Mobile Connect Android

Overview

Connections

Settings

Monitor Mobile Connect

Troubleshooting

Overview

SonicWALL Mobile Connect for AndroidTM is an app that enables Android handheld devices to establish secure, mobile connections to private networks protected by Dell SonicWALL security appliances.

Modern business practices increasingly require that users be able to access any network resource (files, internal websites, etc.), anytime, anywhere. At the same time, ensuring the security of these resources is a constant struggle. While most users are aware that they must take care to protect computers from network security risks, this security awareness does not always extend to mobile devices. And yet, mobile devices are increasingly subject to security attacks. Furthermore, mobile devices often use insecure, untrusted, public wi-fi hotspots to connect to the Internet. It is therefore a challenge to provide secure, mobile access while still guarding against the inherent security risks of using mobile devices.

The SonicWALL Mobile Connect app for Android handheld devices provides secure, mobile access to sensitive network resources. Mobile Connect establishes a Secure Socket Layer Virtual Private Network (SSL VPN) connection to private networks that are protected by Dell SonicWALL security appliances. All traffic to and from the private network is securely transmitted over the SSL VPN tunnel.

To get started with SonicWALL Mobile Connect:

1. Install SonicWALL Mobile Connect from the Play Store.
2. Enter connection information (server name, username, password, etc.).
3. Initiate a connection to the network.
4. Mobile Connect establishes a SSL VPN tunnel to the Dell SonicWALL security appliance.
5. You can now access resources on the private network. All traffic to and from the private network is securely transmitted over the SSL VPN tunnel.

Connections

Firewall and Appliance Connections

E-Class SRA Appliances Connection

Connect to Mobile Connect Server

Firewall and Appliance Connections

1. Launch SonicWALL Mobile Connect. You will be presented with the screen to begin your first connection. Tap Add connection.

–         Name: Enter a descriptive name for the connection.

–         Server: Enter the URL or IP address of the server.

2. Tap Next. Mobile Connect will then attempt to contact the Dell SonicWALL appliance.

If the attempt fails, a warning message will display, asking if you want to save the connection. Verify that the server address or URL is spelled correctly, and then tap Save.

3. If Mobile Connect successfully contacts the server, you will be prompted to enter your Username and Password (unless the server does not require this information).
4. The Domain field is auto-populated with the default domain from the server. To select a different domain, tap Domain to display a drop-down menu of the available options and tap Save.

E-Class SRA Appliances Connection

1. Launch Mobile Connect. You will be presented with the screen to begin your first connection. Tap Add connection.

–         Name: Enter a descriptive name for the connection.

–         Server: Enter the URL or IP address of the server.

2. Tap Next. Mobile Connect will then attempt to contact the Dell SonicWALL appliance. If the attempt fails, a warning message will display, asking if you want to save the connection.
3. Before tapping Save, verify that the server address or URL is spelled correctly.
4. If Mobile Connect successfully contacts the server, you will be prompted to select which Login Group on the appliance you want to connect to. If you do not know which Login Group to connect to, contact your network administrator.
5. If the Login Group you connect to is not listed, select Other... to manually type in the group name.
6. You will then be prompted to enter your Username and Password (unless the server does not require this information).
7. Tap OK.

Connect to Mobile Connect Server

After you save a new connection, the list of all configured connections displays.

To establish a Mobile Connect session, perform the following tasks:

1. Tap the connection in the list that you want to initiate. The Connection Status page displays. Tap Connect.
2. The first time you initiate a connection, a warning message displays. Tap the I trust this application checkbox, and then tap OK.
3. The first time you initiate a connection to a Dell SonicWALL E-Class SRA appliance, you may be prompted to select and accept the certificate for Mobile Connect (if PKI authentication is configured or End Point Control based on certificate is configured). To accept, select the certificate and tap Allow.
4. If your network administrator has given you a certificate to use with Mobile Connect, tap Install.

Tip     For information on how to install certificates on your Android device, see the instructions on this Google Mobile support page:
http://support.google.com/android/bin/answer.py?hl=en&answer=1649774

5. Enter your username and password if prompted (depending on whether the Dell SonicWALL appliance you are connecting to allows for saving usernames and passwords).

When the connection is successfully established, the Status changes to Connected and the Disconnect button replaces the Connect button.

