Prerequisites for Windows Clients:
Windows clients must meet the following prerequisites in order to use NetExtender:
• One of the following platforms:
– Windows 7 Services Pack 1
– Windows Vista Service Pack 2 (32-bit & 64-bit)
– Windows XP Home or Professional, Windows XP Service Pack 3
• One of the following browsers:
– Internet Explorer 8.0 and higher
– Mozilla Firefox 16.0 and higher
– Google Chrome 22.0 and higher
• To initially install the NetExtender client, the user must be logged in to the PC with administrative privileges.
• Downloading and running scripted ActiveX files must be enabled on Internet Explorer.
• If the SSL VPN gateway uses a self-signed SSL certificate for HTTPS authentication, it is necessary to install the certificate before establishing a NetExtender connection. If you are unsure if the certificate is self-signed or generated by a trusted root Certificate Authority, Dell SonicWALL recommends that you import the certificate. The easiest way to import the certificate is to click the Import Certificate button on the Virtual Office home page.
Note Import Certificate is available from the Virtual Office portal only when using Internet Explorer on Windows 2000 or Windows XP.
Prerequisites for MacOS Clients:
MacOS clients meet the following prerequisites in order to use NetExtender:
• MacOS 10.5 and higher
• Java 1.5 and higher
• Both PowerPC and Intel Macs are supported.
Prerequisites for Linux Clients:
Linux 32-bit or 64-bit clients are supported for NetExtender when running one of the following distributions (32-bit or 64-bit):
• Linux Fedora Core 15 or higher, Ubuntu 11.10 or higher, or OpenSUSE 10.3 or higher
• Java 1.5 and higher is required for using the NetExtender GUI.
The NetExtender client has been known to work on other distributions as well, but these are not officially supported.
Note Open source Java Virtual Machines (VMs) are not currently supported. If you do not have Java 1.5 or higher, you can use the command-line interface version of NetExtender.
SonicWALL Mobile Connect serves the same function as NetExtender on Apple iOS devices and Android devices, as listed below.
Prerequisites for Apple iOS Clients
SonicWALL Mobile Connect is supported on Apple iPhone, iPad, and iPod Touch devices running Apple iOS:
• iPhone 4S – running Apple iOS 5 or higher
• iPhone 4 – running Apple iOS 4.2 or higher
• iPhone 3GS – running Apple iOS 4.2 or higher
• iPhone 3G – running Apple iOS 4.2 or higher
• iPad 3 – running Apple iOS 4.2 or higher
• iPad 2 – running Apple iOS 4.2 or higher
• iPad – running Apple iOS 4.2 or higher
• iPod Touch (2nd Generation or later) – running Apple iOS 4.2 or higher
Mobile Connect acts as a NetExtender client when connecting to the Dell SonicWALL SRA. For Mobile Connect access to succeed, the portal must be set to allow NetExtender connections and the user account and group must be authorized to use NetExtender.
SonicWALL Mobile Connect is an app for iPhone and iPad that, like NetExtender, uses SSL VPN to enable secure, mobile connections to private networks protected by Dell SonicWALL security appliances. For information about installing and using SonicWALL Mobile Connect, see the SonicWALL Mobile Connect User Guide at:
http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=482
Mobile Connect is compatible with SRA and is a free download from iOS and Android (4.0+) app stores.
Prerequisites for Android Smartphone Clients
The NetExtender Android client is supported on rooted smartphones running the following versions of the Android operating system:
• 1.6 or higher
The NetExtender Android client is compatible with any Dell SonicWALL SSL VPN firmware version that supports the NetExtender Linux client, specifically:
• SSL VPN 4.0 and higher
As new features are added, users must install the updated client to access all the features supported by the new firmware. Likewise, if a new client is used with older firmware, some client features may not be functional. For best results, the latest firmware should always be used with the latest client.
Note Only rooted devices are supported for NetExtender Android in Dell SonicWALL SRA.
The rooting requirement is due to limitations and restrictions of the Android platform. A layer 3 VPN client like NetExtender requires root permission for certain necessary OS level operations.
WARNING Rooting your phone may void your warranty. Consult your contract or User Guide, or call your service provider for more information.
Alternatively, the SonicWALL Mobile Connect client can be used for smartphones running Android version 4.0 or higher.
Dell SonicWALL NetExtender is a software application that enables remote users to securely connect to the remote network. With NetExtender, remote users can virtually join the remote network. Users can mount network drives, upload and download files, and access resources in the same way as if they were on the local network.
The following sections describe how to use NetExtender on the various supported platforms:
Windows Platform Installation
• Installing NetExtender Using the Mozilla Firefox Browser
• Installing NetExtender Using the Internet Explorer Browser
Windows Platform Usage
• Launching NetExtender Directly from Your Computer
• Configuring NetExtender Properties
• Configuring NetExtender Connection Scripts
• Configuring NetExtender Log Properties
• Verifying NetExtender Operation from the System Tray
• Using the NetExtender Command Line Interface
MacOS Platform
• Installing NetExtender on MacOS
Linux Platform
• Installing NetExtender on Linux
Windows Mobile Platform
• Installing and Using NetExtender for Windows Mobile
Android Smartphone Platform
• Installing NetExtender on Android Smartphones
• Using NetExtender on Android Smartphones
Installing NetExtender Using the Mozilla Firefox Browser
To use NetExtender for the first time using the Firefox browser, perform the following:
1. To launch NetExtender, first log in to the SSL VPN portal.
2. Click the NetExtender button.
The first time you launch NetExtender, it will automatically add an add-on to Firefox.
