Dell SMA 200 Administration Manual

Table of Contents

Quick Links

Download this manual

Dell™ SonicWALL™ 

Secure Mobile Access 8.5

Administration Guide

SMA 200/400

SRA 1600/4600

SMA 500v Virtual Appliance

Table of Contents

Chapters

Table of Contents

Troubleshooting

Summary of Contents for Dell SMA 200

Page 1 Dell™ SonicWALL™  Secure Mobile Access 8.5 Administration Guide SMA 200/400 SRA 1600/4600 SMA 500v Virtual Appliance...
Page 2 This product is protected by U.S. and international copyright and intellectual property laws. Dell™, the Dell logo, and SonicWALL™ are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Page 3: Table Of Contents
Resource Type Support ......... .81 Integration with Dell SonicWALL Products ......81 Typical Deployment .
Page 4 System > About ..........120 Dell SonicWALL Secure Mobile Access 8.5...
Page 5 Configuring the Outlook Anywhere Portal ......167 Dell SonicWALL Secure Mobile Access 8.5...
Page 6 NetExtender > Client Settings ........234 Dell SonicWALL Secure Mobile Access 8.5...
Page 7 Licensing Information ......... . 273 Dell SonicWALL Secure Mobile Access 8.5...
Page 8 Removing a User ..........342 Dell SonicWALL Secure Mobile Access 8.5...
Page 9 Using the Virtual Office ........430 Dell SonicWALL Secure Mobile Access Connect Agent ......431 Supported Operating Systems .
Page 10 About Dell ........
Page 11: Internet Explorer
Contacting Dell ........
Page 12: Part 1. Introduction
Part 1 Introduction • About This Guide • Secure Mobile Access Overview Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 13: About This Guide
About This Guide This Dell SonicWALL Secure Mobile Access Administration Guide provides network administrators with a high- level overview of Dell SonicWALL Secure Mobile Access (SMA) technology, including activation, configuration, and administration of Dell SonicWALL SMA/SRA appliances using the Secure Mobile Access management interface.
Page 14: Secure Mobile Access Overview
Secure Mobile Access Overview This section provides an overview of the Dell SonicWALL Secure Mobile Access (SMA) technology, concepts, basic navigational elements and standard deployment guidelines. Topics: • Overview of SMA/SRA Hardware and Components on page • Concepts for Secure Mobile Access on page •...
Page 15: Sma Hardware Components
See the following sections for descriptions of the hardware components on SMA appliances: • SMA 400 Front and Back Panels Overview on page • SMA 200 Front and Back Panels Overview on page SMA 400 Front and Back Panels Overview Front Panel USB / SSD ports (2)
Page 16: Rear Panel
Table 3. SMA 400 Back Panel Features Back Panel Feature Description Exhaust fans Provides optimal cooling for the SMA 400 appliance. Power supply plug Provides power connection using supplied power cord. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 17 Reset Button Provides access to SafeMode. Power LED Indicates the SMA 200 is powered on. Test LED Indicates the SMA 200 is in test mode. Alarm LED Indicates a critical error or failure. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 18: Sra Hardware Components
Table 4. SMA 200 Front Panel Features (Continued) Front Panel Feature Description Provides access to the X1 interface and to SMA resources. Default management port. Provides connectivity between the SMA 200 and your gateway. Table 5. SMA 200 Back Panel Features Back Panel Feature...
Page 19 Default management port. Power LED messages. Provides connectivity between Reset Button the SRA and your gateway. USB Ports: (for future use) Gigabit Ethernet Power plug Exhaust fan Power switch Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 20: Sma 500V Virtual Appliance
The elements of basic VMware structure must be implemented prior to deploying the SMA 500v Virtual Appliance. For detailed information about deploying the SMA 500v Virtual Appliance, see the Dell SonicWALL SMA 500v Virtual Appliance Getting Started Guide, available at: http://www.sonicwall.com/us/support/3893.html...
Page 21: Concepts For Secure Mobile Access
Using SSL VPN, mobile workers, business partners, and customers can access files or applications on a company’s intranet or within a private local area network. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 22: Ssl Handshake Procedure
When addresses contain contiguous sequences of 16-bit blocks set to zeros, the sequence can be compressed to ::, a double-colon. For example, the link-local address of 2008:0:0:0:B67:89:ABCD:1234 can be compressed to 2008::B67:89:ABCD:1234. The multicast address 2008:0:0:0:0:0:0:2 can be compressed to 2008::2. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 23 Route Settings – Define a static route with IPv6 destination network and gateway. • Network Object – Define the network object using IPv6. An IPv6 address and IPv6 network can be attached to this network object. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 24 An administrator can assign an IPv6 address to a virtual host, and can use this address to access the virtual host. Application Offloading An administrator can assign an IPv6 address to an application server used for application offloading, and can use this address to access the server. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 25: Portals Overview
Web server within the intranet. The reverse proxy intercepts and forwards packets that originate from outside the intranet. An HTTP(S) reverse proxy specifically intercepts HTTP(S) requests and responses. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 26 Web applications seamlessly. As an example, the ActiveSync protocol is used by a mobile phone’s email client to synchronize with an Exchange server, as explained in ActiveSync Authentication on page 30. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 27 Supported Platforms Appliance Platforms Application Offloading and HTTP(S) bookmarks are supported on all the SMA/SRA appliances that support the Dell SonicWALL Secure Mobile Access 8.5 release: • SMA 400 • SMA 200 • SRA 4600 • SRA 1600 • SMA 500v Virtual Appliance HTTP Versions HTTP(S) bookmarks and application offloading portals support both HTTP/1.0 and HTTP/1.1.
Page 28 If you are using the correct Web browser and operating system, and a supported application does not work, delete the browser session cookies, close and reopen all instances of your browser, clear the browser cache, and then try again. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 29: Cross Domain Single Sign-On
“.example.com.” The other portal’s virtual host domain name is “intranet.eng.example.com” and the shared domain name is “.eng.example.com.” If a bookmark to xyz.eng.example.com is created in the www.example.com portal, Cross Domain SSO works because “.eng.example.com” is a sub-domain of “.example.com.” Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 30: Activesync Authentication
The Log > View page is updated when a Web application is offloaded. Most mobile systems (iPhone, Android, and so on) support ActiveSync. These log entries identify when the client began to use ActiveSync through the Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 31 Otherwise, the account is blocked. Create a Domain name of webmail.example.com. Set the Active Directory domain and Server address to webmail.example.com. Set the Portal name to webmail. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 32 Set the Application Server Host to your Exchange server, for example webmail.example.com. Set the virtual host name, for example, webmail.example.com. The virtual host name should be resolved by the DNS server. Otherwise, modify the hosts file in the Android phone. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 33 Select Enable Email Clients Authentication. Leave the default domain name blank or input webmail.example.com. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 34 You can also check the Secure Mobile Access log to see if the user logged in successfully. You might not encounter this problem if the AD authentication is fast. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 35: Network Resources Overview
SMA/SRA appliance using HTTPS and requests a URL. The URL is then retrieved over HTTP by the SMA/SRA appliance. The URL is transformed as needed, and returned encrypted to the remote user. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 36: Telnet (Java)
Microsoft’s familiar Network Neighborhood or My Network Places, File Shares allow users with appropriate permissions to browse network shares, rename, delete, retrieve, and upload files, and to create bookmarks for later recall. File shares can be configured to allow restricted server path access. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 37: Remote Desktop Protocols And Virtual Network Computing
This allows defined access to an individual application, such as CRM or accounting software. When the application is closed, the session closes. The following RDP formats can be used as applications protocols: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 38: Microsoft Outlook Web Access
The Secure Mobile Access reverse proxy application support for Windows SharePoint 2007 and Windows SharePoint Services 3.0 includes the following features: • Site Templates • Wiki Sites • Blogs • RSS Feeds • Project Manager • Mobile Access to Content Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 39: Lotus Domino Web Access
NOTE: Citrix Java Bookmarks are no longer officially supported by Dell SonicWALL because Citrix has ended support for the Java Receiver. Dell SonicWALL recommends using the HTML5 or ActiveX access methods for Citrix Bookmarks. Dell SonicWALL Secure Mobile Access 8.5...
Page 40: Snmp Overview
The NetExtender connection uses a Point-to-Point Protocol (PPP) connection. NetExtender capabilities include the Dell SonicWALL Mobile Connect app for Mac, Apple iPhone, iPad, and iPod Touch. Mobile Connect enables secure, mobile connections to private networks protected by Dell SonicWALL security appliances.
Page 41 NetExtender to connect. On Linux systems, the installer creates a desktop shortcut in /usr/share/NetExtender. This can be dragged to the shortcut bar in environments like Gnome and KDE. NetExtender is compatible with the following Dell SonicWALL appliances: • SMA 400/200 •...
Page 42 OpenSUSE 10.3+ • Windows 10, Windows 7, Windows 2012, Windows Server 2008 R2. NetExtender might work properly on other Linux distributions, but they are not officially supported by Dell SonicWALL. NOTE: The Mobile Connect application is now available for iOS 4.3 or higher and Android 4.0 or higher.
Page 43 SMA/SRA server directly. The proxy server then forwards traffic to the SMA/SRA server. All traffic is encrypted by SSL with the certificate negotiated by NetExtender, of which the proxy server has no knowledge. The connecting process is identical for proxy and non-proxy users. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 44: Two-Factor Authentication Overview
Two-factor authentication is stronger and more rigorous than traditional password authentication that only requires one factor (the user’s password). Dell SonicWALL’s implementation of two-factor authentication partners with two of the leaders in advanced user authentication: RSA and VASCO.
Page 45 Some RADIUS servers might require the user to respond to several challenges to complete the authentication. In this example, the M.ID server asks the user to supply two challenges. The following passcode can be received through email or cellphone (if SMS is configured). Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 46: One Time Password Overview
• How Does the One Time Password Feature Work? on page • Configuring One Time Passwords for SMS-Capable Phones on page • Verifying Administrator One Time Password Configuration on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 47 SMA/SRA appliance to the external domain. For information about how to configure Microsoft Exchange to support Secure Mobile Access One Time Password, see the Dell SonicWALL Secure Mobile Access One Time Password Feature Module, available online at: http://www.sonicwall.com/us/Support.html For users enabled for the One Time Password feature either on a per-user or per-domain basis, the login process begins with entering standard user name and password credentials in the Secure Mobile Access interface.
Page 48: End Point Control Overview
This section provides an introduction to the End Point Control feature. This section contains the following topics: • What is End Point Control? on page • Benefits of End Point Control on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 49: Secure Virtual Assist Overview
This section provides an introduction to the Secure Virtual Assist feature. This section contains the following topics: • What is Secure Virtual Assist? on page • Benefits of Secure Virtual Assist on page • How Does Secure Virtual Assist Work? on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 50: Basic Operation
When a user requests service as a customer, Secure Virtual Assist should not be run while connected to the system through RDP for Windows 7 and Windows Vista platforms. Secure Virtual Assist runs as a service for Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 51: Remote File Transfer
Secure Virtual Assist support queue, within the Secure Mobile Access management interface. While Secure Virtual Access must be enabled per-portal, this functionality provides greater remote access flexibility for support technicians. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 52 Click Run to launch the program directly, or click Save to save the installer file to your computer, and then manually launch it. When downloading through IPv6, the File Download window displays IPv6 information. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 53 When Secure Virtual Assist launches for the first time, you might see a security warning pop-up window. De-select Always ask before opening this file to avoid this window in the future. Click Run. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 54: Inviting Customers By Email
To invite a customer to a Secure Virtual Assist session by email: To invite a customer to Secure Virtual Assist, use the email invitation form on the left of the Secure Virtual Assist window. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 55: Assisting Customers
Full Screen - Adjusts the screen to fill the entire window. • Auto Scaling - Adjusts the screen to fit the window size. • Zoom - Zooms the display to one of several presets or allows you enter a specific value. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 56: Controlling The Secure Virtual Assist Display
Full Screen - Hides all of the Secure Virtual Assist toolbars and displays the customer’s desktop on the technician’s entire screen with the Secure Virtual Assist taskbar in the top left corner. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 57: Request Full Control
• navigates up one directory on either the technician’s or customer’s computer. • Download transfers the selected file or files from the technician’s computer to the customer’s computer. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 58 Secure Virtual Access mode. Save and run the file. NOTE: Running the file directly from this dialog box might not work on some systems. Save the file to the system and then run the application. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 59: Secure Virtual Meeting Overview
NOTE: For tasks and information on using Secure Virtual Assist as an end-user, refer to the Dell SonicWALL Secure Mobile Access User’s Guide. Secure Virtual Meeting Overview This section provides an introduction to the Secure Virtual Meeting feature.
Page 60: User Roles
Coordinator during the meeting by selecting any available Participant. If a Host is not explicitly set when the meeting starts, the Coordinator becomes the Host. Only one Participant is designated as the Host at any one time. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 61 Set up a proxy or modify login profiles for meetings. Logging Actions and Messages Review a log of actions that occurred and view any warning or error message details that might require attention. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 62 Polling is available for the Coordinator or Assistants with polling permission. It opens the polling dialog. Chat is available for all Participants, including View-only Participants. It opens a chat dialog if the lobby is not open. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 63: Web Application Firewall Overview
This section provides an introduction to the Web Application Firewall feature. This section contains the following topics: • What is Web Application Firewall? on page • Benefits of Web Application Firewall on page • How Does Web Application Firewall Work? on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 64 Frequently, an application only protects sensitive functionality by preventing the display of links or URLs to unauthorized users. Attackers can use this weakness to access and complete unauthorized operations by accessing those URLs directly. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 65 If authentication is enabled, a suitable domain needs to be associated with this portal and all Dell SonicWALL advanced authentication features such as One Time Password, Two-factor Authentication, and Single Sign-On apply to the offloaded host.
Page 66 How are Insecure Storage and Communications Prevented? on page • How is Access to Restricted URLs Prevented? on page • How are Slowloris Attacks Prevented? on page • What Type of PCI Compliance Reports Are Available? on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 67 Web Application Firewall feature uses a black list of signatures that are known to make Web applications vulnerable. New updates to these signatures are periodically downloaded from a Dell SonicWALL signature database server, providing protection from recently introduced attacks.
Page 68 To ensure that every request carries this token, the Web Application Firewall feature rewrites all URLs contained in a Web page similarly to how they are rewritten by the Reverse Proxy for HTTP(S) Bookmarks feature. If CSRF protection is enabled, this is also done for Application Offloading. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 69 This feature is enabled by default when Web Application Firewall is licensed and can be disabled from the Web Application Firewall > Settings page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 70 Two tables are dynamically generated in the PCI compliance report to display the status of each PCI requirement. The format of the table is shown in the example that follows: The first column describes the PCI requirement. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 71 The attribute HttpOnly prevents the client-side scripts from accessing the cookies that is important in mitigating attacks such as Cross Site Scripting and session hijacking. The attribute Secure ensures that the Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 72 Post Data Length – The Post Data Length is estimated by learning the value in the Content-Length header. The maximum size is set to the power of two that is closest to and higher than this value. This Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 73 The Track Per Remote Address option uses the remote address as seen by the SMA/SRA appliance. In the case where the attack uses multiple clients from behind a firewall that is configured with NAT, the different clients effectively send packets with the same source IP address and is counted together. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 74: Navigating The Management Interface
The following is a list of Web browser and operating system support for various Secure Mobile Access protocols including NetExtender and various Application Proxy elements. Minimum browser version requirements are shown for Windows, Windows Vista, Windows 7, Linux, and MacOS. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 75: Management Interface Introduction
Getting Started Guide for your platform. To access the Secure Mobile Access web-based management interface of the Dell SonicWALL SMA/SRA appliance: Connect one end of a CAT-6 cable into the X0 port of your SMA/SRA appliance. Connect the other end of the cable into the computer you are using to manage the SMA/SRA appliance.
Page 76: Navigating The Management Interface
• Windows - Displays information in a read-only format. • Configuration windows - Enables administrator interaction to add and change values that characterize objects. For example, IP addresses, names, and authentication types. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 77 • Restarting on page • Common Icons in the Management Interface on page • Tooltips in the Management Interface on page • Getting Help on page • Logging Out on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 78: Status Bar
Navigating tables with large number of entries is simplified by navigation buttons located above the table. For example, the Log > View page contains an elaborate bank of navigation buttons: Figure 8. Log > View Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 79: Getting Help
Getting Help Help in the upper right corner of the Secure Mobile Access management interface opens a separate Web browser that displays the main Secure Mobile Access Help. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 80: Logging Out
Maximum Concurrent Tunnels Supported SMA 400 SMA 200 SRA 4600 SRA 1600 SMA 500v Virtual Appliance Factors such as the complexity of applications in use and the sharing of large files can impact performance. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 81: Resource Type Support
The SMA/SRA appliance integrates with other Dell SonicWALL products, complementing the Dell SonicWALL NSA, SuperMassive (9000 Series) and TZ Series product lines. Incoming HTTPS traffic is redirected by a Dell SonicWALL firewall appliance to the SMA/SRA appliance. The SMA/SRA appliance then decrypts and passes the traffic back to the firewall where it can be inspected on its way to internal network resources.
