Table of Contents
Advertisement
NetExtender > Client Routes Overview
The NetExtender > Client Routes page allows the administrator to add and configure client routes.
Figure 33. NetExtender > Client Routes
Adding NetExtender Client Routes
The NetExtender client routes are passed to all NetExtender clients and are used to govern which private
networks and resources remote user can access by way of the Secure Mobile Access connection.
Group-level NetExtender routes should be assigned from both primary and additional groups if the user-level
option to "Add Group NetExtender Client Routes" is enabled. User-level NX routes must always be pushed to the
NX client, and global routes must still depend on the "Add Global NetExtender Client Routes" option as they did
before. IPv4 and IPv6 routes both follow these rules.
NOTE:
With group access policies, all traffic is allowed by default. This is the opposite of the default
behavior of Dell SonicWALL Unified Threat Management (UTM) appliances, where all inbound traffic is
denied by default. If you do not create policies for your SMA/SRA appliance, then all NetExtender users
might be able to access all resources on your internal network(s).
Additional allow and deny policies can be created by destination address or address range and by service type.
NOTE:
The most specific policy takes precedence over less specific policies. For example, a policy that
applies to only one IP address has priority over a policy that applies to a range of IP addresses. If there are
two policies that apply to a single IP address, then a policy for a specific service (for example RDP) takes
precedence over a policy that applies to all services.
User policies take precedence over group policies and group policies take precedence over global policies,
regardless of the policy definition. A user policy that allows access to all IP addresses takes precedence
over a group policy that denies access to a single IP address.
To add NetExtender client routes:
1
Navigate to the NetExtender > Client Routes page.
2
Select Enabled from the Tunnel All Mode drop-down list to force all traffic for this user—including
traffic destined to the remote users' local network—over the Secure Mobile Access NetExtender tunnel.
3
Click Add Client Route. The Add Client Route dialog box displays.
4
In the Add Client Route dialog box, in the Destination Network field, type the IP address of the
trusted network to which you would like to provide access with NetExtender. For example, if you are
connecting to an existing DMZ with the network 192.168.50.0/24 and you want to provide access to your
LAN network 192.168.168.0/24, you would enter 192.168.168.0.
You can enter an IPv6 route in the Destination Network field, in the form 2007::1:2:3:0.
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
239
Advertisement
Chapters
Table of Contents
Troubleshooting