4. Click the Install button. The portal will automatically install the NetExtender stand-alone application on your computer. If an older version of NetExtender is installed on the computer, the NetExtender launcher removes the old version and installs the new version.
5. Once the NetExtender application is installed, a message appears instructing you to restart Firefox. Click the Restart Now button.
6. When Firefox restarts, the NetExtender Status window displays, indicating that NetExtender successfully connected.
|
The Status tab provides the following information:
Closing the window (clicking the x icon in the upper right corner of the window) does not close the NetExtender session, but minimizes it to the system tray for continued operation. Also, a balloon icon in the system tray appears, indicating NetExtender has successfully installed.
7. The NetExtender icon is displayed in the task bar.
Installing NetExtender Using the Internet Explorer Browser
Dell SonicWALL SSL VPN NetExtender is fully compatible with Microsoft Windows 7 32-bit and 64-bit, and supports the same functionality as with other Windows operating systems. NetExtender is also compatible with the Mac OS X Lion 10.7.
Note It may be necessary to restart your computer when installing NetExtender Windows 7.
Internet Explorer Prerequisites
It is recommended that you add the URL or domain name of your SSL VPN server to Internet Explorer’s trusted sites list. This will simplify the process of installing NetExtender and logging in, by reducing the number of security warnings you will receive. To add a site to Internet Explorer’s trusted sites list, complete the following procedure:
1. In Internet Explorer, go to Tools > Internet Options.
2. Click the Security tab.
3. Click the Trusted Sites icon and click the Sites... button to open the Trusted sites window.
4. Enter the URL or domain name of your SSL VPN server in the Add this Web site to the zone field and click Add.
5. Click Ok in the Trusted Sites and Internet Options windows.
Installing NetExtender from Internet Explorer
To install and launch NetExtender for the first time using the Internet Explorer browser, perform the following:
1. Log in to the SSL VPN Virtual Office portal.
2. Click the NetExtender button.
3. A User Account Control window may appear asking “Do you want to allow this program to make changes to this computer?” Click Yes.
4. The first time you launch NetExtender, you must first add the SSL VPN portal to your list of trusted sites. If you have not done so, the follow message will display.
5. For details on how to add the Virtual Office as a trusted site, see the Internet Explorer Prerequisites.
6. Return to the SRA portal and click the NetExtender button. The portal automatically installs the NetExtender stand-alone application on the computer, and the NetExtender installer opens.
If an older version of NetExtender is installed on the computer, the NetExtender launcher will remove the old version and then install the new version.
7. When NetExtender completes installing, the NetExtender Status window displays, indicating that NetExtender successfully connected.
The information provided in the NetExtender Status window is described in the table on Installing NetExtender Using the Mozilla Firefox Browser.
Installing NetExtender Using the Chrome Browser
To install and launch NetExtender for the first time using the Chrome browser, perform the following:
1. Log in to the SSL VPN Virtual Office portal.
2. Click the NetExtender button.
3. Pull the NetExtender plug-in to Chrome Extensions.
4. Return to the SSL VPN portal and click the NetExtender button. The portal will automatically install the NetExtender stand-alone application on your computer. The NetExtender installer window opens.
If an older version of NetExtender is installed on the computer, the NetExtender launcher will remove the old version and then install the new version.
5. When NetExtender completes installing, the NetExtender Status window displays, indicating that NetExtender successfully connected.
The information provided in the NetExtender Status window is described in the table on Installing NetExtender Using the Mozilla Firefox Browser.
Launching NetExtender Directly from Your Computer
After the first access and installation of NetExtender, you can launch NetExtender directly from your computer without first navigating to the SSL VPN portal. To launch NetExtender, complete the following procedure:
1. Navigate to Start > All Programs.
2. Select the Dell SonicWALL NetExtender folder, and then click SonicWALL NetExtender. The NetExtender login window is displayed.
3. The IP address of the last SSL VPN server you connected to is displayed in the SSL VPN Server field. To display a list of recent SSL VPN servers you have connected to, click the arrow.
Enter your username and password.
5. The last domain you connected to is displayed in the Domain field.
Note The NetExtender client will report an error message if the provided domain is invalid when you attempt to connect. Please keep in mind that domain names are case-sensitive.
6. The drop-down menu at the bottom of the window provides three options for remembering your username and password:
– Save user name & password if server allows
– Save user name only if server allows
– Always ask for user name & password
Tip Having NetExtender save your user name and password can be a security risk and should not be enabled if there is a chance that other people could use your computer to access sensitive information on the network.
Configuring NetExtender Properties
Complete the following procedure to configure NetExtender properties:
1. Right click the icon in the system tray and click Properties... The NetExtender Properties window is displayed.
2. The Connection Profiles tab displays the SSL VPN connection profiles you have used, including the IP address of the SSL VPN server, the domain, and the username.