Page 82: Two-Armed Deployment
With two-armed deployment of the SMA/SRA appliance, client requests destined for internal resources on the corporate network can be delivered to an internal router. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 83: Part 2. Configuring Secure Mobile Access
Part 2 Configuring Secure Mobile Access • System Configuration • Network Configuration • Portals Configuration Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 84: System Configuration
System Configuration This section provides information and configuration tasks specific to the System pages in the Dell SonicWALL Secure Mobile Access web-based management interface, including registering your SMA/SRA appliance, setting the date and time, configuring system settings, system administration and system certificates.
Page 85: System Messages
The alphanumeric code used to authenticate the SMA/SRA appliance on the registration database at <https://www.mysonicwall.com>. Firmware Version The firmware version loaded on the SMA/SRA appliance. ROM Version Indicates the ROM version. The ROM code controls low-level functionality of the appliance. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 86: Registering Your Sma/Sra Appliance With System Status
86. To register your appliance on MySonicWALL from the System > Licenses page and allow the appliance to automatically synchronize registration and license status with the Dell SonicWALL server, see Registering the SMA/SRA Appliance with System > Licenses on page 90.
Page 87 There are two ways to register your SMA/SRA appliance: • Log in to your MySonicWALL account directly from a browser or click the Dell SonicWALL link on the System > Status page to access MySonicWALL, enter the appliance serial number and other information there, and then enter the resulting registration code into the field on the System >...
Page 88: Configuring Network Interfaces
This section provides an overview of the System > Licenses page and a description of the configuration tasks available on this page. See the following sections: • System > Licenses Overview on page • Registering the SMA/SRA Appliance with System > Licenses on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 89: System > Licenses Overview
Initial registration of the unit is required for the License Manager to work. The System > Licenses page provides a link to activate, upgrade, or renew Dell SonicWALL Security Services licenses. From this page in the Secure Mobile Access management interface, you can manage all the Dell SonicWALL Security Services licenses for your SMA/SRA appliance.
Page 90: Registering The Sma/Sra Appliance With System > Licenses
License, the Expiration column shows the number of days that the Spike License can be active before it expires. The days do not have to be consecutive. The information listed in the Security Services Summary table is updated from the Dell SonicWALL licensing server every time the SMA/SRA appliance automatically synchronizes with it (hourly), or you can click Synchronize to synchronize immediately.
Page 91 Click Activate, Upgrade, or Renew on your existing license. Enter your license key in the spaces provided. Click Submit. The display changes to inform you that your SMA/SRA appliance is registered. Click Continue. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 92: Activating Or Upgrading Licenses
After registration, some network environments require the SMA/SRA appliance to be offline so that it is unable to connect to the Dell SonicWALL licensing server. In this mode, the appliance still honors the valid licenses; however, timed-based licenses might not be valid.
Page 93 To activate a free trial, click Try next to the service that you want to try. The page explains that you will be guided through the setup of the service, and that you can purchase a Dell SonicWALL product subscription at any time during or after the trial. Click Continue, and follow the setup instructions.
Page 94 Whenever you activate and then stop a Spike License, the number of days for which it is valid decreases by one, even if fewer than 24 hours have elapsed. If it remains active for several days, a day is subtracted after each 24 hour period. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 95: System > Time
The System > Time page provides the administrator with controls to set the SMA/SRA appliance system time, date and time zone, and to set the SMA/SRA appliance to synchronize with one or more NTP servers. Figure 12. System > Time Page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 96: Setting The Time
Enter the NTP server IP address or fully qualified domain name (FQDN) in the NTP Server 1 field. For redundancy, enter a backup NTP server address in the NTP Server Address 2 (Optional) and NTP Server Address 3 (Optional) fields. Click Accept to update the configuration. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 97: System > Settings
Options to automatically send your settings to an external FTP server after a firmware upgrade and upon generation are included. SMA already had a period backup of the appliance settings, but these options provide a new method for backup. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 98 On an SMA 500v Virtual Appliance, the System > Settings page allows for settings management, but does not provide any firmware management, because the SMA 500v Virtual Appliance is itself a software image. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 99: Firmware Management
SMA/SRA appliance. This section provides buttons for uploading new firmware, creating a backup of current firmware, downloading existing firmware to the management computer, rebooting the appliance with current or recently uploaded firmware, and rebooting the appliance with factory default settings. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 100: Managing Configuration Files
You can then save the configuration settings or export them to a backup file and import the saved configuration file at a later time, if necessary. The backup file is called sslvpnSettings-serialnumber.zip by default, and includes the contents shown in the following figure. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 101 You can set scheduled backups for your current settings by selecting Enable scheduled settings backup. Then, specify the frequency of back ups to be scheduled. You can specify for the back ups to occur Daily, Weekly, Fortnightly, or Monthly. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 102: Managing Firmware
To reboot the image with factory default settings, select Boot with factory default settings. If this option is not selected, current configuration settings are kept. The pop-up message is displayed: Are you sure you wish to boot this firmware? Click OK. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 103: Managing Language Settings
After you have downloaded a new language pack from MySonicWALL, you can import it to your Secure Mobile Access firmware. Click Import. Then, click Choose File to select the language file to import. Click Open. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 104: Selecting A Language
Querying for new languages To manually query available language packs on the back end server, click Query Now. If there are any new language packs available, they are listed under “Available New Language Packs.” Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 105: System > Administration
See the following sections: • Login Security on page • HTTP DOS Settings on page • Global SSL/TSL Settings on page • Capacity Matrix on page • Web Management Settings on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 106 • SNMP Settings on page • GMS Settings on page Figure 16. System > Administration page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 107: Login Security
Network > Interfaces • NetExtender > Status • Users > Status The minimum for the Streaming Update Interval field is one second, the default is 10 seconds, and the maximum is 99,999. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 108: Configuring Login Security
In the Streaming Update Interval field, enter the number of seconds between updates for dynamically updated tables in the Secure Mobile Access management interface. The default is 10, the minimum is 1, and the maximum is 99,999. Click Accept to save your changes. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 109: Configuring Snmp Settings
Click Accept to save your changes. Enabling GMS Management The Dell SonicWALL Global Management System (GMS) is a web-based application that can configure and manage thousands of Dell SonicWALL Internet Security appliances, including global administration of multiple site-to-site VPNs from a central location.
Page 110: Configuring External Ftp/Tftp Server Settings
Importing a Certificate on page • Adding Additional CA Certificates on page System > Certificates Overview The System > Certificates page allows the administrator to import server certificates and additional CA (Certificate Authority) certificates. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 111: Server Certificates
Certificate Management The SMA/SRA appliance comes with a pre-installed self-signed X509 certificate for SSL functions. A self-signed certificate provides all the same functions as a certificate obtained through a well-known certificate authority Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 112: Generating A Certificate Signing Request
In order to get a valid certificate from a widely accepted CA such as RapidSSL, Verisign, or Thawte, you must generate a Certificate Signing Request (CSR) for your SMA/SRA appliance. To generate a certificate signing request: Navigate to the System > Certificates page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 113: Viewing And Editing Certificate Information
From the Edit Certificate window, you can view the issuer and certificate subject information. On self-signed certificates, type in the Web server host name or IP address in the Common Name field. Click Accept to submit the changes. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 114: Importing A Certificate
System > Certificates page. To add the new CA certificate to the Web server’s active CA certificate list, the Web server must be restarted. Restart the SMA/SRA appliance to restart the Web server. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 115: System > Monitoring
30 days. For example, Last 24 Hours refers to the most recent 24 hour period. Figure 18 The following figure shows the System > Monitoring page. Figure 18. System > Monitoring Page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 116: Setting The Monitoring Period
This section provides an overview of the System > Diagnostics page and a description of the configuration tasks available on this page. • System > Diagnostics Overview on page • Downloading & Generating the Tech Support Report on page • Performing Diagnostic Tests on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 117: System > Diagnostics Overview
Downloading & Generating the Tech Support Report Downloading a Tech Support Report records system information and settings that are useful to Dell SonicWALL Technical Support when analyzing system behavior. The following options are available for Tech Support Reports: •...
Page 118: Performing Diagnostic Tests
After enabled, you can either have them generated Hourly or Daily. Note that a maximum of 12 TSRs are stored, with a total file size not exceeding 50 MB. Scheduled Tech Support Reports are mostly used for diagnostics or troubleshooting purposes by a Dell SonicWALL technician, if needed. NOTE: Scheduled TSR is disabled by default.
Page 119 The SNWL-SSLVPN-MIB is the Secure Mobile Access specific MIB that shows device statistics and licensing information. The SNWL-COMMON- MIB is a file common to all Dell SonicWALL products and shows product name, serial, firmware, ROM version, and asset number (user defined).
Page 120: System > Restart
System > About The System > About page provides the End-User License Agreement for using the SMA/SRA appliance. Click Download for Dell SonicWALL copyright Information. For more information regarding the End-User License Agreement, refer to http://software.dell.com/legal/sta.aspx. Dell SonicWALL Secure Mobile Access 8.5...
Page 121: Network Configuration
Network Configuration This section provides information and configuration tasks specific to the Network pages on the Dell SonicWALL Secure Mobile Access web-based management interface. Network tasks for the SMA/SRA appliance include configuring network interfaces, DNS settings, routes, and host resolution.
Page 122: Configuring Network Interfaces
In the Edit Interfaces dialog box on the SMA/SRA appliance, type an unused static IP address in the IP Address field. This IP address should reside within the local subnet to which your SMA/SRA appliance is connected. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 123: Network > Dns
NOTE: If you select a specific link speed and duplex mode, you must force the connection speed and duplex from the connected networking device to the Dell SonicWALL security appliance as well. For the Management options, if you want to enable remote management of the SMA/SRA appliance from this interface, select the supported management protocol(s): HTTP, HTTPS, and/or Ping.
Page 124: Network > Dns Overview
(optional) and DNS Domain (optional). The Primary DNS Server is required. For SMA/SRA appliances supporting connections from Apple iPhones, iPads, or other iOS devices using Dell SonicWALL Mobile Connect, the DNS Domain is a required field. This DNS domain is set on the VPN interface of the iPhone/iPad after the device makes a connection to the appliance.
Page 125: Configuring Hostname Settings
Naming Service) client to learn local network host names and corresponding IP addresses. To configure WINS settings: Navigate to the Network > DNS page. In the WINS Settings region, type a primary WINS address in the Primary WINS Server (optional) field. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 126: Network > Routes
The Network > Routes page allows the administrator to assign a default gateway and interface, and to add and configure static routes. For more information on default or static routes, refer to the Getting Started Guide for your appliance model. Figure 22. Network > Routes Page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 127: Configuring A Default Route For The Sma/Sra Appliance
In the Add Static Route dialog box, type the subnet or host to which the static route is directed into the Destination Network field (for example, 192.168.220.0 provides a route to the 192.168.220.X/24 subnet). You can enter an IPv6 subnet (for example, 2007:1:2::). Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 128: Network > Host Resolution
• Configuring Host Resolution on page Network > Host Resolution Overview The Network > Host Resolution page allows the administrator to configure host names. Figure 23. Network > Host Resolution Page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 129: Configuring Host Resolution
(the network object) when you are applying a policy, instead of having to specify both the service and the IP address. You can create IPv6 network objects using IPv6 object types and addresses. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 130: Adding Network Objects
For example, you can create a Deny All policy and allow only HTTP traffic to reach port 80 of a Web server. Adding Network Objects To add a network object: Navigate to the Network > Network Objects page. Click Add Network Object... The Add Network Object screen is displayed. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 131: Editing Network Objects
If the object is not fully defined with at least one IP address or network range, the status Incomplete displays. Click the Incomplete link or the Configure icon to edit the network object again, and then Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 132 For the IPV6 Network object type, in the IPv6 Network Address field, type an IPv6 address that resides in the desired network subnet and type the number of bits to use as a prefix in the Prefix field. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 133 When finished adding addresses, click Done in the Edit Network Object dialog box. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 134: Portals Configuration
Portals Configuration This section provides information and configuration tasks specific to the Portals pages on the Dell SonicWALL Secure Mobile Access web-based management interface, including configuring portals, assigning portals, and defining authentication domains, such as RADIUS, LDAP, and Active Directory.
Page 135: Adding Portals
The network administrator might define individual layouts for the portal. The layout configuration includes menu layout, portal pages to display, portal application icons to display, and Web cache control options. The default portal is the Virtual Office portal. Additional portals can be added and modified. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 136 If enabled, this option replaces the Domain list box on the login page to a text login page box. The user can then type in the correct domain name. This option is only enabled for portal login through Web. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 137: Configuring General Portal Settings
If enforced, client source uniqueness prevents multiple connections from a uniqueness user with the same client source address when connecting with a Dell SonicWALL client (NetExtender, Mobile Connect, Virtual Assist, and so on). This prevents a user from consuming multiple licenses when a user reconnects after an unexpected network interruption.
Page 138 Client source uniqueness, when enforced, prevents multiple connections from a user with the same client source address when connecting with a Dell SonicWALL client (NetExtender, Mobile Connect, Virtual Assist, and so on). This prevents a user from consuming multiple licenses when a user reconnects after an unexpected network interruption.
Page 139: Configuring Login Schedules
(user, group, and global) for each user, and optionally upload an HTML file. See also: • Enabling NetExtender to Launch Automatically in the User Portal on page • File Sharing Using “Applet as Default” on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 140 6 or higher. iOS devices Launch NetExtender after Launches NetExtender automatically after a user successfully Login authenticates to the SMA/SRA appliance. See Enabling NetExtender to Launch Automatically in the User Portal on page 142. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 141 Displays a button that allows users to permanently import the SSL Button security certificate. Show Dell SonicWALL Displays Dell SonicWALL copyright footer on portal. If unchecked, copyright footer the footer is not shown. Show “Tips/Help” sidebar Displays a sidebar in the portal with tips and help links. This option is not available when Legacy Look &...
Page 142 Click Add Portal or Configure next to the portal you want to configure. The Add Portal or Edit Portal screen displays. Click the Home Page tab. Select Display File Shares portal button. Select Use Applet for portal button. Click Accept to save changes. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 143: Configuring Per-Portal Virtual Assist Settings
This feature can be enabled globally or per portal.Select one of the following from the drop-down list: • Select Use Global Setting to apply the global setting to this portal. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 144: Configuring Virtual Meeting Settings
To use Wake Client, this feature must be configured on the client machine, as explained in the Dell SonicWALL Secure Mobile Access User Guide. 10 In the Limit Support Sessions field, enter the number of active support sessions allowed on this portal, or enter zero for no limitation.
Page 145 %MEETINGDESCRIPTION% - A description of the meeting Note that variables are case-sensitive. If this field is left blank, Virtual Meeting uses the global setting for this option. 15 Click Accept to save changes. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 146: Configuring Virtual Host Settings
Unless you have a certificate for each virtual host domain name, or if you have purchased a *.domain SSL certificate, your users might see a Certificate host name mismatch warning when they log in to the Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 147: Adding A Custom Portal Logo
The Custom Logo Settings section allows the administrator to upload a custom portal logo and to toggle between the default Dell SonicWALL logo and a custom uploaded logo. You can also upload a custom portal favicon in this section. You must add the portal before you can upload a custom logo or custom favicon. In the Add Portal screen, the Logo tab does not have an option to upload a custom logo or custom favicon.
Page 148 Click Update Logo to transfer the logo to the SMA/SRA appliance. Click Default Logo to revert to the default Dell SonicWALL logo. Click Accept to save changes. Dell SonicWALL Secure Mobile Access 8.5...
Page 149: Portals > Application Offloading
32x32 pixels. Click Update Favicon to transfer the favicon to the SMA/SRA appliance. Click Default Favicon to revert to the default Dell SonicWALL favicon. If authentication control of the portal is disabled, Reuse Favicon to Offload Server is available.
Page 150: Application Offloading Overview
Web Access (OWA), but are not allowed to access OWA public folders. If authentication is enabled, multiple layers of Dell SonicWALL advanced authentication features such as One Time Password, Two-factor Authentication, Client Certificate Authentication and Single Sign-On can be applied on top of each other for the offloaded host.
