Secure Mobile Access 100 10.2 Administration Guide
- Secure Mobile Access 10.2
- Introduction
- About This Guide
- New Features
- Deprecated Features
- Overview of SMA Components
- SMA Software Components
- SMA Hardware Components
- Client Versions Released with 10.2
- SMA 500v Virtual Appliances
- Increased Client Connections on SMA 210/410
- Capture ATP Integration Overview
- Always on VPN
- Encryption Overview
- SSL for Virtual Private Networking (VPN)
- SSL Handshake Procedure
- IPv6 Support Overview
- Portals Overview
- File Shares
- Domains Overview
- Application Offloading and HTTP(S) Bookmarks Overview
- Cross Domain Single Sign-On
- ActiveSync Authentication
- Network Resources Overview
- SNMP Overview
- DNS Overview
- Network Routes Overview
- NetExtender Overview
- What is NetExtender?
- Benefits of NetExtender
- NetExtender Concepts
- NetExtender and IPv6
- Two-Factor Authentication Overview
- One Time Password Overview
- End Point Control Overview
- Web Application Firewall Overview
- What is Web Application Firewall?
- Benefits of Web Application Firewall
- How Does Web Application Firewall Work?
- How are Signatures Used to Prevent Attacks?
- How is Cross-Site Request Forgery Prevented?
- How is Information Disclosure Prevented?
- How are Broken Authentication Attacks Prevented?
- How are Insecure Storage and Communications Prevented?
- How is Access to Restricted URLs Prevented?
- How are Slowloris Attacks Prevented?
- What Type of PCI Compliance Reports Are Available?
- How Does Cookie Tampering Protection Work?
- How Does Application Profiling Work?
- How Does Rate Limiting for Custom Rules Work?
- Restful API - Phase 1 Support
- Restful API - Phase 2 Support
- Navigating the Management Interface
- Deployment Guidelines
- Secure Mobile Access Dashboard
- Configuring Secure Mobile Access
- System Configuration
- System > Status
- System > Licenses
- System > Time
- System > Settings
- System > Administration
- System > Certificates
- System > Monitoring
- System > Diagnostics
- System > Restart
- System > About
- Network Configuration
- Portals Configuration
- Portals > Portals
- Portals > Application Offloading
- Portals > Domains
- Viewing the Domains Table
- Removing a Domain
- Adding or Editing a Domain
- Secure Hosts for Secure Network Detection
- Adding or Editing a Domain with Local User Authentication
- Adding or Editing a Domain with Active Directory Authentication
- Adding or Editing a Domain with RADIUS Authentication
- Adding or Editing a Domain with Digital Certificates
- Adding a Domain with SAML 2.0 Authentication
- Configuring SAML Authentication
- Configuring Two-Factor Authentication
- DUO Security Authentication Support for NetExtender and Mobile Connect Clients
- Portals > Load Balancing
- Portals > URL Based Aliasing
- System Configuration
- Configuring Services and Clients
- Services Configuration
- Services > Settings
- Services > Bookmarks
- Terminal Services (RDP-HTML5 and Native)
- Terminal Services (RDP-HTML5)
- Virtual Network Computing (VNC-HTML5)
- Citrix Portal (Citrix)
- Web (HTTP)
- Secure Web (HTTPS)
- External Web Site
- Mobile Connect
- File Shares (CIFS)
- File Transfer Protocol (FTP) and SSH File Transfer Protocol (SFTP)
- Telnet HTML5 Settings
- Secure Shell Version 2 (SSHv2)
- Services > Policies
- Device Management Configuration
- Clients Configuration
- End Point Control
- Web Application Firewall Configuration
- Viewing and Updating Web Application Firewall Status
- Configuring Web Application Firewall Settings
- Enabling Web Application Firewall and Configuring General Settings
- Configuring Global Exclusions
- Configuring Intrusion Prevention Error Page Settings
- Configuring Cross-Site Request Forgery Protection Settings
- Configuring Cookie Tampering Protection Settings
- Configuring Web Site Cloaking
- Configuring Information Disclosure Protection
- Configuring Session Management Settings
- Configuring Web Application Firewall Signature Actions
- Configuring Custom Rules and Application Profiling
- Using Web Application Firewall Monitoring
- Licensing Web Application Firewall
- Capture ATP
- Geo IP and Botnet Filter
- High Availability Configuration
- Services Configuration
- Configuring Users & Logs
- Users Configuration
- Users > Status
- Users > Local Users
- Local Users
- Editing User Settings
- Adding User Policies
- Adding a Policy for an IP Address
- Adding a Policy for an IP Network
- Adding a Policy for All Addresses
- Setting File Share Access Policies
- Adding a Policy for a File Share
- Adding a Policy for a URL Object
- Policy URL Object Field Elements
- Adding a Policy for All IPv6 Addresses
- Adding a Policy for an IPv6 Address
- Adding a Policy for an IPv6 Network
- Adding or Editing User Bookmarks
- Terminal Services (RDP) or Terminal Services (RDP - HTML5)
- Virtual Network Computing (VNC)