To create a shortcut on your desktop that will launch NetExtender with the specified profile, highlight the profile and click Create Shortcut.
4. To delete a profile, highlight it by clicking on it and then click the Remove buttons. Click the Remove All buttons to delete all connection profiles.
5. The Settings tab allows you to customize the behavior of NetExtender.
To have NetExtender launch when you log in to your computer, check the Automatically start NetExtender UI. NetExtender will start, but will only be displayed in the system tray. To have the NetExtender log-in window display, check the Display NetExtender UI check box.
7. Select Minimize to the tray icon when NetExtender window is closed to have the NetExtender icon display in the system tray. If this option is not checked, you will only be able to access the NetExtender UI through Window’s program menu.
8. Select Display Connect/Disconnect Tips from the System Tray to have NetExtender display tips when you mouse over the NetExtender icon.
9. Select Automatically reconnect when the connection is terminated to have NetExtender attempt to reconnect when it loses connection.
10. Select Display precise number in connection status to display precise byte value information in the connection status.
11. Select the Enable UI animations check box to enable the sliding animation effects in the UI.
12. Select Uninstall NetExtender automatically to have NetExtender uninstall every time you end a session.
13. Select Disconnect an active connection to have NetExtender log out of all of your SSL VPN sessions when you exit a NetExtender session
14. Click Apply.
Configuring NetExtender Connection Scripts
Dell SonicWALL SSL VPN provides users with the ability to run batch file scripts when NetExtender connects and disconnects. The scripts can be used to map or disconnect network drives and printers, launch applications, or open files or Web sites. To configure NetExtender Connection Scripts, perform the following tasks.
1. Right click the icon in the task bar and click Properties... The NetExtender Preferences window is displayed.
2. Click Connection Scripts.
To enable the domain login script, select the Attempt to execute domain logon script check box. When enabled, NetExtender will attempt to contact the domain controller and execute the login script. Optionally, you may now also select to Hide the console window. If this check box is not selected, the DOS console window will remain open while the script runs.
Note Enabling this feature may cause connection delays while remote client’s printers and drives are mapped. Make sure the domain controller and any machines in the logon script are accessible via NetExtender routes.
4. To enable the script that runs when NetExtender connects, select the Automatically execute the batch file “NxConnect.bat” check box. Optionally, you may now also select to Hide the console window. If this check box is not selected, the DOS console window will remain open while the script runs.
5. To enable the script that runs when NetExtender disconnects, select the Automatically execute the batch file “NxDisconnect.bat” check box.
6. Click Apply.
Configuring Batch File Commands
NetExtender Connection Scripts can support any valid batch file commands. For more information on batch files, see the following Wikipedia entry: http://en.wikipedia.org/wiki/.bat. The following tasks provide an introduction to some commonly used batch file commands.
1. To configure the script that runs when NetExtender connects, click the Edit “NxConnect.bat” button. The NxConnect.bat file is displayed.
2. To configure the script that runs when NetExtender disconnects, click the Edit “NxDisconnect.bat” button. The NxConnect.bat file is displayed.
3. By default, the NxConnect.bat file contains examples of commands that can be configured, but no actual commands. Too add commands, scroll to the bottom of the file.
4. To map a network drive, enter a command in the following format:
net use drive-letter\\server\share password /user:Domain\name
For example to if the drive letter is z, the server name is engineering, the share is docs, the password is 1234, the user’s domain is eng and the username is admin, the command would be the following:
net use z\\engineering\docs 1234 /user:eng\admin
5. To disconnect a network drive, enter a command in the following format:
net use drive-letter: /delete
For example, to disconnect network drive z, enter the following command:
net use z: /delete
6. To map a network printer, enter a command in the following format:
net use LPT1 \\ServerName\PrinterName /user:Domain\name
For example, if the server name is engineering, the printer name is color-print1, the domain name is eng, and the username is admin, the command would be the following:
net use LPT1 \\engineering\color-print1 /user:eng\admin
7. To disconnect a network printer, enter a command in the following format:
net use LPT1 /delete
8. To launch an application enter a command in the following format:
C:\Path-to-Application\Application.exe
9. For example, to launch Microsoft Outlook, enter the following command:
C:\Program Files\Microsoft Office\OFFICE11\outlook.exe
10. To open a Web site in your default browser, enter a command in the following format:
start http://www.website.com
11. To open a file on your computer, enter a command in the following format:
C:\Path-to-file\myFile.doc
12. When you have finished editing the scripts, save the file and close it.
Dell SonicWALL SSL VPN supports NetExtender sessions using proxy configurations. Currently, only HTTPS proxy is supported. When launching NetExtender from the Web portal, if your browser is already configured for proxy access, NetExtender automatically inherits the proxy settings.
To manually configure NetExtender proxy settings, perform the following tasks.
1. Right click the icon in the task bar and click Preferences... The NetExtender Preferences window is displayed.
2. Click Proxy.
Select the Enable proxy settings check box.
4. NetExtender provides three options for configuring proxy settings:
– Automatically detect settings - To use this setting, the proxy server must support Web Proxy Auto Discovery Protocol (WPAD)), which can push the proxy settings script to the client automatically.
