FAQs
Hardware FAQ
Answer:
Interfaces
SRA 1600: (2) gigabit Ethernet, (2) USB, (1) console
SRA 4600: (4) gigabit Ethernet, (2) USB, (1) console
Processors
SRA 1600: 1.66 GHz Intel Atom Processor, x86
SRA 4600: 1.66 GHz Intel Atom Dual Core Processor, x86
Memory (RAM)
SRA 1600: 1 GB
SRA 4600: 2 GB
Flash Memory
SRA 1600: 1 GB
SRA 4600: 1 GB
Power Supply
SRA 1600: Internal, 100-240Vac, 50-60Mhz
SRA 4600: Internal, 100-240Vac, 50-60Mhz
Max Power Consumption
SRA 1600: 47 W
SRA 4600: 50 W
Total Heat Dissipation
SRA 1600: 158 BTU
SRA 4600: 171 BTU
Dimensions
SRA 1600: 17.00 x 10.13 x 1.75 in (43.18 x 25.73 x 4.45 cm)
SRA 4600: 17.00 x 10.13 x 1.75 in (43.18 x 25.73 x 4.45 cm)
Weight
SRA 1600: 9.5 lbs (4.3 kg)
SRA 4600: 9.5 lbs (4.3 kg)
Major Regulatory Compliance
SRA 1600/4600: FCC Class A, ICES Class A, CE, C-Tick, VCCI Class A, KCC, ANATEL, BSMI, NOM, UL, : cUL, TUV/GS, CB
Environment:
Temperature:
SRA 1600/4600: 32-105ª F, 0-40ª C
Relative Humidity:
SRA 1600/4600: 5-95% RH non-condensing
MTBF
SRA 1600: 18.3 years
SRA 4600: 17.8 years
Answer:
Interfaces
SRA 1200: (2) 10/100/1000 Ethernet, (1) RJ-45 Serial port (115200 Baud)
SRA 4200: (4) 10/100/1000 Ethernet, (1) RJ-45 Serial port (115200 Baud)
Processors
SRA 1200: 1.5 GHz Via C7 x86 processor
SRA 4200: 1.8 GHz Via C7 x86 processor, cryptographic accelerator
Memory (RAM)
SRA 1200: 1 GB
SRA 4200: 2 GB
Flash Memory
SRA 1200: 1 GB
SRA 4200: 1 GB
Power Supply
SRA 1200: Internal
SRA 4200: Internal
Max Power Consumption
SRA 1200: 53 W
SRA 4200: 75 W
Total Heat Dissipation
SRA 1200: 181 BTU
SRA 4200: 256 BTU
Dimensions
SRA 1200: 17.00 x 10.125 x 1.75 in (43.18 x 25.70 x 4.45 cm)
SRA 4200: 17.00 x 10.125 x 1.75 in (43.18 x 25.70 x 4.45 cm)
Weight
SRA 1200: 8.7 lbs (3.95 kg)
SRA 4200: 9.5 lbs (4.31 kg)
Major Regulatory Compliance
SRA 1200/4200: FCC Class A, ICES Class A, CE, C-Tick, VCCI Class A, MIC, NOM, UL, cUL, TUV/GS, : CB, WEEE, RoHS (Europe), RoHS (China)
FIPS: Mechanically Designed for FIPS 140-2 Level 2
Environment
Temperature:
SRA 1200/4200: 32-105ª F, 0-40ª C
Relative Humidity:
SRA 1200/4200: 5-95% non-condensing
MTBF
SRA 1200: 13 years
SRA 4200: 8.3 years
Hypervisor: VMWare ESXi and ESX (version 4.0 and newer)
Appliance size (on disk): 2 GB
Allocated memory: 2 GB
Answer: The SRA 4200 has a hardware-based SSL accelerator onboard. The SRA 1200 does not have a hardware-based SSL accelerator processor. The SRA 1600 and SRA 4600 do not have a hardware-based SSL accelerator processor.
Answer: The appliance runs Dell SonicWALL’s own hardened Linux distribution.
Answer: Yes, this should work fine as long as the load-balancer or content-switch is capable of tracking sessions based upon SSL Session ID persistence, or cookie-based persistence.
