Secure Mobile Access 100 10.2 Administration Guide
- Secure Mobile Access 10.2
- Introduction
- About This Guide
- New Features
- Deprecated Features
- Overview of SMA Components
- SMA Software Components
- SMA Hardware Components
- Client Versions Released with 10.2
- SMA 500v Virtual Appliances
- Increased Client Connections on SMA 210/410
- Capture ATP Integration Overview
- Always on VPN
- Encryption Overview
- SSL for Virtual Private Networking (VPN)
- SSL Handshake Procedure
- IPv6 Support Overview
- Portals Overview
- File Shares
- Domains Overview
- Application Offloading and HTTP(S) Bookmarks Overview
- Cross Domain Single Sign-On
- ActiveSync Authentication
- Network Resources Overview
- SNMP Overview
- DNS Overview
- Network Routes Overview
- NetExtender Overview
- What is NetExtender?
- Benefits of NetExtender
- NetExtender Concepts
- NetExtender and IPv6
- Two-Factor Authentication Overview
- One Time Password Overview
- End Point Control Overview
- Web Application Firewall Overview
- What is Web Application Firewall?
- Benefits of Web Application Firewall
- How Does Web Application Firewall Work?
- How are Signatures Used to Prevent Attacks?
- How is Cross-Site Request Forgery Prevented?
- How is Information Disclosure Prevented?
- How are Broken Authentication Attacks Prevented?
- How are Insecure Storage and Communications Prevented?
- How is Access to Restricted URLs Prevented?
- How are Slowloris Attacks Prevented?
- What Type of PCI Compliance Reports Are Available?
- How Does Cookie Tampering Protection Work?
- How Does Application Profiling Work?
- How Does Rate Limiting for Custom Rules Work?
- Restful API - Phase 1 Support
- Restful API - Phase 2 Support
- Navigating the Management Interface
- Deployment Guidelines
- Secure Mobile Access Dashboard
- Configuring Secure Mobile Access
- System Configuration
- System > Status
- System > Licenses
- System > Time
- System > Settings
- System > Administration
- System > Certificates
- System > Monitoring
- System > Diagnostics
- System > Restart
- System > About
- Network Configuration
- Portals Configuration
- Portals > Portals
- Portals > Application Offloading
- Portals > Domains
- Viewing the Domains Table
- Removing a Domain
- Adding or Editing a Domain
- Secure Hosts for Secure Network Detection
- Adding or Editing a Domain with Local User Authentication
- Adding or Editing a Domain with Active Directory Authentication
- Adding or Editing a Domain with RADIUS Authentication
- Adding or Editing a Domain with Digital Certificates
- Adding a Domain with SAML 2.0 Authentication
- Configuring SAML Authentication
- Configuring Two-Factor Authentication
- DUO Security Authentication Support for NetExtender and Mobile Connect Clients
- Portals > Load Balancing
- Portals > URL Based Aliasing
- System Configuration
- Configuring Services and Clients
- Services Configuration
- Services > Settings
- Services > Bookmarks
- Terminal Services (RDP-HTML5 and Native)
- Terminal Services (RDP-HTML5)
- Virtual Network Computing (VNC-HTML5)
- Citrix Portal (Citrix)
- Web (HTTP)
- Secure Web (HTTPS)
- External Web Site
- Mobile Connect
- File Shares (CIFS)
- File Transfer Protocol (FTP) and SSH File Transfer Protocol (SFTP)
- Telnet HTML5 Settings
- Secure Shell Version 2 (SSHv2)
- Services > Policies
- Device Management Configuration
- Clients Configuration
- End Point Control
- Web Application Firewall Configuration
- Viewing and Updating Web Application Firewall Status
- Configuring Web Application Firewall Settings
- Enabling Web Application Firewall and Configuring General Settings
- Configuring Global Exclusions
- Configuring Intrusion Prevention Error Page Settings
- Configuring Cross-Site Request Forgery Protection Settings
- Configuring Cookie Tampering Protection Settings
- Configuring Web Site Cloaking
- Configuring Information Disclosure Protection
- Configuring Session Management Settings
- Configuring Web Application Firewall Signature Actions
- Configuring Custom Rules and Application Profiling
- Using Web Application Firewall Monitoring
- Licensing Web Application Firewall
- Capture ATP
- Geo IP and Botnet Filter
- High Availability Configuration
- Services Configuration
- Configuring Users & Logs
- Users Configuration
- Users > Status
- Users > Local Users
- Local Users
- Editing User Settings