– Use automatic configuration script - If you know the location of the proxy settings script, select this option and enter the URL of the scrip in the Address field.
– Use proxy server - Select this option to enter the Address and Port of the proxy server. Optionally, you can enter an IP address or domain in the BypassProxy field to allow direct connections to those addresses that bypass the proxy server. If required, enter a User name and Password for the proxy server. If the proxy server requires a username and password, but you do not specify them in the Properties window, a NetExtender pop-up window will prompt you to enter them when you first connect.
5. Click the Internet Explorer proxy settings button to open Internet Explorer’s proxy settings.
Configuring NetExtender Log Properties
Within the NetExtender Properties dialog box, click the Log heading in the menu on the left panel. The available options provide basic control over the NetExtender Log and Debug Log.
1. To establish the size of the NetExtender Log, select either the Unlimited log file size radio button or the Set maximum log file size to radio button. If you choose to set a maximum size, use the adjoining arrows. To clear the NetExtender Log, select the Clear NetExtender Log button.
2. To Enable the NetExtender Debug Log, select the corresponding check box. To clear the debug log, select the Clear Debug Log button.
3. Click the Log Viewer... button to view the current NetExtender log.
4. Click Apply.
Configuring NetExtender Advanced Properties
Within the NetExtender Properties dialog box, click the Advanced heading in the menu on the left panel. The available options allow you to adjust advanced settings on NetExtender network properties and protocols.
NetExtender allows users to customize the link speed that the NetExtender adapter reports to the operating system.
1. To select a virtual link speed to report, select either the Report the underlying network speed to OS radio button, or select the Report a fixed speed radio button and designate a speed.
Note Users can click the Advanced Network Properties button to make adjustments. However, modifying these settings may impact NetExtender performance and/or functionality. It is recommended to only make changes here if advised to do so by Dell SonicWALL support.
2. Users may enable or disable Framing and Caching optimizations using the check box under NetExtender Protocol Settings. This option is only effective when connecting to a SSL VPN server running on 3.5 or later firmware.
Configuring NetExtender Packet Capture Properties
Within the NetExtender Properties dialog box, click the Packet Capture heading in the menu on the left panel. The available options allow you to enable and disable packet capture and data compression on NetExtender.
Note You must have Administrator privileges to change packet capture settings.
1. To enable packet capture, check the Enable NetExtender packet capture check box.
2. If packet capture is enabled, clear all captured packet data when NetExtender exits by checking the Clear the capture when NetExtender exits check box. To disable packet capture, uncheck this check box.
3. If packet capture is enabled, clear all captured packet data when NetExtender exits by checking the Clear the capture when NetExtender exits check box. To retain packet data, uncheck this check box.
4. To enable data compression of captured packets, check the Enable data compression check box. To disable data compression the next time NetExtender is connected, uncheck this box. If packet capture is enabled when NetExtender connects and you want to disable data compression immediately (instead of waiting until the next time NetExtender is connected), check the Attempt to disable data compression during packet capture check box.
5. Click Apply to save your changes.
The NetExtender log displays information on NetExtender session events. The log is a file named NetExtender.dbg. It is stored in the directory: C:\Program Files\SonicWALL\SSL VPN\NetExtender. To view the NetExtender log, right click the NetExtender icon in the system tray, and click View Log, click the Log icon on the main status page.
To view details of a log message, double-click a log entry, or go to View > Log Detail to open the Log Detail pane.
To save the log, either click the Export icon or go to Log > Export.
To filter the log to display entries from a specific duration of time, go to the Filter menu and select the cutoff threshold.
To filter the log by type of entry, go to Filter > Level and select one of the level categories. The available options are Fatal, Error, Warning, and Info, in descending order of severity. The log displays all entries that match or exceed the severity level. For example, when selecting the Error level, the log displays all Error and Fatal entries, but not Warning or Info entries.
To view the Debug Log, either click the Debug Log icon or go to Log > Debug Log.
Note It may take several minutes for the Debug Log to load. During this time, the Log window will not be accessible, although you can open a new Log window while the Debug Log is loading.
To clear the log, click Log > Clear Log.
To disconnect NetExtender, perform the following steps:
1. Right click the NetExtender icon in the system tray to display the NetExtender icon menu and click Disconnect.
2. Wait several seconds. The NetExtender session disconnects.
You can also disconnect by double-clicking on the NetExtender icon to open the NetExtender window and then clicking the Disconnect button.
When NetExtender becomes disconnected, the NetExtender window displays and gives you the option to either Reconnect or Close NetExtender.
NetExtender automatically notifies users when an updated version of NetExtender is available. Users are prompted to click OK and NetExtender downloads and installs the update from the Dell SonicWALL SRA security appliance.
When using releases prior to 2.5, users should periodically launch NetExtender from the Dell SonicWALL Virtual Office to ensure they have the latest version. Prior to release 2.5, the standalone NetExtender does not check for updates when it is launched directly from a user’s computer.
Before connecting to the new version of NetExtender, users may be required to reset their password by suppling their old password, along with providing and re-verifying a new one.