Table 31: SRA Max Count Table
Portal entries
32
32
32
Domain entries
32
32
32
Group entries
64
64
64
User entries
1,000
2,000
2,000
NetExtender global client routes
100
100
100
NetExtender group client routes
100
100
100
NetExtender user client routes
100
100
100
Maximum concurrent users
200
1024
1024
Maximum concurrent Nx connections
50
500
500
Route entries
32
32
32
Host entries
32
32
32
Bookmark entries
300
300
300
User Policy entries
64
64
64
Group Policy entries
64
64
64
Global Policy entries
64
64
64
Policy address entries
32
32
32
Network Objects
64
64
64
‘Address’ Network Objects
16
16
16
‘Network’ Network Objects
32
32
32
‘Service’ Network Objects
32
32
32
SMB shares
1,024
1,024
1,024
SMB nodes
1,024
1,024
1,024
SMB workgroups
8
8
8
Concurrent FTP sessions
8
8
8
Log size
250 KB
250 KB
250 KB
Digital Certificates and Certificate Authorities FAQ
Answer: These errors can be caused by any combination of the following three factors:
Web browsers are programmed to issue a warning if the above three conditions are not met precisely. This security mechanism is intended to ensure end-to-end security, but often confuses people into thinking something is broken. If you are using the default self-signed certificate, this error will appear every time a Web browser connects to the SRA appliance. However, it is just a warning and can be safely ignored, as it does not affect the security negotiated during the SSL handshake. If you do not want this error to happen, you will need to purchase and install a trusted SSL certificate onto the SRA appliance.
Answer: It’s the same problem as noted in the previous topic, but this is the new “improved” security warning screen in Microsoft Internet Explorer 8.0. Whereas before IE5.x and IE6.x presented a pop-up that listed the reasons why the certificate is not trusted, IE8.0 simply returns a generic error page which recommends that the user close the page. The user is not presented with a direct ‘Yes’ option to proceed, and instead has to click on the embedded Continue to this Website (not recommended) link. For these reasons, it is strongly recommended that all SRA appliances, going forward, have a trusted digital certificate installed.
Answer: Much like the errors shown above for Internet Explorer, Firefox 3.0 has a unique error message when any certificate problem is detected. The conditions for this error are the same as for the above Internet Explorer errors.
To get past this screen, click the Or you can add an exception link at the bottom, then click the Add Exception button that appears. In the Add Security Exception window that opens, click the Get Certificate button, ensure that Permanently store this exception is checked, and finally, click the Confirm Security Exception button. See below:
To avoid this inconvenience, it is strongly recommended that all SRA appliances, going forward, have a trusted digital certificate installed.
Answer: This is the Firefox 3.5 warning message when any certificate problem is detected. The conditions for this error are the same as for the above Internet Explorer errors.
To get past this screen, click the arrow next to I Understand the Risks to expand the section, then click the Add Exception button that appears.
In the Add Security Exception window that opens, click the Get Certificate button, ensure that Permanently store this exception is checked, and finally, click the Confirm Security Exception button. See below:
To avoid this inconvenience, it is strongly recommended that all SRA appliances, going forward, have a trusted digital certificate installed.
Answer: See the previous section. This occurs when the certificate is not trusted by the Web browser, or the site name requested by the browser does not match the name embedded in the site certificate presented by the SRA appliance during the SSL handshake process. This error can be safely ignored.
Answer: No, you can simply ignore the security warnings, which are a message to users that the certificate is not trusted or contains mismatched information. Accepting a non-trusted certificate does not have anything to do with the level of encryption negotiated during the SSL handshake. However, Dell SonicWALL tested digital certificates from www.rapidssl.com, which are inexpensive, work fine in the SRA appliance, and do not require the background check that other Certificate Authorities require during the purchase process. You can find a white paper on how to purchase and install a certificate online at: http://www.sonicwall.com/us/support/3165.html.
Answer: X509v3.
Answer: Yes.
Answer: Any CA certificate should work if the certificate is in X509v3 format, including Verisign, Thawte, Baltimore, RSA, etc.
Answer: Yes, it does. On the System > Certificates page, do the following:
After uploading any intermediate CA certificates, the system should be restarted. The web server needs to be restarted with the new certificate included in the CA certificate bundle.
Answer: We recommend you purchase a multi-year certificate to avoid the hassle of renewing each year (most people forget and when the certificate expires it can create an administrative nightmare). It is also good practice to have all users that will connect to the SRA appliance run Windows Update (also known as Microsoft Update) and install the ‘Root Certificates’ update.