Page 151: Configuring An Http/Https Application Offloading Portal
URLs. In this case, you might need to convert an absolute URL reference to its relative form. • Further information about configuring specific backend Web applications is available in the Dell SonicWALL Secure Mobile Access Application Offloading and HTTP(S) Bookmarks feature module, available under Support on www.sonicwall.com.
Page 152 For the other fields, dynamic variables can be used, such as those shown in the following table: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 153 Application Offloaded Portal. This feature is useful for setting up offloading in trial deployments. 14 Click Accept. You are returned to the Portals > Portals page where you see the Web application listed as an Offloaded Web Application under Description. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 154: Configuring With The Offloading Portal Wizard
If this option is enabled, the screen options will change. Click This is an Exchange Portal which will be accessed by OWA, ActiveSync or Outlook Anywhere if using and Exchange portal. Click Next. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 155: General Server Settings
All these settings are verified instantly from the Appliance when the mouse leaves the input field (green check). If the input fails, the reason it failed is shown. Only when all fields are satisfied, can you click Next to go to the next tab. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 156: Load Balancing Server Settings
Select URL Based Aliasing on the initial page when you want the ability to access several Web sites using one portal and domain name. When this option is enabled, the screen options change. You will need to select the Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 157 All these settings are verified instantly from the Appliance when the mouse leaves the input field (green check). If the input fails, the reason it failed is shown. Only when all fields are satisfied, can you click Next to go to the next tab. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 158: Configuring The Security Settings
Configuring the Security Settings The third step is for the Security settings, including Enable Web Application Firewall and Disable Authentication Controls. However, both options require a Web Application Firewall license. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 159: Configuring The Miscellaneous Settings
Portal settings requires a web server restart that could disconnect any active NetExtender connections and certain Bookmarks. If you want to proceed with restarting the web server for the settings to take effect Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 160: Modifying The General Settings
Portal. Disable this option to restore compatibility for these web applications. Select the Enable HTTP meta tags for cache control check box to apply HTTP meta tag cache control directives to the portal. Cache control directives include: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 161: Configuring The Offloading Settings
Select the Enforce client source uniqueness check box to prevent multiple connections by a user with the same client source address when connecting with a Dell SonicWALL client (NetExtender, Mobile Connect, Virtual Assist etc.). This prevents a user from consuming multiple licenses when a user reconnects after an unexpected network interruption.
Page 162 10 In the Homepage URI (optional) field, optionally enter a URI to a specific resource on the Web server to which the user will be forwarded the first time the user tries to access the Application Offloading Portal. This is a string in the form of: /exch/test.cgi?key1=value1&key2=value2 Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 163: Security Settings
Example Usage Login Name %USERNAME% US\%USERNAME% Domain Name %USERDOMAIN% %USERDOMAIN\%USERNAME% Group Name %USERGROUP% %USERGROUP%\%USERNAME% If you selected Automatically Log in, select the Forms-based Authentication check box to configure Single Sign-On for forms-based authentication. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 164: Configuring An Http/Https Application Offloading Portal
To offload a Web application and create a portal for it: Navigate to Portals > Portals and click the Virtual Host tab. The Virtual Host Settings screen opens. This allows you to access the Portal directly. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 165 If you have not disabled authentication, navigate to the Portals > Domains page and create a domain for this portal. Update your DNS server for this virtual host domain name and alias (if any). Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 166: Using Offloaded Applications
To use an offloaded application: For direct access, point your Web browser to the URL of the offloaded application portal. For access via an External Web site Bookmark, log into the Dell SonicWALL Virtual Office and then click on the bookmark.
Page 167: Configuring The Outlook Anywhere Portal
Select the Default Domain Name from the drop-down list. This domain name is used as the default domain for Secure Mobile Access authentication if the domain name is not specified in Outlook. Open Microsoft Outlook. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 168 11 Next, click Exchange Proxy Settings. 12 On the Microsoft Exchange Proxy Settings Screen, specify the host name of the Outlook Anywhere portal in the Use this URL to connect to my proxy server for Exchange field. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 169: Portals > Domains
The Portals > Domains page allows the administrator to add and configure a domain, including settings for: • Authentication type (local user database, Active Directory, LDAP, or RADIUS) • Domain name • Portal name • Group (AD, RADIUS) or multiple Organizational Unit (LDAP) support (optional) Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 170: Viewing The Domains Table
Click OK in the confirmation dialog box. After the SMA/SRA appliance has been updated, the deleted domain is no longer be displayed in the table. NOTE: The default LocalDomain domain cannot be deleted. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 171: Adding Or Editing A Domain
You can create multiple domains that authenticate users with user names and passwords stored on the SMA/SRA appliance to display different portals (such as a Secure Mobile Access portal page) to different users. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 172: Adding Or Editing A Domain With Local User Authentication
Optionally, force all users in the Local User Database to change their password at set intervals or the next time they login. To force users to change their password at set intervals, type Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 173 Verify partial DN in subject - Use the following variables to configure a partial DN that matches the client certificate: • User name: %USERNAME% • Domain name: %USERDOMAIN% • Active Directory user name: %ADUSERNAME% • Wildcard: %WILDCARD% Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 174: Adding Or Editing A Domain With Active Directory Authentication
SMA/SRA appliance and the Active Directory server against which it is authenticating. If you are unable to authenticate using Active Directory, refer to “Active Directory Troubleshooting on page 177. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 175 Two additional fields appear: • Verify user name matches Common Name (CN) of client certificate - Select this check box to require that the user’s account name match their client certificate. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 176 The choices depend on user types defined already. Some possible choices are: • External User – Users logging into this domain are treated as normal users without administrative privileges. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 177: Adding Or Editing A Domain With Ldap Authentication
Secure Mobile Access admin privileges to all users logging into that domain. Dell SonicWALL recommends adding filters that allow administrative access only to those users who are in the correct group. You can do so by editing the domain on the Users > Local Groups page.
Page 178 LDAP tree with these credentials and users can log in with their sAMAccountName. Optionally enter the IP address or domain name of a backup LDAP server in the Server Address field, under the Backup LDAP server section. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 179 Type the custom attribute that your LDAP server uses to store email addresses. If the specified attribute cannot be found for a user, the email address is taken from their individual policy settings. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 180: Adding Or Editing A Domain With Radius Authentication
Secure Mobile Access admin privileges to all users logging into that domain. Dell SonicWALL recommends adding filters that allow administrative access only to those users who are in the correct group. You can do so by editing the domain on the Users > Local Groups page.
Page 181 12 If required by the backup RADIUS server, enter an authentication secret for the backup RADIUS server in the Secret Password field. 13 Optionally, if using RADIUS for group-based access, select Use Filter-ID for RADIUS Groups. 14 Click the name of the layout in the Portal Name drop-down list. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 182 22 Click Accept to update the configuration. After the domain has been added, the domain is added to the table on the Portals > Domains page. 23 Click Configure next to the RADIUS domain you added. The Test tab of the Edit Domain page displays. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 183: Adding Or Editing A Domain With Digital Certificates
Select one or more certificates from the All CA certificates list to be added to the Trusted CA certificates list. The All CA certificates list displays all available certificates for the SMA/SRA appliance that were imported from the system certificate setting. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 184 Enter the Username Attribute as CN. This uses the CN attribute of the client certificate as the login username. Click Accept to save changes. Next, you need to import the client certificate to your Web browser. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 185 The authentication completes if the CA of the client certificate is on the Trusted CA certificates list. If the client certificate is not on the Trusted CA certificates list, the appliance blocks access and displays an error message. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 186: Configuring Two-Factor Authentication
Two-Factor Authentication Overview on page Dell SonicWALL’s implementation of two-factor authentication either uses two separate RADIUS authentication servers, or partners with two of the leaders in advanced user authentication: RSA and VASCO. If you are using RSA, you must have the RSA Authentication Manager and RSA SecurID tokens. If you are using VASCO, you must have the VASCO IdentiKey and Digipass tokens.
Page 187 Select Communication Server in the Agent type window. By default, the Enable Offline Authentication and Enable Windows Password Integration options are enabled. Dell SonicWALL recommends disabling all of these options except for Open to All Locally Known Users. Click OK.
Page 188: Setting The Time And Date
Click OK and close the RSA RADIUS Manager. Setting the Time and Date Because two-factor authentication depends on time synchronization, it is important that the internal clocks for the RSA Authentication Manager and the SMA/SRA appliance are set correctly. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 189 Navigate to the token XML file and click Open. The token file is imported. The Import Status window displays information on the number of tokens imported to the RSA Authentication Manager. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 190 Create a PIN requires the user to create a PIN. To assign a token to the user, click Assign Token. Click Yes on the confirmation window that displays. The Select Token window displays. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 191 10 Click OK in the Edit User window. The user is added to the RSA Authentication Manager. 11 Give the user their RSA SecurID Authenticator and instructions on how to log in, create a PIN, and user the RSA SecurID Authenticator. See the Dell SonicWALL Secure Mobile Access User Guide for more information.
Page 192 Click Add Client Route to select the correct Client Routes for the authenticated remote users accessing the private networks by way of the SMA/SRA connection. The client route corresponds with the subnet connected to the X0 (LAN) interface of the Dell SonicWALL NSA, TZ, or SuperMassive 9000 series.
Page 193 Navigate to Portal > Domains and click Configure to test the RADIUS connectivity to VASCO IdentiKey. If the RADIUS Authentication is successful, log out of the Administrator account and log in to the WAN (X1) interface of Secure Mobile Access with the User Name you created. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 194: Portals > Custom Logos
Load Balanced Pair – In this scenario, the Load Balancer can have one portal configured for the front-end, and another Application Offloading portal configured to act as a Virtual Backend Server. This Virtual Backend Server Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 195: Configuring A Load Balancing Group
This section provides configuration details for creating a new load balancing group and consists of the following sections: • Adding a New Load Balancing Group on page 196 • Configuring Probe Settings on page 197 • Adding New Members to a Load Balancing Group on page 197 Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 196 The Enable Session Persistence option is automatically selected when the group is enabled. This option allows the administrator to enable continuous user sessions by forwarding the “requests” part of the same session to the same backend member. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 197 Enter a Member Name to uniquely identify this member within the Load Balancing Group. Enter a friendly name or description in the Comment field to identify this group by mousing over the group’s page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 198: Portals > Url Based Aliasing
URL Based Aliasing, you might need to set up access to the application using App Offloading without URL rewriting or using NetExtender. Adding a URL Based Aliasing group See also: • Adding members on page • Deleting a group on page • Deleting a member on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 199 Under the URL Based Aliasing Groups section, click Add Group. The New URL Based Aliasing Group page displays. Enter a Group Name in the field provided. Then, click Accept. The newly added group displays on the URL Based Aliasing Groups list. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 200: Adding Members
Repeat steps 2 through 4 for each member you wish to add to the group. Deleting a group To delete a specific group: Navigate to the Portal > URL Based Aliasing page. Click the Delete icon of the group you wish to delete. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 201: Default Site Settings
The Default Site Settings section provides the ability to set a default site when accessing the portal without any URL specified. The default value in the drop-down list is Index Page. The Default Site Settings can be customized by editing the HTML, and then clicking Accept. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 202: Url Based Aliasing Group With Application Offloading
To add a new portal for a URL Based Aliasing Group: Navigate to the Portals > Portals page. Click Offload Web Application... The Portals > Portals > Add Portal page displays. Click the General tab. The Portal Settings page displays. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 203 Select the group you wish to add a portal for from the URL Based Aliasing Group drop-down list. Click Accept to save changes. The portal now displays in the Portals > Portals page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 204: Part 3. Configuring Services & Clients
• Device Management Configuration • NetExtender Configuration • End Point Control • Secure Virtual Assist Configuration • Secure Virtual Meeting • Web Application Firewall Configuration • Geo IP and Botnet Filter • High Availability Configuration Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 205: Services Configuration
Services Configuration This section provides information and configuration tasks specific to the Services pages on the Dell SonicWALL Secure Mobile Access web-based management interface, including configuring settings, bookmarks, and policies for various application layer services, such as HTTP/HTTPS, Citrix, RDP, and VNC.
Page 206 Set the desired buffer size using the Buffer size drop-down menu. This limit is enforced for HTTP and HTTPS responses from the backend Web server for plain text, Flash, and Java applets. The default size of the buffer is 1024 KB. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 207 Standard encoding (UTF-8), the default setting, should work for most FTP servers. European keyboards Some European characters cannot be input using US language keyboards. The keyboard type must be set on both the Remote Server and the Local Client computers. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 208: Language Selection Menu
Click the blinking icon, and a dialog pops up with the copied text in the input field. You can copy the text manually from there and paste it to the local machine. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 209 Enable Policy Match for Allow Action allows you to set the server log matched information for Allow types. Enable Policy Match for Deny Action allows you to set the server log matched information for Deny types. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 210: Services > Bookmarks
Services > Bookmarks The Services > Bookmarks page within the Secure Mobile Access web-based management interface provides a single interface for viewing bookmarks and access to configure bookmarks for users and groups. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 211: Feature Comparison Between Html5, Java, And Activex Bookmarks
Browsers with capable of HTML5 support FireFox, Chrome) Java (IE, (Chrome, IE10+, FireFox, and Mac OSX FireFox, and and Safari) (Safari, Chrome, Chrome) Mac and FireFox) OSX (Safari, Chrome, and FireFox) Linux (FireFox) Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 212: Sshv2 Feature Comparison Between Html5 And Java Bookmarks
Authentication Bypass Username Adjustable Window Size No (Fixed window size in option) Log Session Scroll-back Clipboard Highlight Color Options Store Accepted Host Key See: • Adding or Editing a Bookmark on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 213: Adding Or Editing A Bookmark
Some services can run on non-standard ports, and some expect a path when connecting. Depending on the choice in the Service field, format the Name or IP Address field like one of the examples shown in Table Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 214 HTTPS IP Address of URL 204.212.170.11 IPv6 Address 2008::1:2:3:4 URL:Path or File www.sonicwall.com/index.html IP:Path or File 204.212.170.11/folder/ URL:Port www.sonicwall.com:8080 IP:Port 204.212.170.11:8080 or [2008::1:2:3:4]:8080 URL:Port:Path or File www.sonicwall.com:8080/folder/index.html IP:Port:Path or File 204.212.170.11:8080/index.html Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 215 In the Start in the following folder field, optionally enter the local folder in which to execute application commands. • Select Login as console/admin session to allow login as console or admin. Login as admin replaces login as console in RDC 6.1 and newer. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 216 Additionally, you might want to provide a path to where your application resides on your remote computer by typing the path in the Application Path field. NOTE: RDP - HTML5 bookmarks are supported using the default browser on iOS and Android devices. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 217 Enable the Display Bookmark to Mobile Connect clients option to display your bookmark in Mobile Connect clients. Mobile Connect must be running version 2.0 or newer to view and access the Bookmark. Support varies by device and could require supported third-party applications being installed. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 218 Connect clients. Support varies between devices and could require supported third-party applications to be installed. NOTE: Mobile Connect must be running version 2.0 or newer to view and access the Citrix bookmark. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 219 NOTE: The Mobile Connect bookmark can also be used for ‘http://’ or ‘https://’ URL schemes, however, Dell SonicWALL recommends using HTTP or HTTPS bookmarks for these schemes. • Enter the Bookmark Name and the Name or IP Address. The Name or IP Address field is the custom URL scheme.
Page 220 The following example of a Mobile Connect bookmark shows how a user can create a bookmark using Google Earth to display a map with specific directions. First, the user must create the bookmark with the URL scheme: This bookmark is now available to access from your mobile device. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 221 The following example shows another way to use the Mobile Connect bookmark. In this example, the user adds a bookmark that launches the Phone app on iOS to make a call to the IT Support Hotline. This bookmark is now available to access from your mobile device. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 222 DFS file shares from other domains. The SMA/SRA appliance is not a domain member and is not able to connect to the DFS shares. DFS file shares on a stand-alone root are not affected by this Microsoft restriction. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 223 Select Display Bookmark to Mobile Connect clients to display the bookmark on mobile devices. Secure Shell Version 1 (SSHv1) • Select Display Bookmark to Mobile Connect clients to display the bookmark on mobile devices. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 224 Mobile Connect 2.0 or higher, check Display Bookmark to Mobile Connect clients to display the bookmark on mobile devices. • If using an SSHv2 server without authentication, such as a Dell SonicWALL firewall, you can select Bypass username. Dell SonicWALL Secure Mobile Access 8.5...