NetExtender supports various two factor authentication methods, including one-time password, RSA, and Vasco. If an Administrator has configured one-time passwords to be required to connect through NetExtender, you will be asked to provide this information before connecting.
If an Administrator has configured RSA pin-mode authentication to be required to connect through NetExtender, users will be asked whether they want to create their own pin, or receive one that is system-generated.
Once the pin has been accepted, you must wait for the token to change before logging in to NetExtender with the new passcode.
During authentication, the SSL VPN server may be configured by the Administrator to request a client certificate. In this case, users must select a client certificate to use when connecting.
The NetExtender utility is automatically installed on your computer. To remove NetExtender, click Start > All Programs, click Dell SonicWALL NetExtender, and then click Uninstall.
You can also configure NetExtender to automatically uninstall when your session is disconnected. To do so, perform the following steps:
1. Right click the NetExtender icon in the system tray and click Properties... The NetExtender Properties window is displayed.
2. Click the Settings tab.
3. Select Uninstall NetExtender automatically to have NetExtender uninstall every time you end a session.
4. Click Apply.
Verifying NetExtender Operation from the System Tray
To view options in the NetExtender system tray, right click the NetExtender icon in the system tray. The following are some tasks you can perform with the system tray.
To display the routes that NetExtender has installed on your system, click the Route Information option in the system tray menu. The system tray menu displays the default route and the associated subnet mask.
Displaying Connection Information
You can display connection information by mousing over the NetExtender icon in the system tray.
Using the NetExtender Command Line Interface
Note The NetExtender command line interface is only available on Windows platforms.
To launch the NetExtender CLI, perform the following tasks:
1. Launch the Windows Command Prompt by going to the Start menu, select Run, enter cmd, and click OK.
2. Change directory to where NetExtender is installed. To do this, you first must move up to the root drive by entering the cd .. command. Repeat this command until you are at the root drive. Then enter cd Program Files\SonicWALL\SSL-VPN\NetExtender.
Note The specific command directory may be different on your computer. Use Windows Explorer to find the directory path where NetExtender is located.
The following table describes the commands available in the NetExtender CLI and their options.
Installing NetExtender on MacOS
Dell SonicWALL SSL VPN supports NetExtender on MacOS. To use NetExtender on your MacOS system, your system must meet the following prerequisites:
• Mac OS 10.6 and higher
• Java 1.5 and higher
• Both PowerPC and Intel Macs are supported.
To install NetExtender on your MacOS system, perform the following tasks:
1. Log in to the Dell SonicWALL Virtual Office.
2. Click the NetExtender button.
3. The Virtual Office displays the status of NetExtender installation. A pop-up window may appear, prompting you to accept a certificate. Click Trust.
4. A second pop-up window may appear, prompting you to accept a certificate. Click Trust.
5. When NetExtender is successfully installed and connected, the NetExtender status window displays.
1. To launch NetExtender, go the Applications folder in the Finder and double-click NetExtender.app.
2. The first time you connect, you must enter the Dell SonicWALL SSL VPN server name in the SSL VPN Server field.
3. Enter your username and password.
4. The first time you connect, you must enter the domain name. The domain name is case-sensitive.
5. Click Connect.
6. You can instruct NetExtender remember your profile server name in the future. In the Save profile drop-down menu you can select Save name and password (if allowed), Save username only (if allowed), or Do not save profile.
7. When NetExtender is connected, the NetExtender icon is displayed in the status bar at the top right of your display. Click the icon to display NetExtender options.
8. To display a summary of your NetExtender session, click Connection Status.
9. To view the routes that NetExtender has installed, select the Routes tab in the main NetExtender window.
10. To view the NetExtender Log, go to Window > Log.
11. To generate a diagnostic report with detailed information on NetExtender performance, go to Help > Generate diagnostic report.
12. Click Save to save the diagnostic report using the default nxdiag.txt file name in your NetExtender directory.
Installing NetExtender on Linux
Dell SonicWALL SSL VPN supports NetExtender on Linux. To use NetExtender on your Linux system, your system must meet the following prerequisites:
• i386-compatible distribution of Linux
• Linux Fedora Core 15 or higher, Ubuntu 11.10 or higher, or OpenSUSE 10.3 or higher
• Java 1.5 and higher is required for using the NetExtender GUI.
Note Open source Java Virtual Machines (VMs) are not currently supported. If you do not have Java 1.5, you can use the command-line interface version of NetExtender.
To install NetExtender on your Linux system, perform the following tasks:
1. Log in to the Dell SonicWALL Virtual Office.
2. Click the NetExtender button. A pop-up window indicates that you have chosen to open a .tgz file. Click OK to save it to your default download directory.
You must be logged in as root to install NetExtender, although many Linux systems will allow the sudo ./install command to be used if you are not logged in as root.
3. To install NetExtender from the CLI, navigate to the directory where you saved the .tgz file and enter the tar -zxf NetExtender.tgz command.
4. Enter the cd netExtenderClient/ command.
5. Enter su -C “ ./install” to install NetExtender.
6. Enter your system password.
7. The installer will ask if you want non-root users to be able to run NetExtender. Enter either y for yes or n for no.
Note To allow non-root users to run NetExtender, the installer will set PPPD to run as root. This may be considered a security risk.
