Range defines the IP address pool from which addresses will be assigned to remote users during NetExtender sessions. The range needs to be large enough to accommodate the maximum number of concurrent NetExtender users you wish to support plus one (for example, the range for 15 users requires 16 addresses, such as 192.168.200.100 to 192.168.200.115).

Note The range must fall within the same subnet as the interface to which the SSL VPN appliance is connected, and in cases where there are other hosts on the same segment as the SSL VPN appliance, it must not overlap or collide with any assigned addresses.

Note On the SSL VPN > Server Settings page, enable SSL VPN access on the Zone before users can access the Virtual Office web portal. The indicator should be green for the Zone.

To configure the SSL VPN Client Address Range, perform the following steps:

1. Navigate to the SSL VPN > Client Settings page.

2. In the Interface pull-down menu, select the interface to be used for SSL VPN services.

Note The IP address range must be on the same subnet as the interface used for SSL VPN services.

3. In the NetExtender Start IP field, enter the first IP address in the client address range.

4. In the NetExtender End IP field, enter the last IP address in the client address range.

5. In the DNS Server 1 field, enter the IP address of the primary DNS server, or click the Default DNS Settings to use the default settings.

6. (Optional) In the DNS Server 2 field, enter the IP address of the backup DNS server.

7. (Optional) In the DNS Domain field, enter the domain name for the DNS servers.

Note For appliances supporting connections from Apple iPhones, iPads, or other iOS devices using SonicWALL Mobile Connect, the DNS Domain is a required field. This DNS domain is set on the VPN interface of the iPhone/iPad after the device makes a connection to the appliance.

When the mobile device user accesses a URL, iOS determines if the domain matches the VPN interface's domain, and if so, uses the VPN interface's DNS server to resolve the host-name lookup. Otherwise, the Wi-Fi or 3G DNS server is used, which will not be able to resolve hosts within the company intranet.

8. In the User Domain field, enter the domain name for the users. The value of this field must match the domain field in the NetExtender client.

9. (Optional) In the WINS Server 1 field, enter the IP address of the primary WINS server.

10. (Optional) In the WINS Server 2 field, enter the IP address of the backup WINS server.

11. Click Accept.

Configuring NetExtender Client Settings

NetExtender client settings are configured on the bottom of the SSL VPN > Client Settings page. The following settings customize the behavior of NetExtender when users connect and disconnect.

• Default Session Timeout (minutes) - The default timeout value for client inactivity, after which the client’s session is terminated. The default value is 10 minutes.

• Enable Web Management over SSLVPN - Allows NetExtender users to establish web management sessions for the SonicWALL security appliance. The default value is Disabled.

• Enable SSH Management over SSLVPN - Allows NetExtender users to establish SSH management sessions for the SonicWALL security appliance. The default value is Disabled.

• Enable NetBIOS Over SSLVPN - Allows NetExtender clients to broadcast NetBIOS to the SSL VPN subnet. The default value is Disabled.

• Enable Client Autoupdate - The NetExtender client checks for updates every time it is launched. The default value is Disabled.

• Exit Client After Disconnect - The NetExtender client exits when it becomes disconnected from the SSL VPN server. To reconnect, users will have to either return to the SSL VPN portal or launch NetExtender from their Programs menu. The default value is Disabled.

• Uninstall Client After Exit - The NetExtender client automatically uninstalls when it becomes disconnected from the SSL VPN server. To reconnect, users will have to return to the SSL VPN portal. The default value is Disabled.

• Create Client Connection Profile - The NetExtender client will create a connection profile recording the SSL VPN Server name, the Domain name and optionally the username and password. The default value is Disabled.

• Communication Between Clients - Enables NetExtender clients that are connected to the same server to communicate. The default value is Disabled.

• User Name & Password Caching - Provide flexibility in allowing users to cache their user names and passwords in the NetExtender client. The three options are:

– Allow saving of user name only - Default

– Allow saving of user name & password

– Prohibit saving of user name & password

These options enable you to balance security needs against ease of use for users.