Any bookmarks defined for the portal are displayed below the Disconnect button. Navigate to a bookmark’s destination.Bookmarks will only appear after a VPN connection is established if the server is running firmware that supports Mobile Connect bookmarks and bookmarks have been defined for that user. For the SRA appliances, the server must be running version 7.0 or higher. UTM firmware will add support in a future firmware release.

6. Press the Home button to return to your device’s home screen. You can now navigate to other apps to access your Intranet network. The status bar will display a VPN icon  to indicate that the session is still connected.

If the VPN connection is interrupted, the VPN icon will disappear and you will no longer be able to access the Intranet network. This can happen if your device’s connection transitions from wi-fi to 3G or to another network type.

Return to Mobile Connect to reestablish the connection. Optionally, you can configure the Automatic Reconnect option on the Settings tab to have Mobile Connect automatically attempt to reestablish interrupted connections.

Settings

SonicWALL Mobile Connect provides several settings for connection and logging options. The Settings tab also provides Support information, which includes a User Guide and device, connection, and server information.

The following options are controlled from the Settings tab:

• Connect on Launch - Sets Mobile Connect to automatically initiate a connection to the last-used profile when it is launched.
• Automatic Reconnect - Sets Mobile Connect to automatically attempt to reconnect if the connection is lost. The SSL VPN connection can be disrupted when your device’s connection transitions to a different network type (for example, from wi-fi to 3G). This setting lets applications rely on a sustained VPN connection. There is no limit on the amount of time it takes to reconnect.
• URL Control - Allows other mobile applications to pass action requests using special URLs to Mobile Connect. These action requests can create VPN connection entries and connect or disconnect VPN connections. For example, another application can launch Mobile Connect, access internal resources as needed, and then disconnect by using the mobileconnect:// or sonicwallmobileconnect:// URL scheme. Some common examples of URL Control are:

Add profile: mobileconnect://addprofile[/]?name=ConnectionName&server=ServerAddress[&Parameter1=Value&Parameter2=Value...]

Connect: mobileconnect://connect[/]?[name=ConnectionName|server=ServerAddress][&Parameter1=Value&Parameter2=Value...]

Disconnect: mobileconnect://disconnect[/]

• Debug Logging - Enables full debug log messages of Mobile Connect activity. Leave this setting disabled unless instructed to enable it by Dell SonicWALL Support staff.
• Bookmarks - Displays centrally configured shortcuts (called bookmarks) to VPN resources like URLs, Outlook Web Access, and Android applications. These bookmarks, which are displayed on the main Connection tab when the VPN is connected, provide one-touch access to frequently used applications.

If using a SRA appliance, pulling down the Connection screen and releasing it refreshes the bookmarks. Mobile Connect supports Remote Desktop options like screen size and enable/disable audio as long as both the server bookmark and third party application support the option.

Note     Bookmarks are supported on SRA appliances only when running 7.0 or higher and not supported on UTM appliances running SonicOS.

More About Bookmarks

The Support section of the Settings tab provides the following support information:

• User Guide - Displays the SonicWALL Mobile Connect User Guide.
• Device Information - Displays information about the device, wi-fi connection, Cellular connection, and DNS servers.
• Email Logs - Creates an email to send the Mobile Connect log to Dell SonicWALL Support staff. Tap Send to send the email.

E-Class SRA Settings

Connections to Dell SonicWALL E-Class SRA appliances have an additional option that is available on the Edit Connection window. To view this option, go to the Connection tab and tap and hold on the Connection line to bring up the Edit Connection window.

The Forget Selections button is displayed below the connection information. Mobile Connect remembers the Login Group that you specified when configuring the connection. To change to a different Login Group, tap Forget Selections. The next time you connect to the server, you will be prompted to select a new Login Group.

Note   If this option is not displayed, then you are connecting to either a Dell SonicWALL firewall or SRA appliance.

Bookmarks

When there are more than five bookmarks, the bookmarks are replaced by a Filter screen that groups bookmarks by type. Select the type of bookmarks to display or select All Bookmarks to display all bookmarks. Note that for the SRA appliances, the server must be running version 7.0 or higher.