- Citrix Portal (Citrix)
- Web (HTTP)
- Secure Web (HTTPS)
- External Web Site
- Mobile Connect
- File Shares (CIFS)
- File Transfer Protocol (FTP)
- SSH File Transfer Protocol (SFTP)
- Telnet
- Secure Shell Version 2 (SSHv2)
- HTML5 SSH Key File Authentication Support
- Creating a Citrix Bookmark for a Local User
- Creating Bookmarks with Custom SSO Credentials
- Configuring Login Policies
- Denying Mobile App Binding when Login is Attempted from any External Network
- Reusing Mobile App Binding Text Code
- Flexibility in Choosing Two-factor Authentication Method for NetExtender Login
- Configuring End Point Control for Users
- Configuring Capture ATP
- Users > Local Groups
- Deleting a Group
- Adding a New Group
- Editing Group Settings
- Editing General Local Group Settings
- Enabling Routes for Groups
- Adding Group Policies
- Editing a Policy for a File Share
- Configuring Group Bookmarks
- Terminal Services (RDP), Terminal Services (RDP-HTML5) or Terminal Services (RDP-Native)
- Virtual Network Computing (VNC)
- Citrix Portal (Citrix)
- Web (HTTP)
- Secure Web (HTTPS)
- External Web Site
- Mobile Connect
- File Shares (CIFS)
- File Transfer Protocol (FTP) and SSH File Transfer Protocol (SFTP)
- Secure Shell Version 2 (SSHv2) HTML5 Settings
- SSHv2 Common Settings
- Configuring Group End Point Control
- LDAP Attribute Information
- Group Configuration for Active Directory and RADIUS Domains
- Creating a Citrix Bookmark for a Local Group
- Global Configuration
- Log Configuration
- Users Configuration
- Using Virtual Office
- Appendices
- Using Online Help
- Configuring an SMA Appliance with a Third-party Gateway
- Printer Redirection
- Use Cases
- Secure Mobile Access Security Best Practices
- Multi-Factor Authentication
- Additional Configuration Recommendations for Security Best Practices
- Prohibit Saving Username and Password
- Hide Domain List on Portal Login Page
- Enable HTTP Strict Transport Security (HSTS) for SMA
- Enforce Login Uniqueness
- Enforce Client Source Uniqueness
- Enable “Login Schedule”
- Enable “Logout Schedule”
- Enforce Password Complexity
- Enable Client Certificate Enforcement (Advanced Security Feature)
- Restrict Request Headers
- Use a Public Certificate
- Allow Touch ID and Face ID on Mac, Apple IOS, and Android Devices
- Disconnection on Inactivity Timeout
- Disable the Default Admin Account
- Allow Policy Match Logging
- Setup Connection Policies
- Device Registration
- End Point Control
- GEO IP Fencing
- Capture ATP for the SMA 100 Series
- Security Enhancements
- General Considerations
- NetExtender Troubleshooting
- Frequently Asked Questions
- Using the Command Line Interface
- Using SMS Email Formats
- Support Information
- Glossary
- SonicWall Support
Frequently Asked Questions
This appendix contains frequently asked questions (FAQs) about the Secure Mobile Access (SMA) appliance.
-
- What are the SMA 500v Virtual Appliance virtualized environment requirements?
- Do the SMA appliances have hardware-based SSL acceleration onboard?
- What operating system do the SMA appliances run?
- Can I put multiple SMA appliances behind a load-balancer?
- What are the maximum number of connections allowed on the different SMA appliances?
-
Digital Certificates and Certificate Authorities FAQ
- What do I do if when I log in to the SMA appliance my browser gives me an error, or if my Java components give me an error?
- I get the following message when I log in to my SMA appliance – what do I do?
- I get the following message when I log in to my SMA appliance using Firefox– what do I do?
- When I launch any of the Java components it gives me an error – what should I do?
- Do I have to purchase an SSL certificate?
- What format is used for the digital certificates?
- Are wild card certificates supported?
- What CA’s certificates can I use with the SMA appliance?
- Does the SMA appliance support chained certificates?
- Any other tips when I purchase the certificate for the SMA appliance?
- Can I use certificates generated from a Microsoft Certificate Server?
- Why can’t I import my new certificate and private key?
- Why do I see the status “pending” after importing a new certificate and private key?
- Can I have more than one certificate active if I have multiple virtual hosts?
- I imported the CSR into my CA’s online registration site but it’s asking me to tell them what kind of Webserver it’s for. What do I do?
- Can I store the key and certificate?
- Does the SMA appliance support client-side digital certificates?
- When client authentication is required my clients cannot connect even though a CA certificate has been loaded. Why?
-
- Does NetExtender work on other operating systems than Windows?
- Which versions of Windows does NetExtender support?
- Can I block communication between NetExtender clients?
- Can NetExtender run as a Windows service?