Answer: Yes, but to avoid a browser warning, you will need to install the Microsoft CA’s root certificate into all Web browsers that will connect to the appliance.
Answer: Be sure that you upload a .zip file containing the PEM formatted private key file named "server.key" and the PEM formatted certificate file named "server.crt". The .zip file must have a flat file structure (no directories) and contain only "server.key" and "server.crt" files. The key and the certificate must also match, otherwise the import will fail.
Answer: Click the ‘configure’ icon next to the new certificate and enter the password you specified when creating the Certificate Signing Request (CSR) to finalize the import of the certificate. Once this is done, you can successfully activate the certificate on the SRA appliance.
Answer: Prior to 2.5 firmware: No, only one can be active, other virtual sites with names that do not match the name embedded on the SRA appliance’s certificate will show security warnings to any Web browser connecting to them.
With 2.5 firmware or later, it is possible to select a certificate for each Portal under the Portals > Portals: Edit Portal - Virtual Host tab. The portal Virtual Host Settings fields allow you to specify separate IP address, and certificate per portal. If the administrator has configured multiple portals, it is possible to associate a different certificate with each portal. For example, sslvpn.test.sonicwall.com might also be reached by pointing the browser to virtualassist.test.sonicwall.com. Each of those portal names can have its own certificate. This is useful to prevent the browser from displaying a certificate mismatch warning, such as “This server is abc, but the certificate is xyz, are you sure you want to continue?”.
Answer: Select ‘Apache’.
Answer: Yes, the key is exported with the CSR during the CSR generation process. It’s strongly recommended that you can keep this in a safe place with the certificate you receive from the CA. This way, if the SRA appliance ever needs replacement or suffers a failure, you can reload the key and cert. You can also always export your settings from the System > Settings page.
Answer: No, neither one is currently supported. Dell SonicWALL is investigating supporting these in a future release.
Answer: Yes, client certificates are enforced per Domain or per User on the Users > Local Users: Edit User – Login Policies tab.
User name: %USERNAME%
Domain name: %USERDOMAIN%
Active Directory user name: %ADUSERNAME%
Wildcard: %WILDCARD%
NoteFirmware prior to 3.5 required the client certificate CN field to be the username (CN=username) entered to login to the appliance.
The client certificate must be loaded into the client’s browser. Also, remember that any certificates in the trust chain of the client certificates must be installed onto the SRA appliance.
Answer: After a CA certificate has been loaded, the SRA appliance must be rebooted before it is used for client authentication. Failures to validate the client certificate will also cause failures to logon. Among the most common are certificate is not yet valid, certificate has expired, login name does not match common name of the certificate, certificate not sent.
NetExtender FAQ
Answer: Yes. Version 2.5 firmware added support for Mac and Linux platforms.
Mac Requirements:
Linux Requirements:
Separate NetExtender installation packages are also downloadable from mysonicwall.com for each release.
Answer: NetExtender supports:
Answer: If your SRA appliance is running 1.0 firmware, then on Windows 2000, XP, 2003, Vista, and Windows 7 systems the logged-in user must have administrative rights to be able to install ActiveX-based components such as NetExtender, and it will not be possible to run NetExtender on systems where you do not have administrative rights (this often is seen in kiosk or public computer environments, where the OS is locked down to prevent this sort of behavior). If your SRA appliance is running firmware 1.5 firmware or newer, a user can run NetExtender provided that a user with administrative rights previously installed NetExtender onto the system.
Answer: Yes, this can be achieved with the User/Group/Global Policies by adding a ‘deny’ policy for the NetExtender IP range.
Answer: The Windows version of NetExtender found in the 1.5 firmware release and newer can be installed and configured to run as a Windows service, which will allow systems to login to domains across the NetExtender client.
Answer: This range is the pool that incoming NetExtender clients will be assigned – NetExtender clients actually appear as though they are on the internal network – much like the Virtual Adapter capability found in Dell SonicWALL’s Global VPN Client. You will need to dedicate one IP address for each active NetExtender session, so if you expect 20 simultaneous NetExtender sessions to be the maximum, create a range of 20 open IP addresses. Make sure that these IP addresses are open and are not used by other network appliances or contained within the scope of other DHCP servers. For example, if your SRA appliance is in one-port mode on the X0 interface using the default IP address of 192.168.200.1, create a pool of addresses from 192.168.200.151 to 192.168.200.171. In the 1.5 firmware release, you can create multiple unique pools on a per-group or per-user basis.