Page 225: Services > Policies
Administrators can follow the following steps to add a service policy: Use the Policy Owner drop-down menu to select whether the policy is owned as a Global Policy, a Local Domain group policy, or a policy assigned to an individual User. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 226 Select ALLOW or DENY from the Status drop-down list to either allow or deny SMA connections for the specified service and host machine. NOTE: One or more policies can be added to deny a specific access method that was selected during the wizard. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 227: Editing A Policy
Services > Policies window. NOTE: Dell SonicWALL recommends that administrators set up a Global Deny ALL policy that allows access to only trusted hosts. This prevents outbound requests to malicious hosts from Secure Mobile Access. To create a Global Deny ALL policy: From the Services >...
Page 228: Device Management Configuration
Device Management Configuration This section provides information and configuration tasks specific to the Device Management pages on the Dell SonicWALL Secure Mobile Access web-based management interface. Topics: • Device Management > Devices on page 228 Device Management > Devices Dell SonicWALL Secure Mobile Access obtains the client device's unique Device ID. With that information, you can view all devices, change device status, and delete unwanted devices.
Page 229: Device Management > Settings
Maximum Device per User This option limits the maximum devices each user can register. Security Statement This alert message appears on the client when the user logs in. You can customize this security statement. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 230: Activesync Provision Settings
Notification Settings You can list a set of email addresses here. When a new registration request arrives, an email notification is sent to these addresse notifying the recipients to handle the request. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 231: Device Management > Policies
There are also two Operators: Matches Regex and Equals String. Equals String is case sensitive. Equals String has priority to Matches Regex by default. The Action option has three choices: Reject, Approve, and Pending. The device takes on the defined action when it matches the policies. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 232: Device Management > Log
Device Management > Log The Device Management Log helps you acquire additional information about your devices, including logs on new device register requests, device status changes, deleted devices, and mail notifications. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 233: Netextender Configuration
40. For information about using or installing the NetExtender, NetExtender Mobile, or NetExtender Android clients, see the latest Dell SonicWALL Secure Mobile Access User Guide, available on the Secure Mobile Access pages of the Dell SonicWALL Support Web site at: https://support.software.dell.com/.
Page 234: Netextender > Status Overview
This section provides an overview of the NetExtender > Client Settings page and a description of the configuration tasks available on this page. • NetExtender > Client Settings Overview on page • Configuring the Global NetExtender IP Address Range on page • Configuring Global NetExtender Settings on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 235: Netextender > Client Settings Overview
SMA/SRA appliance, it must not overlap or collide with any assigned addresses. You can determine the correct subnet in one of the following ways: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 236: Configuring Global Netextender Settings
SMA/SRA server. To reconnect, users have to either return to the Secure Mobile Access portal or launch NetExtender from their Programs menu. This option applies to all supported platforms except Android smart phones. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 237: Configuring Internal Proxy Settings
Select Run Local File if you have the post-connection script(s) available on your local client machine. Select the Run Files for the radio button if you have post-connection script(s) uploaded to the server. For local files, set the script path on the Run this file field. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 238: Netextender > Client Routes
This section provides an overview of the NetExtender > Client Routes page and a description of the configuration tasks available on this page. • NetExtender > Client Routes Overview on page • Adding NetExtender Client Routes on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 239: Netextender > Client Routes Overview
With group access policies, all traffic is allowed by default. This is the opposite of the default behavior of Dell SonicWALL Unified Threat Management (UTM) appliances, where all inbound traffic is denied by default. If you do not create policies for your SMA/SRA appliance, then all NetExtender users might be able to access all resources on your internal network(s).
Page 240: Netextender > Advanced Settings
Click Choose File to upload a file from your local system. Then, click Upload. After uploaded, the file displays in a list. To delete a script file, locate the file you want to delete, and click the ‘X’ delete icon. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 241: Netextender > Client Downloads
• From • Platform • Login Time • Sent • Received • Exclude—Excludes the value you has specified in the search. • Reset—Clears the search field as well as any search results. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 242: Netextender User And Group Settings
To configure custom settings for individual users: Navigate to the Users > Local Users page. Click on the configure icon for the user you want to edit. The Edit User window is launched. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 243 See also: • Configuring User Client IP Address Range on page • Configuring User DNS Settings on page • Configuring User NetExtender Settings on page • Configuring User NetExtender Routes on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 244 So in some cases, a client might not be conforming to previous policies for the initial connection. Configuration is allowed globally, by group, or per user. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 245 SMA/SRA appliance. In such cases, when a user is successfully authenticated, a local user account is created with the Add Global NetExtender Client routes and Add Group NetExtender Client routes settings enabled. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 246: Configuring Group-Level Netextender Settings
To configure custom settings for groups: Navigate to the Users > Local Groups page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 247 IOS devices when the option is disabled as there is no method for the server to change the client settings until the client attempts a connection. So in some cases, a client might not be Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 248 Secure Mobile Access NetExtender tunnel. To also add the global NetExtender client routes (which are configured on NetExtender > Client Routes page) to users in this group, select Add Global NetExtender Client Routes. Click Accept. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 249: End Point Control
End Point Control This section provides information and configuration tasks specific to the End Point Control pages on the Dell SonicWALL Secure Mobile Access web-based management interface. Topics: • Configuring End Point Control on page • End Point Control > Device Profiles on page •...
Page 250: End Point Control > Device Profiles
This page also contains buttons that allow you to add, edit, or delete profiles. Hover the mouse over an icon or button to identify it. To create a device profile: On the End Point Control > Device Profiles page, click Add Device Profile. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 251: Users > Local Groups > Edit Epc Settings
Allow profiles for the group and does not fulfill any Deny profiles. Use the EPC tab on the Users > Local Groups > Edit page to assign device profiles to a group. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 252 EPC, as explained for the Global group. Either select Inherit global device profiles to use all defined Allow and Deny device profiles for the group. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 253: Users > Local Users > Edit Epc Settings
NetExtender login can be disabled on platforms where EPC is enabled. To configure device profiles to be used when authenticating a local user: Navigate to the Users > Local Users page and click Edit for the user to be configured for EPC. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 254 If you select Custom Setting, the Check endpoint at login and Check endpoint at login and every x minutes thereafter prompts are displayed and you can configure EPC, as explained for the Global group. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 255 Remove selected profiles. d To add or remove a Deny profile for the user, click Add Deny Profiles and follow the preceding steps b and d. Click Accept to save your changes. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 256: End Point Control > Status
Click Check Update to instantly query if there are any available updates. If there is a new update available, the button changes to Apply Update. The Service Expiration Date displays when the current service expires. Click Previous Settings to apply the previous version of the service. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 257: End Point Control > Settings
The Settings page also is used to customize the message displayed when a NetExtender client login fails EPC security checking. Figure 36. End Point Control > Settings Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 258: End Point Control > Log
Change the value in the Items per page field to display more or fewer log messages per page. Click the forward or backward arrows to scroll through the pages of the log messages. • Click any of the headings to sort the log messages alphabetically by heading. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 259: Secure Virtual Assist Configuration
This section provides information and configuration tasks specific to the Secure Virtual Assist pages on the Dell SonicWALL Secure Mobile Access web-based management interface. Secure Virtual Assist is an easy to use tool that allows Secure Mobile Access users to remotely support customers by taking control of their computers while the customer observes.
Page 260: Secure Virtual Assist > Settings
To configure Virtual Assist general settings: Navigate to the Secure Virtual Assist > Settings page. To require customers to enter a password before being allowed to access Virtual Assist, enter the password in the Assistance Code window. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 261 Virtual Assist and Virtual Meeting (on Windows and Macintosh) interfaces. There is a notification button bar on the pages for you to install the SMA Connect Agent. Click the active link and the following page appears: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 262: Request Settings
Enter a value in the Pending Request Expired field to have customers automatically removed from the queue if they are not assisted within the specified number of minutes. The default 0 does not remove unassisted customers. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 263: Notification Settings
Virtual Assist client. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 264: Customer Portal Settings
Show Company Logo - Displays the company logo that is configured on the Logo tab of the Edit Portal window. • Show Company Copyright - Displays the copyright at the bottom of the page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 265: Restriction Settings
On the Secure Virtual Assist > Settings page, click the Restriction Settings tab at the bottom of the page. Click Add ... The Admin Addresses window displays. In the Source Address Type drop-down menu, select which of the following you want to specify: • IP Address • IP Network Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 266: Secure Virtual Assist > Log
Click any of the headings to sort the log messages alphabetically by heading. Secure Virtual Assist > Licensing This section provides an overview of the Secure Virtual Assist > Licensing page and a description of the configuration tasks available on this page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 267: Secure Virtual Assist > Licensing Overview
To enable Virtual Assist on a portal, go to the Portals > Portals page and click the Configure icon for the desired portal. To create a new portal, go to the Portals > Portals page and click Add Portal. See Portals > Portals on page 134. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 268 Optionally, you can customize all of the Virtual Assist settings for this individual portal using the tabs on this window. Virtual Assist is now enabled and ready to use. Secure Mobile Access users now see the Virtual Assist icon on the Virtual Office page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 269: Secure Virtual Meeting
Secure Virtual Meeting > Licensing on page For information about using Virtual Meeting, see the Dell SonicWALL Secure Mobile Access User Guide. You can also view the Secure Mobile Access Secure Virtual Meeting and Secure Virtual Assist Feature Module for additional information.
Page 270: Secure Virtual Meeting > Settings
In the Allow joining before start time field, select the number of minutes that Participants are allowed to join a meeting before it starts. Select 0 if Participants are allowed to join a meeting at any Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 271: Notification Settings
In the Invitation Message field type the text you want to include in the body of the Virtual Meeting e- mail invitation. The body can include variables. Move the mouse pointer over the icon to the right of this field to display possible variables. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 272: Secure Virtual Meeting > Log
Virtual Assist technicians. Any number of Virtual Meetings can occur concurrently, but the number of concurrent users in the lobby is limited to 9 (5-2=3 licenses available, 3x3=9 licenses for meeting users available). Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 273: Licensing Information
Virtual Assist licenses are used for Secure Virtual Meeting. The Licensing page also contains links to the System > Licenses page where you can obtain a license. Figure 42. Secure Virtual Meeting Licensing Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 274: Web Application Firewall Configuration
Configuration This section provides information and configuration tasks specific to the Web Application Firewall pages on the Dell SonicWALL Secure Mobile Access (web-based management interface. Web Application Firewall is subscription-based software that runs on the SMA/SRA appliance and protects Web applications running on servers behind the SMA/SRA.
Page 275 Under Manage Security Services Online, click the Activate, Upgrade, or Renew services link. The MySonicWALL Login page is displayed. Type your MySonicWALL credentials into the fields, and then click Submit. The System > Licenses page is displayed. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 276 Click Synchronize to view the license on the System > Licenses page. Web Application Firewall is now licensed on your SMA/SRA appliance. Navigate to Web Application Firewall > Settings to enable it, and then restart your appliance to completely activate Web Application Firewall. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 277: Configuring Web Application Firewall
The Web Application Firewall > Status page provides status information about the Web Application Firewall service and signature database, and displays the license status and expiration date. Synchronize allows you to download the latest signatures from the Dell SonicWALL online database. You can use Download to generate and download a PCI compliance report file.
Page 278 Firewall > Settings page. If this automatic update option is enabled, Apply disappears from the Web Application Firewall > Status screen as soon as the new signatures are automatically applied. To synchronize the signature database with the Dell SonicWALL online database server, click Synchronize. The timestamp is updated.
Page 279: Configuring Web Application Firewall Settings
You can also clear Global Enable Web Application Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 280 In the Edit Global Exclusions page, the action you set overrides the signature group settings for the resources configured on these host pages. Select one of the following from the Action drop-down list: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 281 To configure the error page to use when intrusions are detected: Expand the Intrusion Prevention Error Page Settings section. In the Intrusion Prevention Response drop-down list, select the type of error page to be displayed when blocking an intrusion attempt. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 282 In the Portals drop-down list, select the Portal to which these CSRF protection settings apply. To make these CSRF settings the default for all portals, select Global. Select Form-based Protection from the Protection Method drop-down list. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 283 Secure to append the Secure attribute to server-side cookies. The attribute HttpOnly prevents the client-side scripts from accessing the cookies that are important in mitigating attacks such as Cross Site Scripting and session hijacking. The attribute Secure ensures that the cookies are Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 284 Blocking does not occur for headers such as Content-Type that are critical to the HTTP protocol. To remove a host/header pair from the list to be blocked, select the pair in the text box and then click Remove. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 285 You can select one of the following in each row: • Disabled – Do not match numbers in this format. No logging or masking is done. • Detect – Detect numbers in this format and create a log entry when detected. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 286: Configuring Web Application Firewall Signature Actions
The Web Application Firewall > Signatures page allows you to configure custom handling or exclusion of certain hosts on a per-signature basis. You can use signature-based exclusions to apply exclusions for all hosts for each signature. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 287 Enabling Performance Optimization on page • Configuring Signature Based Custom Handling and Exclusions on page • Reverting a Signature to Global Settings on page • Removing a Host from a Per-Signature Exclusion on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 288 The Performance Optimization option allows you to disable some relatively less severe signatures that significantly affect the performance of certain Web applications. These signatures are identified by the Dell SonicWALL signature team and the list is pushed out to SMA/SRA appliances. When you select Enable Performance Optimization, these signatures are disabled for Web Application Firewall.
Page 289 Click Accept on the Web Application Firewall > Signatures page to apply the updated settings. New settings are applied to any new HTTP connections and requests. The existing HTTP connections and requests continue to use the old settings until they are terminated. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 290: Determining The Host Entry For Exclusions
You can determine exactly what host name to enter in your exclusion by viewing the configuration details of the bookmark. To view the host entry in a bookmark: Navigate to the Virtual Office page, and click Show Edit Controls above the list of bookmarks. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 291 In an off-loaded application, you use the virtual host domain name. To view the virtual host domain name in an off-loaded application: Navigate to the Portals > Portals page and click Configure next to the off-loaded application. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 292: Configuring Custom Rules And Application Profiling
Application profiling is supported only on the SMA 400, SRA 4600, and SMA 500v Virtual Appliance. Custom rules created on this page have all the same properties as the signatures that Dell SonicWALL pushes out to Web Application Firewall-enabled appliances.