To use NetExtender on a Linux computer, perform the following tasks:
1. After NetExtender is installed, there are two methods to launch it:
– Click the NetExtender icon in the Applications menu, under either the Internet or Network category.
– Enter the netExtenderGui command.
2. The first time you connect, you must enter the Dell SonicWALL SSL VPN server name in the SSL VPN Server field. NetExtender will remember the server name in the future.
Enter your username and password.
4. The first time you connect, you must enter the domain name. The domain name is case-sensitive. NetExtender will remember the domain name in the future.
5. To view the NetExtender routes, select the Routes tab in the main NetExtender window.
To view the NetExtender DNS server information, select the DNS tab in the main NetExtender window.
To configure NetExtender Preferences, select NetExtender > Preferences.
The following NetExtender settings can be configured:
• Automatically reconnect when the connection is terminated
• Uninstall NetExtender automatically when exiting the application
• DNS server options:
– Try remote DNS servers first, then try local DNS servers
– Only use remote DNS servers
– Only use local DNS servers
9. The Advanced tab of the NetExtender Preferences window provides two additional options:
• MTU - Sets the Maximum Transmission Unit (MTU) size, which is the largest packet size that a router can forward without needing to fragment the packet.
• PPP Sync Mode - Specifies synchronous PPP. By default, this option is disabled and asynchronous PPP is used.
10. To view the NetExtender Log, go to NetExtender > Log.
To generate a diagnostic report with detailed information on NetExtender performance, go to Help > Generate diagnostic report.
12. Click Save to save the diagnostic report using the default nxdiag.txt file name in your NetExtender directory.
Installing and Using NetExtender for Windows Mobile
Dell SonicWALL SSL VPN now supports NetExtender for the Windows Mobile platform. NetExtender for Windows Mobile provides the following features:
• One-time passwords
• Two-factor authentication
• HTTP proxy
• Connection profiles
NetExtender supports the following Windows Mobile platforms:
• Windows Mobile 5 PocketPC version
• Windows Mobile 6 Professional/Classic version
Note Windows Mobile 5 Smart Phone version and Windows Mobile 6 Standard version are not currently supported.
To use NetExtender on your Windows Mobile device, perform the following tasks:
1. Navigate to the URL or IP address for your SSL VPN Virtual Office using the browser in your Windows Mobile device.
2. Log in with your username and password.
3. Click the NetExtender icon.
4. Follow the on-screen instructions to install NetExtender. When NetExtender is installed, you may be prompted to restart your device. Click Yes.
From your Windows Mobile device, launch NetExtender. The NetExtender login screen displays.
Enter the IP address or domain name for your SSL VPN server in the Server field. The IP address of the last SSL VPN server you connected to is displayed by default. To display a list of recent SSL VPN servers you have connected to, click the arrow.
7. Enter your username and password.
8. The last domain you connected to is displayed in the Domain field.
9. The drop-down menu at the bottom of the window provides three options for remembering your username and password:
– Save user name & password if server allows
– Save user name only if server allows
– Always ask for user name & password
10. Click Connect. When NetExtender successfully connects, the NetExtender Status window displays. Select the Show NetExtender Routes check box to see routes.
12. Select the Sent & Received menu tab to adjust the metric used for sent and received statistics on the status window. Select the Throughput menu tab to adjust the throughput measurement displayed on the status window.
13. To configure NetExtender options, click the Menu button. The following options are displayed:
• Connection Profiles - Displays all of the NetExtender connections that you have used on this device. To remove a Connection Profile, highlight the profile, click the Menu button, and click Remove.
• System Settings - Provides several configuration options.
Hide NetExtender when closing window - Hides NetExtender when you click the ok button.
– Display precise number in status - Displays the exact numbers of sent and receive data.
– Automatically establish the underlying connection - Uses the Windows Mobile Connection Manager to establish the device’s connection to the mobile network. The Connection Manage is designed to determine the optimum network type (such as 3g or wi-fi). If this option is disabled, the user manages the connection manually.
– Connection Manager compatibility mode - This mode is enabled by default to make NetExtender Mobile work with applications calling the Microsoft Connection Manager API. In limited cases, server applications may not work properly through NetExtender Mobile, so users can use this selection to disable the compatibility mode
Note If a user disables the Connection Manager compatibility mode, a confirmation message will prompt the user that this may cause some applications using the Connection Manager API to not work properly.
– Enable Framing & Caching optimizations - This setting increases the performance of NetExtender Mobile when it is under a heavy load, such as when downloading big files over NetExtender.
– Enable NetExtender log - Records log entries for NetExtender events.
– Overwrite the previous log when NetExtender starts - Maintains a single NetExtender log file that is overwritten with each new NetExtender session. Disabling this option will create a separate log file for each NetExtender session.
Proxy Settings - Provides the ability to manually specify a proxy server.
Passwords in NetExtender Mobile
NetExtender Mobile supports the ability for users to change passwords. Also, if configured by an Administrator, users can be alerted that the their password is scheduled to expire soon. If a user must change their password, a screen prompt will ask for the user’s old password, along with a new password and re-verification of the new password.