- Adding User Policies
- Adding a Policy for an IP Address
- Adding a Policy for an IP Network
- Adding a Policy for All Addresses
- Setting File Share Access Policies
- Adding a Policy for a File Share
- Adding a Policy for a URL Object
- Policy URL Object Field Elements
- Adding a Policy for All IPv6 Addresses
- Adding a Policy for an IPv6 Address
- Adding a Policy for an IPv6 Network
- Adding or Editing User Bookmarks
- Terminal Services (RDP) or Terminal Services (RDP - HTML5)
- Virtual Network Computing (VNC)
- Citrix Portal (Citrix)
- Web (HTTP)
- Secure Web (HTTPS)
- External Web Site
- Mobile Connect
- File Shares (CIFS)
- File Transfer Protocol (FTP)
- SSH File Transfer Protocol (SFTP)
- Telnet
- Secure Shell Version 2 (SSHv2)
- HTML5 SSH Key File Authentication Support
- Creating a Citrix Bookmark for a Local User
- Creating Bookmarks with Custom SSO Credentials
- Configuring Login Policies
- Denying Mobile App Binding when Login is Attempted from any External Network
- Reusing Mobile App Binding Text Code
- Flexibility in Choosing Two-factor Authentication Method for NetExtender Login
- Configuring End Point Control for Users
- Configuring Capture ATP
- Users > Local Groups
- Deleting a Group
- Adding a New Group
- Editing Group Settings
- Editing General Local Group Settings
- Enabling Routes for Groups
- Adding Group Policies
- Editing a Policy for a File Share
- Configuring Group Bookmarks
- Terminal Services (RDP), Terminal Services (RDP-HTML5) or Terminal Services (RDP-Native)
- Virtual Network Computing (VNC)
- Citrix Portal (Citrix)
- Web (HTTP)
- Secure Web (HTTPS)
- External Web Site
- Mobile Connect
- File Shares (CIFS)
- File Transfer Protocol (FTP) and SSH File Transfer Protocol (SFTP)
- Secure Shell Version 2 (SSHv2) HTML5 Settings
- SSHv2 Common Settings
- Configuring Group End Point Control
- LDAP Attribute Information
- Group Configuration for Active Directory and RADIUS Domains
- Creating a Citrix Bookmark for a Local Group
- Global Configuration
- Log Configuration
- Users Configuration
- Using Virtual Office
- Appendices
- Using Online Help
- Configuring an SMA Appliance with a Third-party Gateway
- Printer Redirection
- Use Cases
- Secure Mobile Access Security Best Practices
- Multi-Factor Authentication
- Additional Configuration Recommendations for Security Best Practices
- Prohibit Saving Username and Password
- Hide Domain List on Portal Login Page
- Enable HTTP Strict Transport Security (HSTS) for SMA
- Enforce Login Uniqueness
- Enforce Client Source Uniqueness
- Enable “Login Schedule”
- Enable “Logout Schedule”
- Enforce Password Complexity
- Enable Client Certificate Enforcement (Advanced Security Feature)
- Restrict Request Headers
- Use a Public Certificate
- Allow Touch ID and Face ID on Mac, Apple IOS, and Android Devices
- Disconnection on Inactivity Timeout
- Disable the Default Admin Account
- Allow Policy Match Logging
- Setup Connection Policies
- Device Registration
- End Point Control
- GEO IP Fencing
- Capture ATP for the SMA 100 Series
- Security Enhancements
- General Considerations
- NetExtender Troubleshooting
- Frequently Asked Questions
- Using the Command Line Interface
- Using SMS Email Formats
- Support Information
- Glossary
- SonicWall Support
Global Configuration
SMA appliance global configuration is defined from the Local Users or Local Groups environment. To view either, click the Users option in the left navigation menu, then click either the Local Users or Local Groups option.
To edit global settings
- Navigate to either the Users > Local Users or Users > Local Groups window.
- Click the Configure icon next to Global Policies. The Edit Global Policies window is displayed.
- On the General tab, to set the inactivity timeout for all users or groups, meaning that users are signed out of the Virtual Office after the specified time period, enter the number of minutes of inactivity to allow in the Inactivity Timeout field.
- To allow users to add new bookmarks, select Allow from the Allow User to Add Bookmarks drop-down menu. To prevent users from adding new bookmarks, select Deny.
- To allow users to edit or delete user-owned bookmarks, select Allow from the Allow User to Edit/Delete Bookmarks drop-down menu. To prevent users from editing or deleting user-owned bookmarks, select Deny.
