Abstract
While pre-configured or “fat” client is preferential for most

network users, many IT organizations are making the switch

to a thin client or SSL VPN model in order to reduce costs

and better protect their network from security risks. Unlike

a fat clients or IPSec VPN, thin client enables remote users

to access the network from any computer equipped with an

Internet connection and standard web browser.

No longer are remote users limited to using specially-

configured laptops provided by the IT department, as is the

case with more traditional VPN models. IPSec VPN may

be especially useful in areas where the IT administrator

tightly controls and manages only a small number of

remote workstations, while with fat client VPN systems

administrators can allow users to have a greater level of

access. However, users now can have the best of both worlds

with SonicWall
NetExtender thin client technology for
Secure Mobile Access 100, TZ, NS
a and NSv families. The
tech brief below explains how.

Introduction

With SonicWall NetExtender, users enjoy seamless and

secure network layer access to the intranet, file, desktop

and terminal resources, including Microsoft
® Outlook® and
Microsoft Office 365. Pushed transparently onto the client’s

desktop, laptop or smartphone, the thin client enhances users’

capabilities and significantly reduces the IT administrative

costs and time required to maintain and manage remote access.

SonicWall NetExtender

Simplified and secure end user access for anywhere,

NetExtender adds more power to the SonicWall SMA 100

and firewalls, adding capabilities such as seamless and secure

access to any resource on the corporate network including

servers or custom applications. Unlike a fat client, NetExtender

extends thin client transparently to the client’s desktop or

laptop, and installs it automatically to facilitate this broader

level of access. It assigns remote users an IP address from

a preset pool of IP addresses, enabling them to access any

TCP/IP-based resource on the corporate network including a

wide variety of legacy applications and services. Remote users

gain Layer-3 level access to the protected internal network.

The user experience is similar to that of a traditional IPSec VPN

client, except that manual client installation is not required.

Additionally, users do not have to worry about Network

Address Translation (NAT) devices and proxies, which are the

bane of traditional IPSec-based VPNs.

NetExtender creates a virtual adapter for secure point-to-

point access to any allowed host or subnet on the internal

network. Unlike the stateless nature of the traditional SSL VPN,

NetExtender stays resident on the client machine even after

the connection is closed.

The advantage of running NetExtender as a resident

application on the remote system is that it speeds up login

times in subsequent uses. Of course, if a remote user chooses

to deploy the standalone NetExtender client on their remote

machine, but later logs in from a separate machine, he or she

can still gain access with no problems at all.

Users can access NetExtender easily in the traditional way

from any machine using the browser portal. They can also

select the Uninstall on browser exit option to have NetExtender

remove itself after the session ends.

Extend network access through native clients.

With NetExtender technology, remote users will gain: Access

to email through native clients residing on the user’s laptop,

including everything from Microsoft
® Outlook to commercial or
property applications and flexible network access.

Enforce granular access control policies.

By deploying the SonicWall NetExtender, along with SonicWall

Capture Client, on the remote workstations, administrators can

enforce a policy that requires every remote workstation that

accesses the network to have current versions of anti-virus and

anti-spyware software up and running.

SonicWall NetExtender

Deliver seamless, secure network layer access from anywhere.
© 2020 SonicWall Inc. ALL RIGHTS RESERVED. SonicWall is a
trademark or registered trademark of SonicWall Inc. and/or its affiliates

in the U.S.A. and/or other countries. All other trademarks and registered

trademarks are property of their respective owners.
SonicWall, Inc.
1033 McCarthy Boulevard | Milpitas, CA 95035

Refer to our website for additional information.

www.sonicwall.com

2

Datasheet-NetExtender-VG-US-2884

About SonicWall

SonicWall delivers Boundless Cybersecurity for the hyper-distributed era and a work reality where everyone is remote, mobile

and unsecure. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the

cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit
www.sonicwall.com
Partner Enabled Services

Need help to plan, deploy or optimize your SonicWall solution? SonicWall Advanced Services Partners are trained to provide

you with world class professional services. Learn more at
www.sonicwall.com/PES.
Multiple NetExtender IP range and route

support, permits the administrator to

impose granular access control policies

by assigning specific IP addresses or

ranges of IP addresses, and specific

routes to individual users or groups.

This feature also helps to provide

control that is more granular over who

can access which network resources

through NetExtender.

Enhance firewall encryption

and security.

SonicWall Secure Mobile Access 100

provides a high level of security on

its own. Besides the encryption that

is inherent to the SSL model, the

personalized SonicWall web portal

enforces a high level of granularity for

each user that the administrator controls.

The SMA 100 Series appliance grants

remote users access only to authorized

areas through the portal. NetExtender

also provides enhanced security benefits.

With NetExtender, you can force all

client traffic through the SSL VPN

tunnel, and apply all security services

that are running on your primary

SonicWall Network Security Appliance

(NSA) or SonicWall TZ Series firewall —

including enforcement of the SonicWall

host-based, anti-virus solution.

Versatile, bidirectional support for

remote Windows and Linux clients.

While the application proxies support

specific protocols such as FTP, HTTP,

RDP or VNC, NetExtender is not

protocol specific. Rather, it can support

any TCP/IP-based application that is

running on the local client. Besides

extended access, this also means that

communications are bidirectional. In

other words, the remote client can

initiate communications with a host

on the internal network, and the

reverse is also true — hosts on the

internal network can also initiate

communications with the remote PC.

This functionality is particularly useful

for management and administration of

remote PCs.

Flexible support for multiple

platforms.

Available as a standalone application

for all appliances, the NetExtender

client can be launched through the

SonicWall Virtual Office web portal, or

as a native application on Windows
®
and Linux
® PCs and laptops, to access
any authorized resource on the

corporate network.

NetExtender utilizes a standard interface

across all SSL VPN clients, creating

a unified look and feel. Support for

multiple platforms provides users with

greater flexibility to access remote

resources from various endpoints. Initial

distribution of NetExtender is either

through the SonicWall Virtual Office

portal or via a standalone installer.

After initial distribution, users can

launch NetExtender independently as a

standard application. The NetExtender

client supports domain login scripts, and

implements a custom dialer that allows

launch from the Windows Network

Connections menu.

For mobile devices and operating

systems, SonicWall Mobile Connect
, a
single unified client app for Apple
® iOS,
mac OS, Google
® Android, Chrome OS
and Windows, provides smartphone,

tablet, laptop and desktop users

network-level access to corporate and

academic resources over encrypted SSL

VPN connections.