Another screen prompt will be presented to the user, if their password is scheduled to expire within a configured number of days by the Administrator. Click Yes to enter updated password information.
The process for updating password information is the same as above.
Installing NetExtender on Android Smartphones
Dell SonicWALL SSL VPN supports NetExtender on smartphones running the Android operating system. The NetExtender Android client supports the following features:
• One-time passwords
• Two-factor authentication
• HTTP/HTTPS proxy
• Connection profiles
The NetExtender Android installer is available on MySonicWALL in the standard apk package format. The installer is also available from Play Store as the NetExtender Technology Preview.
The following features are not supported or not applicable on NetExtender Android in Dell SonicWALL SSL VPN:
• Automatic connection of NetExtender before Windows login
• Automatic proxy support and Internet Explorer proxy synchronization
• Connection scripts
• IPv6 support
• Client certificate support
• Exit client after disconnect
To install NetExtender on an Android smartphone using the apk package from MySonicWALL, perform the following tasks:
1. On a computer, log in to http://mySonicWALL.com.
2. Click Downloads.
3. In the Software Type drop-down menu, select one of the following:
• SRA 4200 Firmware
• SRA 1200 Firmware
• SRA VM
4. Click the NetExtender (Android) link.
5. Save the .apk file onto your computer.
6. Using the USB cable, connect your computer to the Android smartphone.
7. On the Android smartphone, pull down the notifications.
8. Tap USB connected to connect to the computer. The next screen shows the connection.
9. Tap Turn on USB storage to prepare for copying the apk installer to the Android smartphone.
10. On the computer, copy the apk file to the Android SD card.
11. Unmount the Android SD card from your computer. On Windows, it will show up under “My Computer” as a new drive. On Mac, a new drive will show up on the desktop.
12. After unmounting the Android SD card from your computer, tap Turn off USB storage.
13. On your Android smartphone, launch a file browser application.
14. Using the file browser, locate the apk file and run it to install NetExtender Android. After installation, the NetExtender icon appears on the applications page of the smartphone.
Using NetExtender on Android Smartphones
Instructions for using NetExtender on your Android smartphone are available in the following sections:
• Exiting or Disconnecting from NetExtender
• Checking Status, Routes, and DNS Settings
• Configuring Profiles, Preferences, and Proxy Servers
To launch NetExtender on your Android smartphone and connect to the network through the Dell SonicWALL SRA appliance, perform the following steps:
1. On your Android smartphone, start NetExtender by tapping the application icon. The NetExtender connection options screen displays. Enter the information into the Server, User, Password, and Domain fields.
2. Tap Connect to accept the default option (Save user name & password) or select a Save... or Always ask... option from the drop-down list. The available profile options depend on how NetExtender is configured on the Dell SonicWALL appliance.
3. The smartphone displays the Login - Initializing engine screen.
After a successful connection, the entered values are saved as a profile that you can select when starting NetExtender. NetExtender saves the information in a secure file on the smartphone.
4. If One Time Password is enabled on the Dell SonicWALL SRA appliance, the One Time Password prompt is displayed. Enter the temporary password that was emailed to your configured account, and tap OK.
If your smartphone is synchronized to your email account, you can pull down the email notification from the top bar, or switch to your home page and access your email from there. After viewing the temporary password in your email or copying it to your clipboard, tap the NetExtender application icon to return directly to this screen.
To use the clipboard, press the password in your email and select Select Text. Press the selected text again and select Copy. Then in the OTP screen, press the field and select Paste. Some Android smartphones require you to hold the OK button for clipboard access.
5. If Two Factor Authentication is enabled on the Dell SonicWALL SRA appliance, you may be prompted to update your PIN (Personal Identification Number) or create a new one.
If no PIN has yet been configured, or if the Administrator has reset the account, the following screen asks if the system should generate a new PIN. To allow the system to generate it, tap Yes. To type in a PIN yourself, tap No and skip to 7..
6. If you chose to allow the system to generate the PIN, the display then prompts you to accept the generated PIN. Tap Yes to accept it, or tap No to have the system generate a different PIN. You are prompted each time until you tap Yes.
7. If you chose to generate the PIN yourself, type a PIN into the PIN field and again in the second field to confirm it. Typically, PINs are required to be 4 to 8 digits. Tap OK.
8. After entering the PIN or creating a new PIN, the Two Factor Authentication process requires you to enter the token code shown on your token device. Wait for the token code to change on the device, and then type the code into the field on your smartphone and tap OK.
9. If a proxy server is configured in the smartphone (via Preferences), the Proxy Authentication screen is displayed next. Enter the username and password for the proxy and tap OK.
10. NetExtender will connect at this point, unless there is a problem or error. You will see the NetExtender traffic indicator appear in the notification bar at the top of the display, unless it is disabled in Preferences.
The up and down arrows appear white when data is passing through the VPN tunnel. When no data is currently passing, the arrows appear gray. Control traffic does not affect the arrow colors.
The up arrow indicates that data is being sent from the smartphone to the network, and the down arrow indicates that data is being received from the network by the smartphone.
11. If the NetExtender service running on the smartphone has a problem or has stopped running, the following screen is displayed. Tap Exit to quit the application. You may need to restart the service, possibly by turning the phone off and on again, or you may need to re-install NetExtender.
