to the left of the connection you want to modify. The Edit Connection window displays.Troubleshooting Mobile Connect
SonicWALL Mobile Connect for Apple iOS is an app for iPhone, iPod touch, and iPad that enables secure, mobile connections to private networks protected by Dell SonicWALL security appliances.
Modern business practices increasingly require that users be able to access any network resource (files, internal websites, etc.), anytime, anywhere. At the same time, ensuring the security of these resources is a constant struggle. While most users are aware that they must take care to protect computers from network security risks, this security awareness does not always extend to mobile devices like the iPhone, iPod touch and iPad. And yet, mobile devices are increasingly subject to security attacks. Furthermore, mobile devices often use insecure, untrusted, public wi-fi hotspots to connect to the Internet. It is therefore a challenge to provide secure, mobile access while still guarding against the inherent security risks of using mobile devices.
The SonicWALL Mobile Connect app for iPhone, iPod touch, and iPad provides secure, mobile access to sensitive network resources. Mobile Connect establishes a Secure Socket Layer Virtual Private Network (SSL VPN) connection to private networks that are protected by Dell SonicWALL security appliances. All traffic to and from the private network is securely transmitted over the SSL VPN tunnel.
Firewall and SRA Appliance Connections
E-Class SRA Appliances Connection
Connect to Mobile Connect Server
Firewall and SRA Appliance Connections
1. The first time you launch Mobile Connect, you will be prompted to enable VPN functionality. Tap Enable.
2. You will then be presented with the screen to begin your first connection to the Dell SonicWALL firewall or appliance. Tap Add connection.
– Name: Enter a descriptive name for the connection.
– Server: Enter the URL or IP address of the server.
3. Tap Next. Mobile Connect will then attempt to contact the Dell SonicWALL appliance.
If the attempt fails, a warning message will display, asking if you want to save the connection. Verify that the server address or URL is spelled correctly, and then tap Save.
4. If Mobile Connect successfully contacts the server, you will be prompted to enter your Username and Password (unless the server does not require this information). Enter your Username and Password, and then scroll down to the Domain field.
The Domain field is auto-populated with the default domain from the server. To select a different domain, tap Domain to display a drop-down menu of the available options, select the correct domain, and tap Close.
5. Tap Save, which displays the Connections window where you select the server connection.
E-Class SRA Appliances Connection
1. The first time you launch Mobile Connect, you will be prompted to enable VPN functionality. Tap Enable.
2. You will then be presented with the screen to begin your first connection. Tap Add connection.
– Name: Enter a descriptive name for the connection.
– Server: Enter the URL or IP address of the server.
3. Tap Next. Mobile Connect will then attempt to contact the Dell SonicWALL appliance. If the attempt fails, a warning message will display, asking if you want to save the connection.
4. Before tapping Save, verify that the server address or URL is spelled correctly.
5. If Mobile Connect successfully contacts the server, you will be prompted to select which Login Group on the appliance you want to connect to. If you do not know which Login Group to connect to, contact your network administrator.
Note If the screenshots above do not match what is displayed on your device, you are connecting to a Dell SonicWALL firewall or SRA appliance.
6. If the Login Group you connect to is not listed, select Other... to manually type in the group name.
7. You will then be prompted to enter your Username and Password (unless the server does not require this information).
8. Tap Login.
Connect to Mobile Connect Server
After you save a new connection, the list of all configured connections displays.
To establish a Mobile Connect session, perform the following tasks:
1. Tap the connection in the list that you want to initiate. The Connection Status page displays. Tap Connect.
2. Enter your username and password if prompted (depending on whether the appliance you are connecting to allows for saving usernames and passwords), and tap Login.
3. When the connection is successfully established, the Status changes to Connected and the Disconnect button replaces the Connect button.
Any bookmarks defined for the portal are displayed below the Disconnect button. Navigate to a bookmark’s destination by touching the bookmark.
4. Press the Home button on your iPhone, iPod touch, or iPad to display it’s home screen. You can now navigate to other apps to access your Intranet network. The status bar at the top of the iPhone, iPod touch or iPad displays a VPN icon to indicate that the Mobile Connect session is still connected.
If the VPN connection is interrupted, the VPN icon will disappear and you will no longer be able to access the Intranet network. This can happen if your device’s connection transitions from wi-fi to 3G or to another network type.
Return to Mobile Connect to reestablish the connection. Optionally, you can configure the Automatic Reconnect option on the Settings tab to have Mobile Connect automatically attempt to reestablish interrupted connections.
Configure Mobile Connect Settings
Configure Mobile Connect Settings
SonicWALL Mobile Connect provides several settings for connection and logging options. The Settings tab also provides Support information, which includes a User Guide and device, connection, and server information.
The following options are controlled from the Settings tab:
• Connect on Launch - Sets Mobile Connect to automatically initiate a connection to the last-used profile when it is launched.
