1. Manuals
  2. Brands
  3. SonicWALL Manuals
  4. Firewall
  5. SMA 400
  6. Administration manual

Client Routes; Netextender With External Authentication Methods; Point To Point Server Ip Address; Connection Scripts - SonicWALL SMA 400 Administration Manual

Hide thumbs Also See for SMA 400:
Table of Contents

Advertisement

Administrators can configure separate NetExtender IP address ranges for users and groups. These settings are configured on the Users > Local Users and
Users > Local Groups pages, using the NetExtender tab in the Edit User and Edit Group windows.
When configuring multiple user and group NetExtender IP address ranges, it is important to know how the SMA/SRA appliance assigns IP addresses.
When assigning an IP address to a NetExtender client, the SMA/SRA appliance uses the following hierarchy of ranges:
1 An IP address from the range defined in the user's local profile.
2 An IP address from the range defined in the group profile to which the user belongs.
3 An IP address from the global NetExtender range.
To reserve a single IP address for an individual user, the administrator can enter the same IP address in both the Client Address Range Begin and Client
Address Range End fields on the NetExtender tab of the Edit Group window.

Client Routes

NetExtender client routes are used to allow and deny access to various network resources. Client routes can also be configured at the user and group
level. NetExtender client routes are also configured on the Edit User and Edit Group windows. The segmentation of client routes is fully customizable,
allowing the administrator to specify any possible permutation of user, group, and global routes (such as only group routes, only user routes, group and
global routes, user, group, and global routes, and so on). This segmentation is controlled by Add Global NetExtender Client routes and Add Group
NetExtender Client routes.

NetExtender with External Authentication Methods

Networks that use an external authentication server are not configured with local usernames on the SMA/SRA appliance. In such cases, when a user is
successfully authenticated, a local user account is created when the Add Global NetExtender Client routes and Add Group NetExtender Client routes
settings are enabled.

Point to Point Server IP Address

In Secure Mobile Access, the PPP server IP address is 192.0.2.1 for all connecting clients. This IP address is transparent to both the remote users
connecting to the internal network and to the internal network hosts communicating with remote NetExtender clients. Because the PPP server IP address is
independent from the NetExtender address pool, all IP addresses in the global NetExtender address pool are used for NetExtender clients.

Connection Scripts

SMA/SRA appliances provide users with the ability to run batch file scripts when NetExtender connects and disconnects. The scripts can be used to map
or disconnect network drives and printers, launch applications, or open files or Web sites. NetExtender Connection Scripts can support any valid batch file
commands.
Tunnel All Mode
Tunnel All mode routes all traffic to and from the remote user over the Secure Mobile Access NetExtender tunnel—including traffic destined for the remote
user's local network. This is accomplished by adding the following routes to the remote client's route table:
Tunnel All mode: Routes to be added to remote client's route table
IP Address
0.0.0.0
0.0.0.0
128.0.0.0
NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any
existing routes to force traffic destined for the local network over the Secure Mobile Access tunnel instead. For example, if a remote user is has the IP
address 10.0.67.64 on the 10.0.*.* network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the Secure Mobile Access tunnel.
Tunnel All mode can be configured at the global, group, and user levels.
Proxy Configuration
SMA/SRA appliances support NetExtender sessions using proxy configurations. Currently, only HTTPS proxy is supported. When launching NetExtender
from the Web portal, if your browser is already configured for proxy access, NetExtender automatically inherits the proxy settings. The proxy settings can
also be manually configured in the NetExtender client preferences. NetExtender can automatically detect proxy settings for proxy servers that support the
Web Proxy Auto Discovery (WPAD) Protocol.
NetExtender provides three options for configuring proxy settings:
• Automatically detect settings - To use this setting, the proxy server must support Web Proxy Auto Discovery Protocol (WPAD)) that can push the
proxy settings script to the client automatically.
• Use automatic configuration script - If you know the location of the proxy settings script, you can select this option and provide the URL of the
script.
• Use proxy server - You can use this option to specify the IP address and port of the proxy server. Optionally, you can enter an IP address or
domain in the BypassProxy field to allow direct connections to those addresses and bypass the proxy server. If required, you can enter a user name
and password for the proxy server. If the proxy server requires a username and password, but you do not specify them, a NetExtender pop-up
window prompts you to enter them when you first connect.
Subnet mask
0.0.0.0
128.0.0.0
128.0.0.0
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for SonicWALL SMA 400

Related Content for SonicWALL SMA 400

This manual is also suitable for:

Sra 4600Sma 200Sra 1600

Table of Contents