Page 293 Search field, select All Fields or a specific field to search, and click Search. Or, click Exclude to display only rules that do not contain the key word. Click Reset to display all rules. All matches are highlighted. The default is 50 rules per page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 294 The Web Application Firewall > Monitoring page also shows the activity in the graphs. Figure 47 shows several detected and prevented threats during a 12 hour period. For more information about the Monitoring page, see Using Web Application Firewall Monitoring on page 308. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 295 Navigate to the Web Application Firewall > Rules page. Under Application Profiling, select one or more portals with the application(s) to be profiled from the Portals drop-down list. Use Shift+click or CTRL+click to select multiple portals. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 296 Optionally click any of the links in the URL profile tree display to edit the learned values. Click expand all URLs at that level in the tree. You can also click to refresh all URLs in the list or click to delete a selected URL. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 297 For ease of configuration, you can clone example rule chains or regular rule chains. Cloning a rule chain clones all rules associated with the chain. After cloning the rule chain, you can edit it by clicking its Edit Rule Chain icon under Configure. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 298 In the Reset Hit Counter Period field, enter the number of seconds allowed to reach the Max Allowed Hits number. If Max Allowed Hits is not reached within this time period, the selected action is not triggered and the hits counter is reset to zero. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 299 The second rule is to match a specific URL. If the administrator forgets to create the second rule, then access to the SMA/SRA appliance is denied, because the Secure Mobile Access web-based management interface depends on the GET method. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 300 Value – This entity can be a number, literal string, or a regular expression that is compared with the scanned target. It is compared with the value of the configured variable(s) according to the specified operator. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 301 “foo,” then you would select the Parameter Values variable and specify password in the selection text box. In the Value field, you would enter foo. Table 34 describes the available variables. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 302 To match against some aspect of the entire list of response header values, leave the selection field empty. To match against a particular header value, specify the name of the header in the selection field to the right of the colon. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 303 Matches Regex String One or more of the scanned variables matches the regular expression in the Value field. An example of a regular expression that matches any four decimal numbers is \d{4}. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 304 Use the Hexadecimal Decode measure to decode hexadecimal encoded data before the comparison is made according to the rule. This is an anti-evasive measure to prevent hackers from using hexadecimal encoding of their input to bypass the rule. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 305 String Length in the Anti-Evasive Measures list to compute the length of the password form parameter. The action for the rule chain would be set to Prevent. Figure 49 shows the rule chain for this example. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 306 Example – Negative Security Model: Blocking Malicious Input to a Form To block malicious input to a form, you would create a rule chain containing the following two rules: The first rule identifies the URL for the form. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 307: Deleting A Rule
The page for that rule chain opens. Click the Delete icon under Configure for the rule you want to delete. Click OK in the confirmation dialog box. Click Accept. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 308: Using Web Application Firewall Monitoring
Web server status statistics and graphs of the number of requests and the amount of traffic during the selected monitoring period. The monitoring functions of each tab are explained in the following sections: • Monitoring on the Local Tab on page • Monitoring on the Global Tab on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 309 You can view Web server activity on the Local tab over different time periods by selecting one of the following options from the Monitoring Period drop-down list: • Last 60 Seconds • Last 60 Minutes Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 310 Monitoring Period drop-down list: • Last 12 Hours • Last 14 Days • Last 21 Days • Last 6 Months • All in Lists Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 311 Click again to toggle between ascending and descending order. The active sorting column is marked by an arrowhead pointing upwards for ascending order, and downwards for descending order. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 312 Prevented table. To display details about a threat, click on the threat. The details include the following: • URL – The URL to the Dell SonicWALL knowledge base for this threat • Category – The category of the threat •...
Page 313 Select the Global tab. The active tab name is displayed in red or pink, while the inactive tab name is blue. The control buttons act on the page that is currently displayed. To turn streaming on or off, click the indicator next to Streaming Updates. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 314 21 days. Figure 55. Threats Over Last 21 Days Hovering your mouse pointer over the signature ID causes a tooltip to appear with details about the threat. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 315: Using Web Application Firewall Logs
Searching the Log You can search for a value contained in a certain column of the log table, and can also search for log entries that do not contain the specified value. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 316 Web Application Firewall > Log page. Exported files are saved with a .wri file name extension, and open with WordPad, by default. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 317 To clear the Web Application Firewall log: On the top right corner of the Web Application Firewall > Log page, click Clear. Click OK in the confirmation dialog box. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 318: Verifying And Troubleshooting Web Application Firewall
There was a general error in downloading and processing the database update. This is possible if the data in the update does not conform to the signature parser schema. • WAF signature database update was downloaded successfully. The new database contains <num> rules Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 319 Signature database download was successful. The new database contains <num> number of rules. A rule is an internal property which is used by Dell SonicWALL to determine how many signatures were downloaded. NOTE: You can select the Apply Signature Updates Automatically option on the Web Application Firewall >...
Page 320: Geo Ip And Botnet Filter
Botnets using a dynamically updated database maintained by Dell SonicWALL. Botnets pose huge security risks such as Denial of Service (DoS) attacks and Data Leakage. They are hard to identify and control because of the transient nature of their origins.
Page 321: General Status
If the location of an IP address changes, each location is shown as a different IP address and statistics are divided. Use the Monitoring Period drop-down list to select the reporting period: Last 12 Hours, Last 14 Days, Last 21 Days, Last 6 Months, or All recorded traffic data. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 322: Settings
Enforce Botnet Filter Policy — Select this option to enforce Botnet Filter policies. If this is disabled, Botnet IPs is not blocked, however, they are still detected and included in the Botnet Filter Statistics. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 323: Remediation Settings
CAPTCHA session is deleted and remediation is required again. To enable Remediation and configure the settings: Click Remediation Settings. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 324: Access Policies
Apply Policy To list. You can also select countries directly from the map. The map displays selected/deselected countries by color. The deselected countries display gray, while the selected countries display in color. Mouse over a country in the Apply Policy To list and the Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 325: Log
Unknown icon. Mousing over an icon in the Location field displays the City (if available), Region, and Country of the source IP. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 326 To view the next page of log entries, click the right arrow in the arrow control pad. To view the last page of log entries, click the right-most button in the arrow control pad. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 327 To clear the log, complete the following steps: On the top right corner of the Geo IP & Botnet Filter > Log page, click Clear. Click OK in the confirmation dialog box. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 328: Licensing
Filter > Licensing page. The Licensing page also includes a brief description of the feature and a link to the System > Licenses page where you can activate, upgrade, and renew licenses. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 329: High Availability Configuration
High Availability Configuration This section provides information and configuration tasks specific to the High Availability page on the Dell SonicWALL Secure Mobile Access web-based management interface. High Availability allows two identical SMA/SRA appliances or SMA 500v Virtual Appliances to provide a reliable, continuous connection to the public Internet.
Page 330: Supported Platforms
NOTE: Dell SonicWALL recommends that you backup and download the settings for both SMA/SRA appliances at this stage. In a browser, log in to the primary unit and navigate to the Network > Interfaces page. Confirm that the X3 port is active by checking the Status that should show 1000 Mbps Full Duplex.
Page 331: Configuring High Availability Settings On A Hardware Appliance
To enable High Availability and configure the options in the High Availability Settings section: In a browser, log in to the primary unit and navigate to the High Availability > Settings page. Select Enable High Availability. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 332 The appliances in the HA Pair immediately begin to synchronize data from the primary to the backup unit. When failover occurs and the primary is down, the backup unit becomes Active with the same settings as the primary. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 333: Configuring High Availability Settings On A Virtual Appliance
The HA interface can only be set when the unit is in the HA unconnected mode, and both units must be set to the same interface. Select Primary Appliance if this Virtual Appliance is the primary appliance in the HA pair. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 334: Enabling Interface Monitoring
To enable interface monitoring: On the High Availability > Settings page under Interface Monitoring, select Enable Interface Monitor. In the Monitor Interfaces list, select the interfaces that you want to monitor. Click Accept. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 335: Configuring Network Monitoring Addresses
To configure management settings for the idle unit: On the High Availability > Settings page under Management Settings for Idle Unit, check Enable To Manage Idle Unit. Select the management interface using the drop-down list. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 336: Synchronizing Firmware
Can the HA interface settings be amended, after HA is enabled? When HA is configured, the ‘Edit’ button for the HA interface is dimmed and disabled. So the HA interface setting cannot be changed after the devices are in HA mode. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 337 Firmware button allows you to synchronize firmware from the Active to the Idle unit. When settings are changed, clicking Accept synchronizes settings. Does the HA configuration for SMA/SRA appliances differ from the HA configuration of Dell SonicWALL firewall devices? Yes. HA configuration on a firewall is very different. Along with other items, firewall HA is also available in Active/Active state and can be assigned a virtual IP address.
Page 338: Part 4. Configuring Users & Logs
Part 4 Configuring Users & Logs • Users Configuration • Log Configuration Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 339: Users Configuration
Users Configuration This section provides information and configuration tasks specific to the Users pages on the Dell SonicWALL Secure Mobile Access web-based management interface, including access policies and bookmarks for the users and groups. Policies provide you access to the different levels of objects defined on your SMA/SRA appliance.
Page 340: Access Policies Concepts
Policy 3: A Permit rule has been configured to allow FTP access to the predefined network object, FTP Servers. The FTP Servers network object includes the following addresses: 10.0.0.5 - 10.0.0.20. and ftp.company.com that resolves to 10.0.1.3. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 341: Users > Local Users
(user, administrator, or read- only administrator). NOTE: Users configured to use RADIUS, LDAP, or Active Directory authentication do not require passwords because the external authentication server validates user names and passwords. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 342: Removing A User
When configured and a password is expiring, a notification is displayed on the user’s Virtual Office page or the Administrator’s management console identifying the number of days before their password expires. Notifications also include a link to a screen where the password can be changed. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 343: Editing User Settings
SMA/SRA appliance only allows users that authenticate to the internal user database to have administrative privileges. Also, the user type External is used to identify the local user instances that are auto-created to correspond to externally authenticating users. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 344 Optionally, force a user in the Local User Database to change their password at set intervals or the next time they login. To force a user to change their password at set intervals, type the expiration interval in Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 345 10 Click Accept to save the configuration changes Modifying Group Settings On the Groups tab, you can add a group membership for users, configure a primary group, and control whether groups are automatically assigned at user login. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 346 Virtual Assist Technician • Virtual Assist Request Help • Virtual Access Setup Link • Allow User to Add Bookmarks • Allow User to Edit/Delete Bookmarks – Applies to user-owned bookmarks only. Click Accept. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 347 Enabled - Enable this action for the user. Overrides the group setting. • Disabled - Disable this action for all members of the group. Overrides the global setting. In the User Name & Password Caching drop-down list, select one of the following: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 348 Enabled - Enable this action for the user. Overrides the group setting. • Disabled - Disable this action for all members of the group. Overrides the global setting. In the Create Client Connection Profile drop-down list, select one of the following: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 349 However, it is possible to control source logins by IP address with a login policy created on the user's Login Policies tab. For more information, refer to Configuring Login Policies on page 380. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 350 Adding a Policy for an IP Address Navigate to Users > Local Users. Click the configure icon next to the user you want to configure. Select the Policies tab. Click Add Policy... Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 351 Navigate to Users > Local Users. Click the configure icon next to the user you want to configure. Select the Policies tab. Click Add Policy. Select Server Path from the Apply Policy To drop-down list. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 352 Navigate to Users > Local Users. Click the configure icon next to the user you want to configure. Select the Policies tab. Click Add Policy. In the Apply Policy To drop-down menu, select the URL Object option. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 353 [!<character set>] – Matches any character in that position not listed in character set. For example [!acd], [!8a0] [<range>] – Matches any character falling within the specified ASCII range. Can be an alphanumeric character. For example, [a-d], [3-5], [H-X] Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 354 In the Status drop-down list, click on an access action, either Allow or Deny. Click Accept. Adding or Editing User Bookmarks The Bookmarks tab provides configuration options to add and edit user bookmarks. In addition to the main procedure that follows, see the following: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 355 Some services can run on non-standard ports, and some expect a path when connecting. Depending on the choice in the Service field, format the Name or IP Address field like one of the examples shown in Table Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 356 HTTPS IP Address of URL 204.212.170.11 IPv6 Address 2008::1:2:3:4 URL:Path or File www.sonicwall.com/index.html IP:Path or File 204.212.170.11/folder/ URL:Port www.sonicwall.com:8080 IP:Port 204.212.170.11:8080 or [2008::1:2:3:4]:8080 URL:Port:Path or File www.sonicwall.com:8080/folder/index.html IP:Port:Path or File 204.212.170.11:8080/index.html Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 357 Set whether users are can edit or delete bookmarks from the Virtual Office portal by making a selection for Allow user to edit/delete. You can select to Allow, Deny, or to Use the user policy setting. Select one of the service types from the Service drop-down list. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 358 When only one mode is available, the bookmark is also run immediately. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 359 Send WOL packet to host name or IP address – To send the WoL packet to the hostname or IP of this bookmark, select Send WOL packet to host name or IP address that can be applied in tandem with a MAC address of another machine to wake. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 360 Visual styles • Select the Remote Audio option from the drop-down list. Audio redirection enables the user to play an audio clip on the server, either remotely or locally. Valid selections are Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 361 Select Display Bookmark to Mobile Connect clients to display the bookmark on mobile devices. (Option available for all Terminal Services.) NOTE: RDP over HTML5 is supported using the default/standard browser in iOS or Android. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 362 The up and down arrows are used to adjust the launch priority. Fork and tick are used to disable or enable the modes. Disabled modes are put at the bottom of the list with a gray font color. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 363 • RRE – Rise-and-Run-length-Encoding uses a sequence of identical pixels that are compressed to a single value and repeat count. This is an efficient encoding for large blocks of constant color. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 364 • Manual: Provides options to configure the modes, their priorities, and the choose method. At least one mode should be enabled in the selection box. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 365 That means, when next launching the bookmark, the remembered mode is run directly within two seconds. Clicking anywhere in the HTML can 'forget' the remembered mode so you can re-choose. Editing or deleting the bookmark in the same browser can also reset the remembered mode. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 366 Select Disable Security Warning if you do not want to see any security warnings when accessing this Web site. Security warnings are normally displayed when this bookmark refers to anything other than an Application Offloaded Web site. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 367 Smart: Allows the firmware to decide which mode to launch on the client. When creating a new unified bookmark, Smart is selected by default. Auto-detection is processed using bookmark-specific default modes while launching the bookmark. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 368 Editing or deleting the bookmark in the same browser can also reset the remembered mode. When no modes are able to run on the client with the configuration, the following notice appears. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 369 For more information about custom credentials, see Creating Bookmarks with Custom SSO Credentials on page 379. • Select an Access Type Selection. Smart or Manual. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 370 After the Choose during Launch option is enabled, while launching the unified bookmark, if there are multiple modes available for the client, a menu is provided from which you can choose Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 371 • Select Authentication with public/private keys to support RSA or DSA keys. • If using an SSHv2 server without authentication, such as a Dell SonicWALL appliance, you can select Bypass username. • Select Display Bookmark to Mobile Connect clients to display the bookmark on mobile devices.