Answer: These are the networks that will be sent to remote NetExtender clients and should contain all networks that you wish to give your NetExtender clients access to. For example, if your SRA appliance was in one-port mode, attached to a Dell SonicWALL NSA 3500 appliance on a DMZ using 192.168.200.0/24 as the subnet for that DMZ, and the Dell SonicWALL NSA 3500 had two LAN subnets of 192.168.168.0/24 and 192.168.170.0/24, you would enter those two LAN subnets as the client routes to provide NetExtender clients access to network resources on both of those LAN subnets.
Answer: Activating this feature will cause the SRA appliance to push down two default routes that tell the active NetExtender client to send all traffic through the SRA appliance. This feature is useful in environments where the SRA appliance is deployed in tandem with a Dell SonicWALL security appliance running all UTM services, as it will allow you to scan all incoming and outgoing NetExtender user traffic for viruses, spyware, intrusion attempts, and content filtering.
Answer: Yes, right-click on the NetExtender icon in the taskbar and select route information. You can also get status and connection information from this same menu.
Answer: By default, when NetExtender is installed for the first time it stays resident on the system, although this can be controlled by selecting the Uninstall On Browser Exit > Yes option from the NetExtender icon in the taskbar while it is running. If this option is checked, NetExtender will remove itself when it is closed. It can also be uninstalled from the “Add/Remove Program Files” in Control Panel. NetExtender remains on the system by default to speed up subsequent login times.
Answer: New versions of NetExtender are included in each Dell SonicWALL SRA firmware release and have version control information contained within. If the SRA appliance has been upgraded with new software, and a connection is made from a system using a previous, older version of NetExtender, it will automatically be upgraded to the new version.
There is one exception to the automatic upgrading feature: it is not supported for the MSI version of NetExtender. If NetExtender was installed with the MSI package, it must be upgraded with a new MSI package. The MSI package is designed for the administrator to deploy NetExtender through Active Directory, allowing full version control through Active Directory.
Answer: NetExtender is designed as an extremely lightweight client that is installed via a Web browser connection, and utilizes the security transforms of the browser to create a secure, encrypted tunnel between the client and the SRA appliance.
Answer: Yes, it uses whatever cipher the NetExtender client and SRA appliance negotiate during the SSL connection.
Answer: Yes, you can configure the Microsoft Terminal Server to use encrypted RDP-based sessions, and use HTTPS reverse proxy.
Answer: This is the transport method NetExtender uses. It also uses compression (MPPC). You can elect to have it removed during disconnection by selecting this from the NetExtender menu.
Answer: NetExtender allows full connectivity over an encrypted, compressed PPP connection allowing the user to directly to connect to internal network resources. For example, a remote user could launch NetExtender to directly connect to file shares on a corporate network.
Answer: Yes. NetExtender connections put minimal load on the SRA appliances, whereas many proxy-based connections may put substantial strain on the SRA appliance. Note that HTTP proxy connections use compression to reduce the load and increase performance. Content received by the SRA from the local Web server is compressed using gzip before sending it over the Internet to the remote client. Compressing content sent from the SRA saves bandwidth and results in higher throughput. Furthermore, only compressed content is cached, saving nearly 40-50% of the required memory. Note that gzip compression is not available on the local (clear text side) of the SRA appliance, or for HTTPS requests from the remote client.
Answer: You can use NetExtender to provide access for any application that cannot be accessed using internal proxy mechanisms - HTTP, HTTPS, FTP, RDP4 (firmware 1.0 only), ActiveX-based RDP, Java-based RDP (firmware 1.5 and newer), Telnet, and SSHv1. With 3.5 firmware and later, Application Offloading can be used for web applications. In this way, the SRA appliance functions similar to an SSL offloader and will proxy web applications pages without the need for URL rewriting.
Answer: Application Offloading should support any application using HTTP/HTTPS. SRA has limited support for applications using Web services and no support for non-HTTP protocols wrapped within HTTP.
