Dell SMA 200 Administration Manual page 42

• Ubuntu 11.04+
• OpenSUSE 10.3+
• Windows 10, Windows 7, Windows 2012, Windows Server 2008 R2.
NetExtender might work properly on other Linux distributions, but they are not officially supported by Dell
SonicWALL.
NOTE: The Mobile Connect application is now available for iOS 4.3 or higher and Android 4.0 or higher.
Multiple Ranges and Routes
Multiple range and route support for NetExtender on SMA/SRA appliances enables network administrators to
easily segment groups and users without the need to configure firewall rules to govern access. This user
segmentation allows for granular control of access to the network—allowing users access to necessary resources
while restricting access to sensitive resources to only those who require it.
For networks that do not require segmentation, client addresses and routes can be configured globally. The
following sections describe the multiple range and route enhancements:
• IP Address User Segmentation
• Client Routes on page
IP Address User Segmentation
Administrators can configure separate NetExtender IP address ranges for users and groups. These settings are
configured on the Users > Local Users and Users > Local Groups pages, using the NetExtender tab in the
Edit User and Edit Group windows.
When configuring multiple user and group NetExtender IP address ranges, it is important to know how the
SMA/SRA appliance assigns IP addresses. When assigning an IP address to a NetExtender client, the SMA/SRA
appliance uses the following hierarchy of ranges:
1 An IP address from the range defined in the user's local profile.
2 An IP address from the range defined in the group profile to which the user belongs.
3 An IP address from the global NetExtender range.
To reserve a single IP address for an individual user, the administrator can enter the same IP address in both the
Client Address Range Begin and Client Address Range End fields on the NetExtender tab of the Edit Group
window.
Client Routes
NetExtender client routes are used to allow and deny access to various network resources. Client routes can
also be configured at the user and group level. NetExtender client routes are also configured on the Edit User
and Edit Group windows. The segmentation of client routes is fully customizable, allowing the administrator to
specify any possible permutation of user, group, and global routes (such as only group routes, only user routes,
group and global routes, user, group, and global routes, and so on). This segmentation is controlled by Add
Global NetExtender Client routes and Add Group NetExtender Client routes.
NetExtender with External Authentication Methods
Networks that use an external authentication server are not configured with local usernames on the SMA/SRA
appliance. In such cases, when a user is successfully authenticated, a local user account is created when the
Add Global NetExtender Client routes and Add Group NetExtender Client routes settings are enabled.
Point to Point Server IP Address
In Secure Mobile Access, the PPP server IP address is 192.0.2.1 for all connecting clients. This IP address is
transparent to both the remote users connecting to the internal network and to the internal network hosts
communicating with remote NetExtender clients. Because the PPP server IP address is independent from the
on page 42
42
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
42