Page 372 To add a license server: In the Server Manager screen under Edit Settings, double-click Remote Desktop license servers. In the Properties dialog that appears, on the Licensing tab, click Add. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 373 The Add License Server dialog appears. Select the License server name or IP address field and click Add. To configure a license server: On the Server Manager screen, click Licensing Diagnosis in the left navigation pane. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 374 In the middle pane under license server(s) specified, select the desired server name or IP address. The right pane displays additional actions. In the right pane, click Start RD Licensing Manager. The next screen lists the available licenses, shown as Temporary. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 375 Manage your Per-Device license from this screen. Every remote connection from different web browsers consumes a device license. You can revoke the licenses within the previous screen, but only a few times within a certain period. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 376 Universal Printer Driver to PCL mode. NOTE: Citrix Java Bookmarks is no longer officially supported by Dell SonicWALL because Citrix has ended support for the Java Receiver. Dell SonicWALL recommends using HTML5 or ActiveX access methods for Citrix Bookmarks.
Page 377 After the Choose during Launch option is enabled, while launching the unified bookmark, if there are multiple modes available for the client, a menu is provided from which you can choose Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 378 App. The SMA Connect Agent launches the “Citrix Receiver” to make the Citrix connection. If you have not yet installed the App, the SMA Connect Agent pops up an alert message for you to start the installation. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 379 User Form Field - This should be the same as the ‘name’ and ‘ID’ attribute of the HTML element representing the User Name in the login form, for example: <input type=text name=’userid’> Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 380: Configuring Login Policies
Click the configure icon for the user you want to configure. The Edit Local User page is displayed. Click the Login Policies tab. The Edit Local User - Login Policies tab is displayed. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 381 In the Define Address window, select one of the source address type options from the Source Address Type drop-down list. • IP Address - Enables you to select a specific IP address. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 382: Users > Local Groups
Users > Local Groups Overview on page • Deleting a Group on page • Adding a New Group on page • Editing Group Settings on page • Group Configuration for LDAP Authentication Domains on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 383: Users > Local Groups Overview
Note that a group is automatically created when you create a domain. You can create domains in the Portals > Domains page. You can also create a group directly from the Users > Local Groups page. The Users > Local Groups window contains two default objects: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 384: Editing Group Settings
Click the configure icon next to the group you want to configure. The General tab of the Edit Group Settings window displays. The General tab displays the following non-configurable fields: Group Name and Domain Name. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 385 The Portal tab provides configuration options for portal settings for this group. To configure portal settings for this group: In the left column, navigate to the Users > Local Groups. Click the configure icon next to the group you want to configure. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 386 To allow users to edit or delete user-owned bookmarks, select Allow from the Allow user to edit/delete bookmarks drop-down menu. To prevent users from editing or deleting user-owned bookmarks, select Deny. To use the setting defined globally, select Use global setting. Click Accept. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 387 Choose the IPv6 address pool setting. Options include using the global settings, the DHCPv6 settings, or a Static Pool. Under DNS Settings, type the address of the primary DNS server in the Primary DNS Server field. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 388 For SMA/SRA appliances supporting connections from Apple iPhones, iPads, or other iOS devices using Dell SonicWALL Mobile Connect, use this DNS Search List. This DNS domain is set on the VPN interface of the iPhone/iPad after the device makes a connection to the appliance. When the mobile device user accesses a URL, iOS determines if the domain matches the VPN interface’s domain, and if so, uses the...
Page 389 This feature is for external users, who inherit the settings from their assigned group upon login. Tunnel all mode ensures that all network communications are tunneled securely through the Secure Mobile Access tunnel. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 390 Internet from authenticating to the SMA/SRA gateway through the policy engine. It is possible to control source logins by IP address from the user's Login Policies page. For more information, refer to Configuring Login Policies on page 380. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 391 Editing a Policy for a File Share To edit file share access policies: Navigate to Users > Local Groups. Click the configure icon next to the group you want to configure. Select the Policies tab. Click Add Policy... Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 392 To define group bookmarks: Navigate to the Users > Local Groups window. Click the configure icon for the group for which you want to create a bookmark. The Edit Local Group page is displayed. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 393 Additionally, you might want to provide a path to where your Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 394 After the Choose during Launch option is enabled, while launching the unified bookmark, if there are multiple modes available for the client, a menu is provided from which you can choose Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 395 Send WOL packet to host name or IP address – To send the WoL packet to the hostname or IP of this bookmark, select Send WOL packet to host name or IP address that can be applied in tandem with a MAC address of another machine to wake. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 396 Redirect SmartCards • Redirect Plug and Play Devices Select the check boxes for any of the following additional features for use in this bookmark session: • Display connection bar • Desktop background Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 397 Services.) Select Use custom credentials to enter a custom username, password, and domain for this bookmark. For more information about custom credentials, see Creating Bookmarks with Custom SSO Credentials on page 379. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 398 Smart: Allows the firmware to decide which mode to launch on the client. When creating a new unified bookmark, Smart is selected by default. Auto-detection is processed using bookmark-specific default modes while launching the bookmark. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 399 That means, when next launching the bookmark, the remembered mode is run directly within two seconds. Clicking anywhere in the HTML can 'forget' the remembered mode so you can re-choose. Editing or deleting the bookmark in the same browser can also reset the remembered mode. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 400 HTML element representing Password in the Login form, for example: <input type=password name=’PASSWORD’ id=’PASSWORD’ maxlength=128>. • Select the Display Bookmark to Mobile Connect clients to display the bookmark on mobile devices. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 401 Secure Mobile Access session for log in to the FTP server. Select Use custom credentials to enter a custom username, password, and domain for this bookmark. For more information about custom credentials, see Creating Bookmarks with Custom SSO Credentials on page 379. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 402 Smart: Allows the firmware to decide which mode to launch on the client. When creating a new unified bookmark, Smart is selected by default. Auto-detection is processed using bookmark-specific default modes while launching the bookmark. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 403 SSHv2 Java Settings • Select Authentication with public/private keys to support RSA or DSA keys. • If using an SSHv2 server without authentication, such as a Dell SonicWALL appliance, you can select Bypass username. SSHv2 HTML5 Settings • Select the Default Font Size. Supported options range from 12 to 99 points.
Page 404: Group Configuration For Ldap Authentication Domains
Navigate to the Portals > Domains page and click Add Domain to display the Add New Domain window. Select LDAP from the Authentication Type menu. The LDAP domain configuration fields are displayed. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 405 Users logging into Active Directory domains are automatically assigned in real time to Secure Mobile Access groups based on their external AD group memberships. If a user’s external group membership has changed, their Secure Mobile Access group membership automatically changes to match the external group membership. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 406 Secure Mobile Access admin privileges to all users logging into that domain. Dell SonicWALL recommends adding filters that allow administrative access only to those users who are in the correct group. You can do so by editing the domain on the Users > Local Groups page.
Page 407 LDAP attributes. To see a full list of LDAP attributes, refer to the Dell SonicWALL LDAP Attribute document. As a common example, fill out an attribute field with the memberOf= attribute which can bundle the following common variable types: CN= - the common name.
Page 408 • > /tmp/file is optional and defines the file where the LDAP query results are saved. For instructions on querying an LDAP server from a Window server, refer to: http://technet.microsoft.com/en-us/library/cc783845(v=ws.10).aspx Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 409: Group Configuration For Active Directory And Radius Domains
SMA/SRA appliance as type External, and can then be managed like any other local user by the administrator. The external local user remains until deleted by the administrator. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 410: Creating A Citrix Bookmark For A Local Group
Enter the name or IP address of the bookmark in the Name or IP Address field. From the Service drop-down list, select Citrix Portal (Citrix). Select the Resource Window Size from the drop-down list. Select an Access Type Selection. Smart or Manual. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 411 After the Choose during Launch option is enabled, while launching the unified bookmark, if there are multiple modes available for the client, a menu is provided from which you can choose Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 412 Address field that appears. This setting allows you to specify the Citrix ICA Server address for the Citrix ICA session. By default, the bookmark uses the information provided in the ICA configuration on the Citrix server. 12 Click Accept. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 413: Global Configuration
(SSO) automatic login for bookmarks. This setting disables automatic login by default for new users. • Enabled: Select this option to enable automatic login for bookmarks. • Disabled: Select this option to disable automatic login for bookmarks. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 414 Address Range, IPv6 Address, or IPv6 Address Range in the Apply Policy To drop-down list. 27 Click Accept to save the configuration changes. 28 Click the Bookmarks tab. 29 To add a bookmark, click Add Bookmark... 30 Enter a bookmark name in the Bookmark Name field. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 415: Edit Global Policies
If your policy applies to a specific IPv6 host, select the IPv6 Address option from the Apply Policy To drop-down list and enter the IPv6 address of the local host machine in the IPv6 Address field. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 416: Edit Global Bookmarks
When global bookmarks are defined, all users see the defined bookmarks from the Secure Mobile Access user portal. Individual users are not able to delete or modify global bookmarks. To edit a bookmark, enter a descriptive name in the Bookmark Name field. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 417: Edit Epc Settings
Click the EPC tab. The EPC window is displayed. Configure EPC global settings and add or remove device profiles, as explained in Users > Local Groups page Users > Local Groups on page 382. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 418: Log Configuration
Log Configuration This section provides information and configuration tasks specific to the Log pages on the Dell SonicWALL Secure Mobile Access web-based management interface. Topics: • Log > View on page 418 • Log > Settings on page • Log > Categories on page •...
Page 419 The name of the user who was logged into the appliance when the message was generated. Location The geographical location of the source IP for each event log message. Message The text of the log message. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 420: Viewing Logs
After the log file reaches the 50 MB log size limit, the log entry is cleared and optionally emailed to the Secure Mobile Access administrator. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 421: Emailing Logs
This section provides an overview of the Log > Settings page and a description of the configuration tasks available on this page. • Log > Settings Overview on page • Configuring Log Settings on page • Configuring the Mail Server on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 422: Log > Settings Overview
SMTP port. Configuring Log Settings To configure log and alert settings, complete the following steps: To begin configuring event log, syslog and alert settings, navigate to the Log > Settings page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 423 10 To use SMTP authentication when sending log files, select Enable SMTP Authentication. The display changes to expose related fields. Enter the user name, password, and the SMTP port to use. The default port is 25. 11 Click Accept to update your configuration settings. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 424: Configuring The Mail Server
This section provides an overview of the Log > Categories page and a description of the various categories of event messages that can be viewed in the log. This page allows for each category to be enabled or disabled by Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 425: Log > Viewpoint
This section provides an overview of the Log > ViewPoint page and a description of the configuration tasks available on this page. • Log > ViewPoint Overview on page • Adding a ViewPoint Server on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 426: Log > Viewpoint Overview
The Log > ViewPoint page allows the administrator to add the SMA/SRA appliance to a ViewPoint server for installations that have Dell SonicWALL ViewPoint available, or are managed by the Dell SonicWALL Global Management System (GMS) appliance management software. This feature requires a ViewPoint license key.
Page 427: Adding An Analyzer Server
Dell SonicWALL Analyzer is a software application that creates dynamic, web-based network reports. The Analyzer Reporting Module generates both real-time and historical reports to offer a complete view of all activity through Dell SonicWALL network security appliances. With Analyzer Reporting, you can monitor network access, enhance security, and anticipate future bandwidth needs.
Page 428: Part 5. Using Virtual Office
Part 5 Using Virtual Office • Virtual Office Configuration Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 429: Virtual Office Configuration
Virtual Office Configuration This section provides information and configuration tasks specific to the Virtual Office page on the Dell SonicWALL Secure Mobile Access web-based management interface. Topics: • Virtual Office on page Virtual Office This section provides an overview of the Virtual Office page and a description of the configuration tasks available on this page.
Page 430: Using The Virtual Office
Add and configure bookmarks for offloaded portals • Follow bookmark links • Import certificates • Get Virtual Office help • Configure a system for Secure Virtual Access mode, if allowed by administrator • Configure passwords Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 431: Dell Sonicwall Secure Mobile Access Connect Agent
Configure single sign-on options NOTE: For detailed configuration information about the Virtual Office user portal and these tasks, refer to the Dell SonicWALL Secure Mobile Access User Guide. Dell SonicWALL Secure Mobile Access Connect Agent The Browser Plug-ins (NPAPI, ActiveX, and Java Applet) are used to launch native applications such as Net- Extender, Virtual Assist, EPC, and so on.
Page 432: Setting Up The Sma Connect Agent
Additionally, typical data center server farms are fronted with a load balancer and/or reverse SSL Proxy to offload SSL processing on the servers. For a load balancer fronting the servers and doing decryption, the Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 433 Browser Warning When the Scheme URL tries to launch the SMA Connect Agent, the browser could popup a warning message to confirm that you want to launch the SMA Connect Agent: Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 434 To launch the Citrix Native Bookmark, after logging in to the StoreFront, launch any Citrix desktops or applications such as other Citrix bookmarks. A browser confirmation message might appear. In a Chrome warning window, press Launch Application to launch the Citrix or SMA Connect Agent. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 435 On the portal page, there are buttons you can click to launch supported SonicWALL Applications, including Net- Extender, Virtual Assist, and Virtual Meeting. Net-Extender cannot run on Macintosh. Therefore, the SMA Connect Agent does not support the Net-Extender connection on Macintosh. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 436: Part 6. Appendices
• Configuring the SMA/SRA Appliance with a Third-Party Gateway • Use Cases • NetExtender Troubleshooting • Frequently Asked Questions • Using the Command Line Interface • Using SMS Email Formats • Support Information Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 437: Using Online Help
The same help icon appears next to certain fields and check boxes throughout the Secure Mobile Access management interface. When you hover your mouse cursor over one of these help icons, a tooltip is displayed containing important information about configuring the associated option. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 438: Configuring The Sma/Sra Appliance With A Third-Party Gateway
If you do not have these, contact your network administrator before continuing. Dell SonicWALL recommends updating the PIX’s OS to the most recent version if your PIX can support it. This document was validated on a Cisco PIX 515e running PIX OS 6.3.5 and is the recommended version for interoperation with an SMA/SRA appliance.
Page 439: Method One - Sma/Sra Appliance On Lan Interface
16 Exit config mode and issue the command ‘wr mem’ to save and activate the changes. 17 From an external system, attempt to connect to the SMA/SRA appliance using both HTTP and HTTPS. If you cannot access the SMA/SRA appliance, check all previous steps and test again. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 440 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 441: Method Two - Sma/Sra Appliance On Dmz Interface
Connect to the PIX’s management CLI by way of console port, telnet, or SSH and enter configure mode. Issue the command ‘clear http’ to shut off the PIX’s HTTP/S management interface. 10 Issue the command ‘interface ethernet2 auto’ (or whatever interface you are using) Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 442 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list sslvpn permit tcp any host 64.41.140.167 eq www access-list sslvpn permit tcp any host 64.41.140.167 eq https Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 443 192.168.100.101-192.168.100.199 inside dhcpd dns 192.168.100.10 dhcpd lease 600 dhcpd ping_timeout 750 dhcpd domain vpntestlab.com dhcpd enable inside terminal width 80 banner motd Restricted Access. Please log in to continue. Cryptochecksum:81330e717bdbfdc16a140402cb503a77 : end Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 444: Linksys Wrt54Gs
Before you get started, take note of which port the WatchGuard is using for management. If the WatchGuard is not being managed on HTTPS (443), perform the following steps. If the WatchGuard is being managed on HTTPS (443) you’ll need to first review the notes within this guide. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 445 Clear Use non-secure HTTP instead of secure HTTPS for administrative Web site. Change the HTTP Server Port to 444 and click Submit. The WatchGuard is now managed from the WAN on port 444. It should be accessed as follows: https://<watchguard wan ip>:444 Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 446: Netgear Fvs318
If Remote Management of the NetGear is desired, you must leave the box checked and change the default port (8080 is recommended) Navigate to Add Service in the left navigation. Click Add Custom Service. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 447 10 Enter the WAN IP address of the SMA/SRA appliance (ex.192.168.100.2) in the Local Server Address field. 11 Click Accept to save changes. Your Netgear gateway device is now ready for operations with the SMA/SRA appliance. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 448: Netgear Wireless Router Mr814 Ssl Configuration