Selecting a bookmark for an app that is not installed will prompt you to install the app. Apps referenced by bookmarks also can be installed at any time using the Settings > Bookmarks tab. In addition to installing apps for bookmarks, the Settings > Bookmarks tabs is also used to select and install apps for bookmarks that support multiple third party apps. For example, you might select Safari or Google Chrome for a Web bookmark.

Mobile Connect supports the following types of bookmarks and associated apps.

Desktop Bookmarks:

Portal name: Terminal Services (RDP – ActiveX), Terminal Services (RDP – Java) Internal type: RDP5ActiveX, RDP5Java

RDP bookmark types attempt to launch with the associated RDP application, as configured in the Settings tab.

Additional details such as screen resolution should be provided to the client. However, support for passing such parameters will vary based on the application. For example:

• Wyse PocketCloud Pro does not support the “connect to console” option

Portal name: Virtual Network Computing (VNC)
Internal type: VNC

VNC bookmark types attempt to launch with the associated VNC application as configured in the Settings tab.

Additional details such as screen resolution should be provided to the client. However, support for passing such parameters varies based on the application.

Portal name: Citrix Portal (Citrix)
Internal type: Citrix, Citrix_https

Citrix bookmark types will attempt to launch with the associated Citrix application.

Additional details such as screen resolution should be provided to the client. However, support for passing such parameters will very based on the application.

Web Bookmarks:

Portal name: Web (HTTP), Secure Web (HTTPS), External Web Site
Internal type: HTTP, HTTPS, URL, URL_https

These bookmarks will launch in an associated web browser and the provided ‘Name or IP Address’ (HostID) will be passed as the parameter to display in the browser.

Portal name: Mobile Connect
Internal type: MC

Mobile Connect bookmark type will rely fully on the OS to determine and launch the proper application. The bookmark is expected to be properly configured for launch. The Mobile Connect app will attempt to launch it as is. (for example, telnet://server)

Terminal Bookmarks:

Portal name: Telnet, Secure Shell Version 1 (SSHv1), Secure Shell Version 2 (SSHv2)
Internal type: Telnet, SSH, SSHv1

ConnectBot notes: Proper formatting is required for ConnectBot SSH (server bookmark field requires username@server).

Monitor Mobile Connect

The Monitor tab displays additional details about the connection, statistics on traffic transmitted, DNS information, and routes that have been installed.

The About tab of SonicWALL Mobile Connect displays the version number and legal text.

When a Mobile Connect session is active, the Android System Notifications area includes an entry indicating that the VPN is connected.

Tapping on the SonicWALL Mobile Connect entry in the Android System Notifications area displays a summary of statistics on the VPN session. The statistics page displays the server name, duration of the session, and the amount of traffic that has been sent and received. Three buttons are also provided on this screen:

• Cancel – Closes the statistics screen.
• Disconnect – Disconnects the Mobile Connect session.
• Configure – Launches the SonicWALL Mobile Connect app.

Mobile Connect Widget

When the SonicWALL Mobile Connect app is installed, a widget for Android is also created in the widgets tab. It can then be dragged from the widgets tab to the home screen. This widget is used as follows:

• The widget shows the connection status (connected, disconnected, connecting, etc.)
• Tap the icon to establish a tunnel when disconnected.
• Tap the icon to disconnect the tunnel when connected.
• Tap any other area of the widget to launch the Mobile Connect client.

Troubleshooting

If you are unable to connect to the Dell SonicWALL server, perform the following steps to troubleshoot the connection.

1. Double check that you have entered the server name properly in the connection configuration.
2. Go to the web browser on your device and attempt to navigate to the SSL VPN appliance web portal.
3. If you are unable to load the web portal, the problem is with the Dell SonicWALL appliance. Contact your network administrator if the problem persists.
4. If the web portal loads successfully on the browser and you still cannot establish a Mobile Connect connection, notify Dell SonicWALL Support, as follows:

A.      On the Settings tab, enable the Debug Logging option.

B.       Attempt a connection to the server again to ensure that full debugging messages are logged for the attempt.

C.      Then return to the Settings tab and tap the Email Logs button. An email will launch in your mail client with the Mobile Connect log attached. Address the email to Support@sonicwall.com. Add any additional comments to the email and tap Send. Dell SonicWALL Support staff will contact you after reviewing your case.