Exiting or Disconnecting from NetExtender
EXIT
Exiting and restarting NetExtender is useful when NetExtender cannot connect, possibly after a long period of disuse. To exit from NetExtender, perform the following steps:
1. To access the Exit option, press the options or menu button while on the NetExtender screen. The options are displayed at the bottom of the screen.
2. To cause NetExtender to exit completely, including the services component, select the Exit option and tap OK. You can restart NetExtender by clicking its icon on your smartphone.
DISCONNECT
To disconnect NetExtender, perform the following steps:
1. Pull down the notification bar and click NetExtender to open the NetExtender user interface.
2. In the NetExtender user interface, tap the Disconnect button and tap OK to confirm.
NetExtender notifies you while disconnecting.
Checking Status, Routes, and DNS Settings
While NetExtender is connected, you can view status information, routes, and DNS settings on your smartphone.
1. To open the NetExtender user interface, pull down the notification bar and tap NetExtender.
2. To view status information, tap the Status tab. You can tap on the Sent, Received, or Throughput fields to change the units between bytes and packets.
If you are connected to a Dell SonicWALL SRA appliance running 5.0 or higher, and you have an Active Directory account, the User field contains your display name, such as
“Sonia Eng”. If you are connected to an appliance running the 4.0 release or you do not have an Active Directory account, the User field displays the login name, such as “seng”.
3. To view NetExtender routes, tap the Routes tab. The display shows all subnets currently available from the smartphone.
4. To view the configured DNS servers, tap the DNS tab.
NetExtender Android supports DNS only; WINS or DNS suffix are not supported.
Configuring Profiles, Preferences, and Proxy Servers
To configure NetExtender profiles and preferences, including proxy servers, on your Android smartphone, perform the following steps:
1. To display NetExtender options, start NetExtender and then press the options or menu button on the smartphone. The options are displayed at the bottom of the screen.
PROFILES
2. To display the NetExtender Profiles screen, start NetExtender and then press the options or menu button on the smartphone and tap Profiles.
3. To display the Remove selected, Remove all, and Close options on this NetExtender Profiles screen, press the options button while on the screen.
4. Tap Remove selected to remove the profiles that have check marks next to them.
5. Tap Remove all to remove all profiles from the smartphone.
6. Tap Close to close the option display on this screen.
7. To display the Remove this profile, Remove selected profiles, and Remove all profiles options, press and hold the NetExtender Profiles screen.
8. Tap Remove this profile to remove the profile that you pressed on to bring up this screen.
9. Tap Remove selected to remove the profiles that have check marks next to them.
10. Tap Remove all to remove all profiles from the smartphone.
11. Tap Close to close the option display on this screen.
EXPORT LOG
12. To export the log file of NetExtender Android activity, select the Export Log option and enter the requested information.
ABOUT
13. To view NetExtender version information, select the About option.
PREFERENCES / PROXY SETTINGS
14. To configure NetExtender preferences including proxy and notification settings, select the Preferences option.
15. Under General settings, select the Connection notification check box to display the NetExtender traffic indicator in the notification bar.
Clear the check box to prevent the indicator from being displayed.
16. Under Proxy, select the Use Proxy check box to configure NetExtender Android to access external networks through a proxy server.
A proxy server is often used for access to the Internet if the initial connection is made to a local zone, such as LAN or WLAN.
17. After selecting the Use Proxy check box, tap Proxy settings to open the configuration screen for the proxy server.
18. Type the IP address of the proxy server into the Server field. Type the port number of the port that the server listens on into the Port field. This field displays “8080” by default, but there is no standard listening port for a proxy server.
19. Optionally enter your login credentials for the server in the User and Password fields. Entering your credentials here causes NetExtender to save them, so that you can automatically connect to the proxy server during subsequent logins without being prompted for credentials.
NetExtender Android supports basic authentication using a username and password for proxy servers. Microsoft NTLM authentication is not currently supported.
20. When finished configuring the proxy server settings, tap OK.
To change your password when prompted by NetExtender, perform the following steps:
1. After connecting, a password expiration notice may be displayed on your Android smartphone. Tap Yes to change your password, or No to delay until a later time. NetExtender will remind you each time you connect.
2. If you select Yes, the Change password screen is displayed. Type your password into the Current Password field, then type a new password into the New password field and again into the Type it again field. Tap OK.
3. If your password expires before you change it, the Change password screen is displayed when you connect, with the message “Login failed – you must change your password.”
Type your old password into the Current Password field, then type a new password into the New password field and again into the Type it again field. Tap OK.
The following Technical Notes provide more information on advanced NetExtender scenarios:
• Running NetExtender on a Different TCP Port:
http://www.sonicwall.com/us/support/2134_3154.html
• Using the Dell SonicWALL CDP Agent over a Dell SonicWALL NetExtender Connection
http://www.sonicwall.com/us/support/2134_3487.html
• Using Dell SonicWALL NetExtender to Access FTP Servers
http://www.sonicwall.com/us/support/2134_3465.html
• Resolving NetExtender Error With McAfee Enterprise 8.5
http://www.sonicwall.com/us/support/2134_6813.html