• Automatic Reconnect - Sets Mobile Connect to automatically attempt to reconnect if the connection is lost. The SSL VPN connection can be disrupted when your device’s connection transitions to a different network type (for example, from wi-fi to 3G). This setting lets applications rely on a sustained VPN connection. There is no limit on the amount of time it takes to reconnect.
• URL Control - Allows other mobile applications to pass action requests using special URLs to Mobile Connect. These action requests can create VPN connection entries and connect or disconnect VPN connections. For example, another application can launch Mobile Connect, access internal resources as needed, and then disconnect by using the mobileconnect:// or sonicwallmobileconnect:// URL scheme. Some common examples of URL Control are:
Add profile: mobileconnect://addprofile[/]?name=ConnectionName&server=ServerAddress[&Parameter1=Value&Parameter2=Value...]
Connect: mobileconnect://connect[/]?[name=ConnectionName|server=ServerAddress][&Parameter1=Value&Parameter2=Value...]
Disconnect: mobileconnect://disconnect[/]
See the SonicWALL Mobile Connect User Guide for full URL Control parameter details.
• Debug Logging - Enables full debug log messages of Mobile Connect activity. Leave this setting disabled unless instructed to enable it by Dell SonicWALL Support staff.
• Bookmarks - Displays centrally configured shortcuts (called bookmarks) to VPN resources like URLs, Outlook Web Access, and iOS applications. These bookmarks, which are displayed on the main Connection tab when the VPN is connected, provide one-touch access to frequently used applications.
If using an SRA appliance, pulling down the Connection screen and releasing it refreshes the bookmarks. Mobile Connect supports Remote Desktop options like screen size and enable/disable audio as long as both the server bookmark and third party iOS application support the option.
Note Bookmarks are supported on SRA appliances only when running 7.0 or higher and not supported on appliances running SonicOS.
More about Bookmarks
Two additional options can be modified for connections to Dell SonicWALL E-Class SRA appliances. To view these options, go to the Connection tab and tap the Connection line to display the list of connections. Tap the blue arrowto the left of the connection you want to modify. The Edit Connection window displays.
The following options can be configured:
• ESP - Enables Encapsulating Security Payload (ESP) to improve the performance of UDP streaming applications like VoIP and FaceTime. This is enabled by default; however, some networks may require this option be disabled. ESP requires that UDP port 4500 be open on the network firewall. If this port cannot be opened, the ESP option should be disabled. Also, in rare cases where the network environment does not properly implement PMTU discovery (see RFC 1191), certain applications may run inefficiently or perhaps not at all when using ESP encapsulation.
• Forget this Login Group - Mobile Connect remembers the Login Group that you specified when configuring the connection. To change to a different Login Group, tap Forget this Login Group. The next time you connect to the server, you will be prompted to select a new Login Group.
Note If these options are not displayed, then you are connecting to either a Dell SonicWALL firewall or SRA appliance.
The Support section of the Settings tab provides the following support information:
• User Guide - Displays the SonicWALL Mobile Connect User Guide.
• Device Information - Displays information about the iOS device, wi-fi connection, Cellular connection, and DNS servers.
• Email Logs - Creates an email to send the Mobile Connect log to Dell SonicWALL Support staff. Tap Send to send the email.
|
|
|
|
|
|
|
|
When there are more than five bookmarks, the bookmarks are replaced by a Filter screen that groups bookmarks by type. Select the type of bookmarks to display or select All Bookmarks to display all bookmarks.
Selecting a bookmark for an app that is not installed will prompt you to install the app. Apps referenced by bookmarks also can be installed at any time using the Settings > Bookmarks tab. In addition to installing apps for bookmarks, the Settings > Bookmarks tabs is also used to select and install apps for bookmarks that support multiple third party apps. For example, you might select Safari or Google Chrome for a Web bookmark.
Mobile Connect supports the following types of bookmarks and associated apps.
Note In Mobile Connect for iOS 2.0, only Web and Desktop bookmarks are supported on the Dell SonicWALL EX series SRA appliances.
Desktop Bookmarks:
Portal name: Terminal Services (RDP – ActiveX), Terminal Services (RDP – Java)
Internal type: RDP5ActiveX, RDP5Java
RDP bookmark types attempt to launch with the associated RDP application, as configured in the Settings tab.
|
Additional details such as screen resolution should be provided to the client. However, support for passing such parameters will vary based on the application. For example:
• Wyse PocketCloud Pro does not support the “connect to console” option
• 2X Client does not accept screen resolution settings on iOS
Portal name: Virtual Network Computing (VNC)
Internal type: VNC
VNC bookmark types attempt to launch with the associated VNC application as configured in the Settings tab.
|
Additional details such as screen resolution should be provided to the client. However, support for passing such parameters varies based on the application.
Portal name: Citrix Portal (Citrix)
Internal type: Citrix, Citrix_https
Citrix bookmark types will attempt to launch with the associated Citrix application.
|
Additional details such as screen resolution should be provided to the client. However, support for passing such parameters will very based on the application.