One key aspect to consider when using Application Offloading is that the application should not contain hard-coded self-referencing URLs. If these are present, the Application Offloading proxy rewrites the URLs. Since Web site development does not usually conform to HTML standards, the proxy can only do a best-effort translation when rewriting these URLs. Specifying hard-coded, self-referencing URLs is not recommended when developing a Web site because content developers must modify the Web pages whenever the hosting server is moved to a different IP or hostname.
For example, if the backend application has a hard-coded IP and scheme within URLs as follows, then Application Offloading will need to rewrite this URL.
: <a href="http://1.1.1.1/doAction.cgi?test=foo">
This can be done by enabling the Enable URL Rewriting for self-referenced URLs setting for the Application Offloading Portal, but all the URLs may not be rewritten, depending on how the Web application has been developed. (This limitation is usually the same for other WAF/SRA vendors employing reverse proxy mode.)
Answer: Yes, this is supported in firmware 2.0 and newer.
Answer: NetExtender is installed via an ActiveX-based plug-in from Internet Explorer. Users using Firefox browsers may install NetExtender via an XPI installer. NetExtender may also be installed via an MSI installer. Download the NetExtender MSI installer from mysonicwall.com.
Answer: Not at present, although these sorts of features are planned for future releases of NetExtender.
Answer: Yes, starting with 3.0 firmware, NetExtender supports 64-bit Windows 7, Vista and XP.
Answer: Yes, starting with 3.0.0.9-20sv and later firmware, NetExtender supports 32-bit and 64-bit Windows 7.
Answer: Yes, in 3.5 and up the Windows NetExtender client supports client certificate authentication from the stand-alone client. Users can also authenticate to the SRA portal and then launch NetExtender.
Answer: If the NetExtender addresses are on a different subnet than the X0 interface, a rule needs to be created for the firewall to know that these addresses are coming from the SRA appliance.
General FAQ
Answer: Yes, the HTTP, HTTPS, CIFS, FTP are Web-based proxies, where the native Web browser is the client. VNC, RDP - ActiveX, RDP - Java, SSHv1 and Telnet use browser-delivered Java or ActiveX clients. NetExtender on Windows uses a browser-delivered client.
Answer: Currently supported browsers and versions are listed in Browser Requirements for the SRA Administrator and Browser Requirements for the SRA End User.
Answer:
Answer: You will need to install SUN’s JRE 1.6.0_10 or higher (available at http://www.java.com) to use some of the features on the SRA appliance. On Google Chrome, you will need Java 1.6.0 update 10 or higher.
Answer:
Answer: If you cannot reach your server by its NetBIOS name, there might be a problem with name resolution. Check your DNS and WINS settings on the SRA appliance. You might also try manually specifying the NetBIOS name to IP mapping in the “Network > Host Resolution” section, or you could manually specify the IP address in the UNC path, e.g. \\192.168.100.100\sharefolder.
Also, if you get an authentication loop or an error, is this File Share a DFS server on a Windows domain root? When creating a File Share, do not configure a Distributed File System (DFS) server on a Windows Domain Root system. Because the Domain Root allows access only to Windows computers in the domain, doing so will disable access to the DFS file shares from other domains. The SRA appliance is not a domain member and will not be able to connect to the DFS shares.DFS file shares on a stand-alone root are not affected by this Microsoft restriction.
Answer: No. It must be combined with a Dell SonicWALL security appliance or other third-party firewall/VPN device.
Answer: No, it requires HTTPS. HTTP connections are immediately redirected to HTTPS. You may wish to open both 80 and 443, as many people forget to type https: and instead type http://. If you block 80, it will not get redirected.
Answer: One-port mode, where only the X0 interface is utilized, and the appliance is placed in a separated, protected “DMZ” network/interface of a Dell SonicWALL security appliance, such as the Dell SonicWALL TZ 180, or the Dell SonicWALL NSA appliance.
Answer: This method of deployment offers additional layers of security control plus the ability to use Dell SonicWALL’s Unified Threat Management (UTM) services, including Gateway Anti-Virus, Anti-Spyware, Content Filtering and Intrusion Prevention, to scan all incoming and outgoing NetExtender traffic.
Answer: Yes, when it would be necessary to bypass a firewall/VPN device that may not have an available third interface, or a device where integrating the SRA appliance may be difficult or impossible.
Answer: No, this is not supported.