Your Netgear wireless router is now ready for operations with the SMA/SRA appliance. Check Point AIR 55 Topics: • Setting up an SMA/SRA Appliance with Check Point AIR 55 on page • Static Route on page • on page Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 449: Setting Up An Sma/Sra Appliance With Check Point Air 55
(sometimes known as a demilitarized zone) then subsequent firewall rules have to pass the necessary traffic from the secure segment to the internal network. Next, select the NAT tab for the object you have created. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 450: Static Route
Again, should the SMA/SRA appliance be located on a secure segment of the Check Point firewall, a second rule allowing the relevant traffic to flow from the SMA/SRA appliance to the internal network is necessary. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 451: Use Cases
Importing a goDaddy Certificate on Windows In this use case, we format a goDaddy Root CA Certificate on a Windows system and then import it to our Dell SonicWALL Secure Mobile Access (SMA) and Secure Remote Access (SRA) appliance.
Page 452 In the Certificate Export Wizard, click Next. Select Base-64 encoded X.509 (.CER) and then click Next. In the File to Export screen, type the file name in as goDaddy.cer and then click Next. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 453 10 In the Additional CA Certificates section, click Import CA Certificate. The Import Certificate window appears. 11 In the Import Certificate window, click Browse and navigate to the goDaddy.cer file on your Windows system and double-click it. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 454: Importing A Server Certificate On Windows
While Active Directory allows users to be members in multiple groups, the SMA/SRA appliance only allows each user to belong to a single group. It is this group that determines the access policies assigned to the user. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 455: Creating The Active Directory Domain
This section describes how to create the Secure Mobile Access Local Domain, SNWL_AD. SNWL_AD is associated with the Active Directory domain of the OWA server. Log in to the Secure Mobile Access management interface and navigate to the Portals > Domains page. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 456: Adding A Global Deny All Policy
Later, we can add Permit policies for each group, one at a time. Navigate to the Users > Local Users page. Click Configure in the Global Policies row. The Edit Global Policies window appears. In the Edit Global Policies window, click the Policies tab. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 457: Creating Local Groups
We will add three local groups, corresponding to our Active Directory groups. In the Add Local Group window, type Acme_Group into the Group Name field. Select SNWL_AD from the Domain drop-down list. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 458 Group. Click Configure in the Acme_Group row. The Edit Group Settings window appears. In the Edit Group Settings window, click the AD Groups tab. On the AD Groups tab, click Add Group. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 459: Adding The Sshv2 Permit Policy
On the Users > Local Groups page, click Configure in the Acme_Group row. The Edit Group Settings window appears. In the Edit Group Settings window, click the Policies tab. On the Policies tab, click Add Policy. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 460: Adding The Owa Permit Policies
In the Users > Local Groups page, click Configure in the Mega_Group row. We will create two PERMIT policies for Mega_Group to allow access to the OWA Exchange server. In the Edit Group Settings window, click the Policies tab, and then click Add Policy. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 461 14 In the Edit Group Settings window, click OK. We are finished with the policies for Mega_Group. Repeat this procedure for IT_Group to provide OWA access for members of the Active Directory group, IT Group. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 462: Verifying The Access Policy Configuration
SMA/SRA appliance, and attempting to access the resources. Test Result: Try Acmeuser Access Acmeuser logs into the SNWL_AD domain. The Users > Status page shows that acmeuser is a member of the local group, Acme_Group. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 463 Acmeuser can access SSH, as expected. Acmeuser tries to access to other resources like OWA 10.200.1.10, but is denied, as expected. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 464 The Users > Status page shows that megauser is a member of the local group, Mega_Group. Megauser can access OWA resources, as expected. Megauser tries to access SSH, but is denied, as expected. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 465 Ituser logs into the SNWL_AD domain. The Users > Status page shows that ituser is a member of the local group, IT_Group. Ituser can access SSH to 10.200.1.102, as expected. Ituser can access OWA resources, as expected. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 466: Netextender Troubleshooting
NetExtender Troubleshooting See the following tables with troubleshooting information for the Dell SonicWALL Secure Mobile Access (SMA) or Secure Remote Access (SRA) NetExtender utility. Table 48. NetExtender Cannot Be Installed Problem Solution NetExtender cannot be installed. Check your OS Version, NetExtender only supports Windows Vista or higher, Mac OS X 10.5 or higher with Apple Java 1.6.0_10 or...
Page 467 The event logs in Control Panel > Administrator Tools > Event Viewer. Select Applications and System events and use the Action /Save Log File as… menu to save the events in a log file. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 468 The event logs in Control Panel > Administrator Tools > Event Viewer. Select Applications and System Events and use the Action /Save Log File as… menu to save the events in a log file. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 469: Frequently Asked Questions
Frequently Asked Questions This appendix contains frequently asked questions (FAQs) about the Dell SonicWALL Secure Mobile Access(SMA) or Secure Remote Access (SRA) appliance. • Hardware FAQ on page 472 What are the hardware specs for the SRA 4600 and SRA 1600?
Page 470 What is the most common deployment of the SMA/SRA appliances? on page Why is it recommended to install the SMA/SRA appliance in one-port mode with a Dell SonicWALL security appliance? on page Is there an installation scenario where you would use more than one interface or install the...
Page 471 Can I create site-to-site VPN tunnels with the SMA/SRA appliance? on page Can the Dell SonicWALL Global VPN Client (or any other third-party VPN client) connect to the SMA/SRA appliance? on page Can I connect to the SMA/SRA appliance over a modem connection?
Page 472: Hardware Faq
Should I create a Global Deny ALL policy? on page Hardware FAQ What are the hardware specs for the SMA 400 and SMA 200? Answer: Interfaces SMA 200: (2) gigabit Ethernet, (2) USB, (1) console SMA 400: (4) gigabit Ethernet, (2) USB, (1) console Processors SMA 200: 1.74 GHz Intel Atom™...
Page 473 SMA 200: 92 BTU SMA 400: 109 BTU Dimensions SMA 200: 17.00 x 10.13 x 1.75 in (43.18 x 25.73 x 4.45 cm) SMA 400: 17.00 x 10.13 x 1.75 in (43.18 x 25.73 x 4.45 cm) Weight SMA 200: 11 lbs (5 kg)
Page 474: What Are The Sma 500V Virtual Appliance Virtualized Environment Requirements
SMA 400/200 processor includes AES NI instructions to accelerate AES encryption. What operating system do the SMA/SRA appliances run? Answer: The appliance runs Dell SonicWALL’s own hardened Linux distribution. Can I put multiple SMA/SRA appliances behind a load-balancer? Answer: Yes, this should work fine as long as the load-balancer or content-switch is capable of tracking sessions based upon SSL Session ID persistence, or cookie-based persistence.
Page 475: What Are The Maximum Number Of Connections Allowed On The Different Sma/Sra Appliances
Policy address entries Network Objects ‘Address’ Network Objects ‘Network’ Network Objects ‘Service’ Network Objects SMB shares 1,024 1,024 1,024 1,024 1,024 SMB nodes 1,024 1,024 1,024 1,024 1,024 SMB workgroups 8 Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 476: Digital Certificates And Certificate Authorities Faq
SSL certificate onto the SMA/SRA appliance. I get the following message when I log in to my SMA/SRA appliance – what do I do? Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 477: Get The Following Message When I Log In To My Sma/Sra Appliance Using Firefox- What Do I Do
Permanently store this exception is checked, and finally, click Confirm Security Exception. See the following: To avoid this inconvenience, it is strongly recommended that all SMA/SRA appliances, going forward, have a trusted digital certificate installed. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 478: When I Launch Any Of The Java Components It Gives Me An Error - What Should I Do
Do I have to purchase a SSL certificate? Answer: Although the level of encryption is not compromised, users accepting an untrusted certificate introduces the risk of Man-in-the-Middle attacks. Dell SonicWALL recommends installing only trusted certificates or installing the default self-signed certificate in all the clients.
Page 479: 13 Why Do I See The Status "Pending" After Importing A New Certificate And Private Key
Failures to validate the client certificate also causes failures to logon. Among the most common are certificate is not yet valid, certificate has expired, login name does not match common name of the certificate, certificate not sent. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 480: Netextender Faq
Dell SonicWALL NSA 3500 appliance on a DMZ using 192.168.200.0/24 as the subnet for that DMZ, and the Dell SonicWALL NSA 3500 had two LAN subnets of 192.168.168.0/24 and 192.168.170.0/24, you would enter those two LAN subnets as the client routes to provide NetExtender clients access to network resources on both of those LAN subnets.
Page 481 The MSI package is designed for the administrator to deploy NetExtender through Active Directory, allowing full version control through Active Directory. 11 How is NetExtender different from a traditional IPSec VPN client, such as Dell SonicWALL’s Global VPN Client (GVC)?
Page 482: General Faq
What needs to be activated on the browser for me to successfully connect to the SMA/SRA appliance? Answer: • • Enable cookies • Enable pop-ups for the site • Enable Java • Enable Javascript • Enable ActiveX Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 483 “DMZ” network/interface of a Dell SonicWALL security appliance, such as a Dell SonicWALL TZ or NSA appliance. 10 Why is it recommended to install the SMA/SRA appliance in one-port mode with a Dell SonicWALL security appliance? Answer: This method of deployment offers additional layers of security control plus the ability to use Dell SonicWALL’s Unified Threat Management (UTM) services, including Gateway Anti-Virus, Anti-...
Page 484 DNS and default route settings on the Network pages. 14 Can I create site-to-site VPN tunnels with the SMA/SRA appliance? Answer: No, it is only a client-access appliance. If you require this, you need a Dell SonicWALL TZ, NSA. or SuperMassive series security appliance.
Page 485 Answer: This feature allows you to create a backup snapshot of the firmware and settings into a special file that can be reverted to from the management interface or from SafeMode. Dell SonicWALL strongly recommends creating system backup right before loading new software, or making significant changes to the programming of the appliance.
Page 486 Terminal Server you are accessing. 41 Can I integrate the SMA/SRA appliance with wireless? Answer: Yes, refer to the Dell SonicWALL Secure Wireless Networks Integrated Solutions Guide, available through Elsevier, http://www.elsevierdirect.com/. 42 Can I manage the appliance on any interface IP address of the SMA/SRA appliance? Answer: Yes, you can manage on any of the interface IP addresses.
Page 487 Answer: Yes, this is supported. 60 Should I create a Global Deny ALL policy? Answer: Yes, Dell SonicWALL recommends that administrators set up a Global Deny ALL policy that allows access to only trusted hosts. This prevents outbound requests to malicious hosts from Secure Mobile Access.
Page 488: Using The Command Line Interface
SMA/SRA appliance defaults. The CLI utility remedies this by allowing basic configuration of the network settings when deploying the Virtual Appliance. NOTE: The Dell SonicWALL Secure Mobile Access CLI allows configuration of only the X0 interface on the SRA 4600/1600 or SMA 500v Virtual Appliance. NOTE: To use the CLI on a serial connection or in an SSH management session, you need to use a terminal emulation application (such as Tera Term) or an SSH Client application (such as PuTTY).
Page 489 The following shows the result when you save the changes: Would you like to save these changes (y/n)? y Saving changes...please wait.. Changes saved! Press <Enter> to continue... Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 490 ] Starting httpd: [ ] Starting ftpsession: [ ] Starting graphd: [ Restart completed...returning to main menu... Logout – The logout option ends the CLI session and returns to the login prompt. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 491: Safemode
You can get to the SafeMode CLI, by pressing the SafeMode switch to reboot to SafeMode, and then logging in as admin. The password is the same as the password for the admin account that is configured on the appliance. The default is password. sma400 login: admin Password: password Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 492 The numbered options explain themselves. Select the number of the option you would like to perform. For the first option, to Manage Firmware Images, press 1. The following screen appears with five additional options. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 493 The three additional options explain themselves. Select the number of the option you would like to perform. For more instructions on how to restart your firewall in SafeMode, refer to the Getting Started Guide for your particular appliance. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 494: Using Sms Email Formats
Celcom (Malaysia) 4085551212@sms.celcom.com.my Cellular One 4085551212@mobile.celloneusa.com Cellular One East Cost 4085551212@phone.cellone.net Cellular One South West 4085551212@swmsg.com Cellular One 4085551212@mobile.celloneusa.com Cellular One 4085551212@cellularone.txtmsg.com Cellular One 4085551212@cellularone.textmsg.com Cellular South 4085551212@csouth1.com CenturyTel 4085551212@messaging.centurytel.net Cingular 4085551212@mobile.mycingular.net Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 495 4085551212@ideacellular.net Gujarat Airtel 4085551212@airtelmail.com Gujarat Celforce / Fascel 4085551212@celforce.com Goa Airtel 4085551212@airtelmail.com Goa BPLMobil 4085551212@bplmobile.com Goa Idea Cellular 4085551212@ideacellular.net Haryana Airtel 4085551212@airtelmail.com Haryana Escotel 4085551212@escotelmobile.com Himachal Pradesh Airtel 4085551212@airtelmail.com Houston Cellular 4085551212@text.houstoncellular.net Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 496 Mumbai Orange 4085551212@orangemail.co.in MTS (Russia) 4085551212@sms.mts.ru 4085551212@sms.mts.ru Mumbai BPL Mobile 4085551212@bplmobile.com MTN (South Africa only) 4085551212@sms.co.za MiWorld (Singapore) 4085551212@m1.com.sg NBTel 4085551212@wirefree.informe.ca Netcom GSM (Norway) 4085551212@sms.netcom.no Nextel 4085551212@messaging.nextel.com Nextel 4085551212@nextel.com.br NPI Wireless 4085551212@npiwireless.com Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 497 4085551212@messaging.sprintpcs.com Sprint 4085551212@sprintpaging.com Swisscom 4085551212@bluewin.ch Swisscom 4085551212@bluemail.ch Telecom Italia Mobile (Italy) 4085551212@posta.tim.it Telenor Mobil Norway 4085551212@mobilpost.com Telecel (Portugal) 4085551212@sms.telecel.pt Tele2 4085551212@sms.tele2.lv Tele Danmark Mobil 4085551212@sms.tdk.dk Telus 4085551212@msg.telus.com Telenor 4085551212@mobilpost.no Telia Denmark 4085551212@gsm1800.telia.dk Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 498 Virgin Mobile 4085551212@vmobl.com Vodafone Omnitel (Italy) 4085551212@vizzavi.it Vodafone Italy 4085551212@sms.vodafone.it Vodafone Japan 4085551212@pc.vodafone.ne.j Vodafone Japan 4085551212@h.vodafone.ne.jp Vodafone Japan 4085551212@t.vodafone.ne.jp Vodafone Spain 4085551212@vodafone.es Vodafone UK 4085551212@vodafone.net West Central Wireless 4085551212@sms.wcc.net Western Wireless 4085551212@cellularonewest.com Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 499: Support Information
GNU General Public License (GPL) Source Code Dell SonicWALL provides a machine-readable copy of the GPL open source on a CD. To obtain a complete machine-readable copy, send your written request, along with a certified check or money order in the amount of US $25.00 payable to “Dell SonicWALL, Inc.”...
Page 500: End User License Agreement
HARDWARE OR SOFTWARE EVEN IF DELL SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall Dell SonicWALL or its suppliers' liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose.
Page 501 Dell unless Dell accepts such terms in writing. Each Order shall be subject to approval by Dell and shall represent the Customer’s irrevocable commitment to purchase and pay for the Products and/or Maintenance Services stated in the Order.
Page 502 Software installed on its Client’s computer equipment or require the Client to do the same. Customer agrees that it shall be jointly and severally liable to Dell for the acts and omissions of its Clients in connection with their use of the Software and Documentation and shall, at its expense, defend Dell against any action, suit, or claim brought against Dell by a Client in connection with or related to Customer’s Management Services and pay any final judgments or...
Page 503 Products or prior to the commencement of any Renewal Maintenance Period and Customer shall make all payments due to Dell in full within thirty (30) days from the date of each invoice or such other period (if any) stated in an Signed Order. Dell reserves the right to charge Customer a late penalty of 1.5 percent...
Page 504 Customer shall, at its expense, defend Dell and its Affiliates from any third-party claim or action arising out of any inaccurate representation made by Customer regarding the existence of an export license, Customer’s failure to provide information to Dell to obtain an export license or any allegation made against Dell due to Customer’s violation or alleged violation of the Export Controls (an “Export Claim”) and shall pay any...
Page 505 Software, except that the Software may contain a key limiting its use to the scope of the License granted, and license keys issued by Dell for temporary use are time-sensitive (the “Virus Warranty”):...
Page 506 Software was not operating in substantial conformance with the applicable Documentation. (iii) For a breach of the Virus Warranty, Dell shall replace the Software with a copy that is in conformance with the Virus Warranty. (iv) For a breach of the Media Warranty, Dell shall, at its expense, replace the defective media.
Page 507 Software with other products, services, or data not supplied by Dell if the infringement would not have occurred but for such use. If Customer’s use of the Software is enjoined as a result of a Claim, Dell shall, at its expense and option either (1) obtain for Customer the right to continue using the enjoined...
Page 508 16 Protected Data. For purposes of this Section, “Protected Data” means any information or data that is provided by Customer to Dell during this Agreement that alone or together with any other information Dell SonicWALL Secure Mobile Access 8.5...
Page 509 European Union. Customer hereby (i) represents that it has the right to send the Protected Data to Dell, (ii) consents for Dell to store and use the Protected Data worldwide for the sole purpose of performing its obligations under this Agreement and any applicable Orders, (iii) agrees that the Protected Data may be accessed and used by Dell and its Representatives worldwide as may be needed to support Dell’s standard business...
Page 510 SaaS Software, the SaaS Environment, or a system, account or network of Dell or any of Dell’s customers or suppliers; (v) interfere or attempt to interfere with service to any user, host or network; (vi) engage in fraudulent, offensive or illegal activity of any nature or intentionally engage in any activity that infringes the intellectual property rights or privacy rights of any individual or third-party;...
Page 511 (4) days following deposit in the mail in accordance with this paragraph. Disclosure of Customer Status. Dell may include Customer in its listing of customers and, upon written consent by Customer, announce Customer's selection of Dell in its marketing communications.
Page 512 No other act, document, usage or custom shall be deemed to amend or modify this Agreement or an Order. Dell SonicWALL Secure Mobile Access 8.5 Administration Guide...
Page 513: Glossary
A protocol that defines a standard for remote file access, allowing users with different platforms and computers to share files without installing special software. File Shares Dell SonicWALL's network file browsing feature on the SMA/SRA appliance. This uses the Web browser to browse shared files on the network. Lightweight Directory Access Protocol (LDAP) An Internet protocol that email and other programs use to retrieve data from a server.
Page 514: About Dell
Technical support resources Technical support is available to customers who have purchased Dell software with a valid maintenance contract and to customers who have trial versions. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year.