Web Bookmarks:
Portal name: Web (HTTP), Secure Web (HTTPS), External Web Site
Internal type: HTTP, HTTPS, URL, URL_https
These bookmarks will launch in an associated web browser and the provided ‘Name or IP Address’ (HostID) will be passed as the parameter to display in the browser..
|
Portal name: Mobile Connect
Internal type: MC
Mobile Connect bookmark type will rely fully on the OS to determine and launch the proper application. The bookmark is expected to be properly configured for launch. The Mobile Connect app will attempt to launch it as is. (for example, telnet://server)
Terminal Bookmarks:
In Mobile Connect for iOS 2.0, Dell SonicWALL EX series SRA appliances do not support Terminal bookmarks.
Portal name: Telnet, Secure Shell Version 1 (SSHv1), Secure Shell Version 2 (SSHv2)
Internal type: Telnet, SSH, SSHv1
|
ConnectBot notes: Proper formatting is required for ConnectBot SSH (server bookmark field requires username@server).
Note Connect on Demand is only available for connections to Dell SonicWALL E-Class SRA appliances.
The Connect on Demand feature provides the ability for Mobile Connect to automatically establish a VPN connection when you attempt to access a domain on the private network. This provides a seamless VPN connectivity experience without the need to manually launch Mobile Connect.
The easiest way to determine if Connect on Demand is available for your connection is to look at the Connection tab when a VPN session is active. If a blue arrow appears to the right of the Status line, Connect on Demand is available.
A VPN configuration must meet the following requirements to support Connect on Demand:
• The server must be a Dell SonicWALL E-Class SRA appliances.
• The VPN tunnel must not be configured for Redirect-All mode.
• The realm must be configured to use client certificates for authentication. Chained authentication (where a second authentication server is used) does not support Connect on Demand.
• The valid client certificate for the realm must be present.
• The user must successfully connect to the appliance at least once.
To configure Connect on Demand, perform the following tasks:
1. Tap the blue arrow
in the status line on the Connection tab.
2. Tap Connect on Demand.
3. Set the Establish Connection option to If Needed to have Mobile Connect establish a VPN connection when accessing a resource with any of the domain suffixes listed.
4. Setting the Establish Connection option to Never disables Connect on Demand for the domain suffixes listed.
5. If more than one domain is listed, you can enable Connect on Demand for individual domains by tapping on the domain name.
6. Set Always Establish to ON to enable Connect on Demand for that domain.
The Apple Trusted Network Detection (TND) enhancement to the Apple iOS Connect On Demand feature is available in iOS 6. TND results in the following:
• Can be used only with Connect on Demand.
• Extends the Connect on Demand functionality by determining whether the user is on a trusted network.
• Configured with the iPhone Configuration Utility.
• Used for wi-fi connections only. When operating over other types of network connections, Connect on Demand does not use TND to determine whether a VPN should be connected.
Connect On Demand starts a VPN connection whenever a user tries to access a destination with a hostname specified in the domains list. For example, if *.yourcompany.com is in the Always Connected list, when a user accesses internal.example.com, the client starts a VPN connection regardless of the network to which the device is currently connected. TND compares the VPN and local DNS servers and DNS suffixes to determine whether to use Mobile Connect and dial the VPN, as shown in the following table:
|
Consult documentation from Apple Inc. for more information about Trusted Network Detection and Connect on Demand.
To determine if TND is available for your connection, tap the blue arrow to the right of the Status line on the Connection tab. This displays the buttons used to enable/disable TND if available.
To configure TND, perform the following tasks:
1. Tap the blue arrow
in the status line on the Connection tab.
2. Ensure Connect On Demand is turned on.
3. Turn on Trusted Networks.
The Monitor tab displays additional details about the connection, statistics on traffic transmitted, DNS information, and routes that have been installed.
The About tab of Mobile Connect displays the version number and legal text.
Troubleshooting Mobile Connect
If you are unable to connect to the Dell SonicWALL server, perform the following steps to troubleshoot the connection.
1. Double check that you have entered the server name properly in the connection configuration.
2. Go to the Safari browser on your iPhone, iPod touch, or iPad and attempt to navigate to the SSL VPN appliance web portal.
3. If you are unable to load the web portal, the problem is with the Dell SonicWALL appliance. Contact your network administrator if the problem persists.
4. If the web portal loads successfully on the Safari browser and you still cannot establish a Mobile Connect connection, notify Dell SonicWALL Support, as follows:
a. On the Settings tab, enable the Debug Logging option.
b. Attempt a connection to the server again to ensure that full debugging messages are logged for the attempt.
c. Then return to the Settings tab and tap the Email Logs button. An email will launch in your mail client with the Mobile Connect log attached. Address the email to Support@sonicwall.com. Add any additional comments to the email and tap Send. Dell SonicWALL Support staff will contact you after reviewing your case.