Answer: The default IP address of the appliance is 192.168.200.1 on the X0 interface. If you cannot reach the appliance, try cross-connecting a system to the X0 port, assigning it a temporary IP address of 192.168.200.100, and attempt to log into the SRA appliance at https://192.168.200.1. Then verify that you have correctly configured the DNS and default route settings on the Network pages.
Answer: No, it is only a client-access appliance. If you require this, you will need a Dell SonicWALL TZ series or NSA series security appliance.
Answer: No, only NetExtender and proxy sessions are supported.
Answer: Yes, although performance will be slow, even over a 56K connection it is usable.
Answer: Starting with 4.0 firmware, Dell SonicWALL only uses HIGH security ciphers with SSLv3 and TLSv1:
Answer: Yes, if your browser supports it.
Answer: Yes, actually you may see better performance as NetExtender uses multiplexed PPP connections and runs compression over the connections to improve performance.
Answer: Yes, this is supported in the 2.0 firmware release and newer.
Answer: Yes, over NetExtender connections.
Answer: Yes.
Answer: Not at this time. Look for this in a future firmware release.
Answer: Syslog forwarding to up to two external servers is supported in the current software release. SNMP is supported beginning in the 5.0 release. MIBs can be downloaded from MySonicWALL>
Answer: Yes, the SRA 4600, 4200, 1600, and 1200 have a simple CLI when connected to the console port. The SRA Virtual Appliance is also configurable with the CLI. The Dell SonicWALL SRA 6.0 CLI allows configuration of only the X0 interface on the Dell SonicWALL SRA appliances or SRA Virtual Appliance.
Answer: No, neither Telnet or SSH are supported in the current release of the SRA appliance software as a means of management (this is not to be confused with the Telnet and SSH proxies, which the appliance does support).
Answer: Yes, using the LDAP connector.
Answer: The Web cache cleaner is an ActiveX-based applet that removes all temporary files generated during the session, removes any history bookmarks, and removes all cookies generated during the session. It will only run on Internet Explorer 8.0 or newer.
Answer: In order for the Web cache cleaner to run, you must click on the Logout button. If you close the Web browser using any other means, the Web cache cleaner cannot run.
Answer: This setting will encrypt the settings file so that if it is exported it cannot be read by unauthorized sources. Although it is encrypted, it can be loaded back onto the SRA appliance (or a replacement appliance) and decrypted. If this box is not selected, the exported settings file is clear-text and can be read by anyone.
Answer: By default, the settings are automatically stored on a SRA appliance any time a change to programming is made, but this can be shut off if desired. If this is disabled, all unsaved changes to the appliance will be lost. This feature is most useful when you are unsure of making a change that may result in the box locking up or dropping off the network. If the setting is not immediately saved, you can power-cycle the box and it will return to the previous state before the change was made.
Answer: This feature allows you to create a backup snapshot of the firmware and settings into a special file that can be reverted to from the management interface or from SafeMode. Dell SonicWALL strongly recommends creating system backup right before loading new software, or making significant changes to the programming of the appliance.
Answer: SafeMode is a feature of the SRA appliance that allows administrators to switch between software image builds and revert to older versions in case a new software image turns out to cause issues. In cases of software image corruption, the appliance will boot into a special interface mode that allows the administrator to choose which version to boot, or load a new version of the software image.
Answer: In emergency situations, you can access the SafeMode menu by holding in the Reset button on the SRA appliance (the small pinhole button located on the front of the SRA appliances) for 12-14 seconds until the ‘Test’ LED begins quickly flashing yellow. Once the SRA appliance has booted into the SafeMode menu, assign a workstation a temporary IP address in the 192.168.200.x subnet, such as 192.168.200.100, and attach it to the X0 interface on the SRA appliance. Then, using a modern Web browser (Microsoft IE6.x+, Mozilla 1.4+), access the special SafeMode GUI using the appliance’s default IP address of 192.168.200.1. You will be able to boot the appliance using a previously saved backup snapshot, or you can upload a new version of software with the Upload New Software image button.
Answer: This is not supported in the current releases, but is planned for a future software release.
Answer: Local database, RADIUS, Active Directory, NT4, and LDAP.
Answer: The appliances must be precisely time-synchronized with each other or the authentication process will fail. Ensure that the SRA appliance and the Active Directory server are both using NTP to keep their internal clocks synchronized.