This manual is also suitable for:

Sma 400 Sra 1600 Sra 4600 Sma 500v

Dell SMA 200 Administration Manual

Table of Contents

Browser Requirements

Browser Requirements for the Administrator

Part 1. Introduction

About this Guide

Network Resources Overview

Performing Secure Virtual Assist Technician Tasks

Navigating the Management Interface

Secure Mobile Access Overview

Part 2. Configuring Secure Mobile Access

System Configuration

Network Configuration

Portals > Url Based Aliasing

Adding a URL Based Aliasing Group

Portals Configuration

Part 3. Configuring Services & Clients

Services Configuration

Device Management Configuration

Netextender Configuration

End Point Control

Secure Virtual Assist Configuration

Secure Virtual Meeting

Web Application Firewall Configuration

Geo IP and Botnet Filter

High Availability Configuration

Part 4. Configuring Users & Logs

Users Configuration

Log Configuration

Part 5. Using Virtual Office

Virtual Office Configuration

Part 6. Appendices

Using Online Help

Configuring the SMA/SRA Appliance with a Third-Party Gateway

Use Cases

Netextender Troubleshooting

URL Based Aliasing Overview

Quick Links

Chapters

Troubleshooting

Related Manuals for Dell SMA 200

Summary of Contents for Dell SMA 200