-
In the Automatically log into bookmarks drop-down menu, select one of the following options:
- User-controlled (enabled by default for new users): Select this option to allow users to enable or disable single sign-on (SSO) automatic login for bookmarks. This setting enables automatic login by default for new users.
- User-controlled (disabled by default for new users): Select this option to allow users to enable or disable single sign-on (SSO) automatic login for bookmarks. This setting disables automatic login by default for new users.
- Enabled: Select this option to enable automatic login for bookmarks.
- Disabled: Select this option to disable automatic login for bookmarks.
- Click Accept to save the configuration changes.
- Navigate to the NetExtender / Mobile Connect tab.
- To set a client address range, enter a beginning address in the Client Address Range Begin field and an ending address in the Client Address Range End field.
- To set a client IPv6 address range, enter a beginning IPv6 address in the Client IPv6 Address Range Begin field and an ending IPv6 address in the Client IPv6 Address Range End field.
- In the Exit Client After Disconnect drop-down menu, select Enabled or Disabled.
- In the Uninstall Client After Exit drop-down menu, select Enabled or Disabled.
- In the Create Client Connection Profile drop-down menu, select Enabled or Disabled.
-
In the Username & Password Caching drop-down menu, select one of the following:
- Allow saving of username only – Allow caching of the username on the client. Users only need to enter their password when starting NetExtender.
- Allow saving of username & password – Allow caching of the username and password on the client. Users are automatically logged in when starting NetExtender, after the first login.
- Prohibit saving of username & password – Do not allow caching of the username and password on the client. Users are required to enter both username and password when starting NetExtender.
- Navigate to the Routes tab.
- In the Tunnel All Mode drop-down menu, select Enabled to force all traffic for the user, including traffic destined to the remote user’s local network, over the Secure Mobile Access NetExtender tunnel. Tunnel All Mode is disabled by default.
- To add a client route, click Add Client Route...
- In the Add Client Route window, enter a destination network in the Destination Network field. For example, enter the IPv4 network address
10.202.0.0
. For IPv6, enter the IPv6 network address in the form2007::1:2:3:0
. - For an IPv4 destination network, type the subnet mask in the Subnet Mask/Prefix field using decimal format (
255.0.0.0
,255.255.0.0
, or255.255.255.0
). For an IPv6 destination network, type the prefix, such as 112. - Click Accept to save the configuration changes.
- Navigate to the Policies tab.
- To add a policy, click Add Policy...
- In the Apply Policy To drop-down menu, select one of the following: IP Address, IP Address Range, All Addresses, Network Object, Server Path, URL Object, All IPv6 Address, IPv6 Address, or IPv6 Address Range.
- Enter a name for the policy in the Policy Name field.
- In the fields that appear based on your Apply Policy To settings, fill in the appropriate information. For example, if you select IP Address in the Apply Policy To drop-down menu, you need to supply the IP Address in the IP Address field and the service in the Service drop-down menu. If you select IPv6 Address Range, enter the beginning IPv6 address in the IPv6 Network Address field and the prefix that defines the IPv6 address range in the IPv6 Prefix field. Optionally enter a port range (80-443) or a single port number into the Port Range/Port Number field. This field is available when you select IP Address, IP Address Range, IPv6 Address, or IPv6 Address Range in the Apply Policy To drop-down menu.
- Select the desired Protocol. The available value options in the Protocol field include TCP, UDP, ICMP, and ALL. You can select multiple items among TCP, UDP, and ICMP. However, when ALL is selected, all other options are deselected.
- Click Accept to save the configuration changes.
- Click the Bookmarks tab.
- To add a bookmark, click Add Bookmark...
- Enter a bookmark name in the Bookmark Name field.
- Enter the bookmark name or IP address in the Name or IP Address field.
- Select one of the following services from the Service drop-down menu: Terminal Services (RDP), Virtual Network Computing (VNC), Citrix Portal (Citrix), Web (HTTP), Secure Web (HTTPS), File Shares (CIFS), File Transfer Protocol (FTP), SSH File Transfer Protocol (SFTP), Telnet, or Secure Shell Version 2 (SSHv2).
- In the fields that appear based on your Service settings, fill in the appropriate information. For example, if you select Terminal Services (RDP), you need to select the desired screen size from the Screen Size drop-down menu.
- Click Accept to save the configuration changes.
Was This Article Helpful?
Help us to improve our support portal