Answer: You will need to download and install a patch from Microsoft for this to work correctly. The patch can be found at the following site: http://www.microsoft.com/downloads/details.aspx?FamilyID=17d997d2-5034-4bbb-b74dad8430a1f7c8&DisplayLang=en. You will need to reboot your system after installing the patch.
Answer: If you are using a Windows-based FTP server, you will need to change the directory listing style to ‘UNIX’ instead of ‘MS-DOS’.
Answer: Dell SonicWALL has done extensive testing with RealVNC. It can be downloaded at:
http://www.realvnc.com/download.html
Answer: You need SonicOS SRA 1.5.0.3 or higher for basic management by Dell SonicWALL GMS; SonicOS SRA 2.1 or higher is required for SRA Reporting in Dell SonicWALL GMS or ViewPoint.
Answer: Yes, this is supported with the ActiveX-based RDP client only. The Microsoft Terminal Server RDP connector must be enabled first for this to work. You may need to install the correct printer driver software on the Terminal Server you are accessing.
Answer: Yes, refer to the Dell SonicWALL Secure Wireless Networks Integrated Solutions Guide, available through Elsevier, http://www.elsevierdirect.com/.
Answer: Prior to 2.5 firmware: No, the appliance can only by managed using the X0’s IP address. With 2.5 firmware and later, yes, you can manage on any of the interface IP addresses.
Answer: Yes. On the Users > Local Groups page, edit a group belonging to the Active Directory domain used for authentication and add one or more AD Groups under the AD Groups tab.
Answer: Yes.
Answer: Try adjusting the session and connection timeouts on both the SRA appliance and any appliance that sits between the endpoint client and the destination server. If the SRA appliance is behind a firewall, adjust the TCP timeout upwards and enable fragmentation.
Answer: This is not supported in the current release of software but may be supported in a future software release.
Answer: The CIFS browsing protocol is limited by the server's buffer size for browse lists. These browse lists contain the names of the hosts in a workgroup or the shares exported by a host. The buffer size depends on the server software. Windows personal firewall has been known to cause some issues with file sharing even when it is stated to allow such access. If possible, try disabling such software on either side and then test again.
Answer: It uses port 1812.
Answer: Yes, this is supported on 1.5 and newer firmware releases. On the portal layout, you can enable or disable ‘Enforce login uniqueness’ option. If this box is unchecked, users can log in simultaneously with the same username and password.
Answer: Yes, in SRA 5.0 and later releases, backend Web servers using NTLM or Windows Integrated Authentication are supported. Single Sign-On with NTLM is also supported. NTLM support is specific to Application Offloading and/or reverse-proxy bookmarks.
SRA 3.5 and earlier do not support NTLM authentication. As a work around, the administrator can turn on basic or digest authentication. Basic authentication specifies the username and password in clear text, but the security outside the intranet is not compromised because the SRA uses HTTPS. However, the intranet is required to be “trusted”. Digest authentication works better in this case, because the password is not sent in clear text and only a MD5 checksum that incorporates the password is sent.
Answer: In SRA 3.5 and earlier releases, the HTTP proxy does not support Windows Authentication (formerly called NTLM). Only anonymous or basic authentication is supported.
Answer: When the Java Service is started it does not use the proxy server. Transactions are done directly to the SRA appliance.
Answer: Check the version of SSH you have enabled on your server, and check the firmware release on the SRA appliance. SSHv2 support was not added until firmware 2.0 and newer. It’s possible that there is a mismatch between the two.
Answer: The Telnet server must support function keys. If it does, the keyboard used is relevant. Currently, the Telnet proxy uses vt320 and the SSHv1 proxy uses vt100 key codes. This is the default and the SRA appliance does not support other types such as SCO-ANSI yet. This may be supported in a future firmware release.
Answer: You can specify in the IP address box an ‘IPaddress:portid’ pair for HTTP, HTTPS, Telnet, Java, and VNC.
Answer: Add the path in the IP address box: IP/mydirectory/.
Answer: This is not currently supported on the appliance.
Answer: Citrix Portal Bookmarks have been tested and verified to support the following Citrix Application Virtualization platforms through the Citrix Web Interface:
Servers:
Clients:
For browsers requiring Java to run Citrix, you must have Sun Java 1.6.0_10 or above.