- What range do I use for NetExtender IP client address range?
- What do I enter for NetExtender client routes?
- What does the ‘Tunnel All Mode’ option do?
- Is there any way to see what routes the SMA appliance is sending NetExtender?
- After I install the NetExtender is it uninstalled when I leave my session?
- How do I get new versions of NetExtender?
- How is NetExtender different from a traditional IPSec VPN client, such as SonicWall Inc.’s Global VPN Client (GVC)?
- Is NetExtender encrypted?
- Is there a way to secure clear text traffic between the SMA appliance and the server?
- What is the PPP adapter that is installed when I use the NetExtender?
- What are the advantages of using the NetExtender instead of a Proxy Application?
- Does performance change when using NetExtender instead of proxy?
- The SMA appliance is application dependent; how can I address non-standard applications?
- Why is it required that an ActiveX component be installed?
- Does NetExtender support desktop security enforcement, such as AV signature file checking, or Windows registry checking?
- Does NetExtender work with the 64-bit version of Microsoft Windows?
- Does NetExtender work 32-bit and 64-bit version of Microsoft Windows 7?
- Does NetExtender support client-side certificates?
- My firewall is dropping NetExtender connections from my SonicWall SMA as being spoofs. Why?
-
- Is the SMA appliance a true reverse proxy?
- What browser and version do I need to successfully connect to the SMA appliance?
- What needs to be activated on the browser for me to successfully connect to the SMA appliance?
- What version of Java do I need?
- What operating systems are supported?
- Why does the ‘File Shares’ component not recognize my server names?
- Does the SMA appliance have an SPI firewall?
- Can I access the SMA appliance using HTTP?
- What is the most common deployment of the SMA appliances?
- Why is it recommended to install the SMA appliance in one-port mode with a SonicWall Inc. security appliance?
- Is there an installation scenario where you would use more than one interface or install the appliance in two-port mode?
- Can I cascade multiple SMA appliances to support more concurrent connections?
- Why can’t I log in to the Secure Mobile Access management interface of the SMA appliance?
- Can I create site-to-site VPN tunnels with the SMA appliance?
- Can the SonicWall Inc. Global VPN Client (or any other third-party VPN client) connect to the SMA appliance?
- Can I connect to the SMA appliance over a modem connection?
- What SSL ciphers are supported by the SMA appliance?
- Is AES supported in the SMA appliance?
- Can I expect similar performance (speed, latency, and throughput) as my IPSec VPN?
- Is Two-factor authentication (RSA SecurID, etc) supported?
- Does the SMA appliance support VoIP?
- Is Syslog supported?
- Does NetExtender support multicast?
- Are SNMP and Syslog supported?
- Does the SMA appliance have a Command Line Interface (CLI)?
- Can I Telnet or SSH into the SMA appliance?
- What does the Web cache cleaner do?
- Why didn’t the Web cache cleaner work when I exited the Web browser?
- What does the ‘encrypt settings file’ check box do?
- What does the ‘store settings’ button do?
- What does the ‘create backup’ button do?
- What is ‘SafeMode’?
- How do I access the SafeMode menu?
- Can I change the colors of the portal pages?
- What authentication methods are supported?
- I configured my SMA appliance to use Active Directory as the authentication method, but it fails with a very strange error message. Why?
- I created a FTP bookmark, but when I access it, the filenames are garbled – why?
- Where can I get a VNC client?
- Does the SMA appliance support printer mapping?
- Can I integrate the SMA appliance with wireless?
- Can I manage the appliance on any interface IP address of the SMA appliance?
- Can I allow only certain Active Directory users access to log in to the SMA appliance?
- Does the HTTP(S) proxy support the full version of Outlook Web Access (OWA Premium)?
- Why are my RDP sessions dropping frequently?
- Can I create my own services for bookmarks rather than the services provided in the bookmarks section?
- Why can’t I see all the servers on my network with the File Shares component?
- What port is the SMA appliance using for the Radius traffic?
- Do the SMA appliances support the ability for the same user account to login simultaneously?
- Does the SMA appliance support NT LAN Manager (NTLM) Authentication?
- I cannot connect to a web server when Windows Authentication is enabled. I get the following error message when I try that: ‘It appears that the target web server is using an unsupported HTTP(S) authentication scheme through the SMA that currently supports only basic and digest authentication schemes. Contact the administrator for further assistance.’ - why?
- Why do Java Services, such as Telnet or SSH, not work through a proxy server?
- There is no port option for the service bookmarks – what if these are on a different port than the default?
- There is no port option for the service bookmarks – what if these are on a different port than the default?
- What if I want a bookmark to point to a directory on a Web server?
- When I access Microsoft Telnet Server using a telnet bookmark it does not allow me to enter a user name -- why?
- What versions of Citrix are supported?
- What applications are supported using Application Offloading?
- Is SSHv2 supported?
- Should I create a Global Deny ALL policy?
Was This Article Helpful?
Help us to improve our support portal