Secure Mobile Access 100 10.2 Administration Guide
- Secure Mobile Access 10.2
- Introduction
- About This Guide
- New Features
- Deprecated Features
- Overview of SMA Components
- SMA Software Components
- SMA Hardware Components
- Client Versions Released with 10.2
- SMA 500v Virtual Appliances
- Increased Client Connections on SMA 210/410
- Capture ATP Integration Overview
- Always on VPN
- Encryption Overview
- SSL for Virtual Private Networking (VPN)
- SSL Handshake Procedure
- IPv6 Support Overview
- Portals Overview
- File Shares
- Domains Overview
- Application Offloading and HTTP(S) Bookmarks Overview
- Cross Domain Single Sign-On
- ActiveSync Authentication
- Network Resources Overview
- SNMP Overview
- DNS Overview
- Network Routes Overview
- NetExtender Overview
- Two-Factor Authentication Overview
- One Time Password Overview
- End Point Control Overview
- Web Application Firewall Overview
- What is Web Application Firewall?
- Benefits of Web Application Firewall
- How Does Web Application Firewall Work?
- How are Signatures Used to Prevent Attacks?
- How is Cross-Site Request Forgery Prevented?
- How is Information Disclosure Prevented?
- How are Broken Authentication Attacks Prevented?
- How are Insecure Storage and Communications Prevented?
- How is Access to Restricted URLs Prevented?
- How are Slowloris Attacks Prevented?
- What Type of PCI Compliance Reports Are Available?
- How Does Cookie Tampering Protection Work?
- How Does Application Profiling Work?
- How Does Rate Limiting for Custom Rules Work?
- Navigating the Management Interface
- Deployment Guidelines
- Secure Mobile Access Dashboard
- Configuring Secure Mobile Access
- System Configuration
- System > Status
- System > Licenses
- System > Time
- System > Settings
- System > Administration
- System > Certificates
- System > Monitoring
- System > Diagnostics
- System > Restart
- System > About
- Network Configuration
- Portals Configuration
- Portals > Portals
- Portals > Application Offloading
- Portals > Domains
- Viewing the Domains Table
- Removing a Domain
- Adding or Editing a Domain
- Secure Hosts for Secure Network Detection
- Adding or Editing a Domain with Local User Authentication
- Adding or Editing a Domain with Active Directory Authentication
- Adding or Editing a Domain with RADIUS Authentication
- Adding or Editing a Domain with Digital Certificates
- Adding a Domain with SAML 2.0 Authentication
- Configuring SAML Authentication
- Configuring Two-Factor Authentication
- DUO Security Authentication
- Portals > Load Balancing
- Portals > URL Based Aliasing
- System Configuration
- Configuring Services and Clients
- Services Configuration
- Services > Settings
- Services > Bookmarks
- Terminal Services (RDP-HTML5 and Native)
- Terminal Services (RDP-HTML5)
- Virtual Network Computing (VNC-HTML5)
- Citrix Portal (Citrix)
- Web (HTTP)
- Secure Web (HTTPS)
- External Web Site
- Mobile Connect
- File Shares (CIFS)
- File Transfer Protocol (FTP) and SSH File Transfer Protocol (SFTP)
- Telnet HTML5 Settings
- Secure Shell Version 2 (SSHv2)
- Services > Policies
- Device Management Configuration
- Clients Configuration
- End Point Control
- Web Application Firewall Configuration
- Viewing and Updating Web Application Firewall Status
- Configuring Web Application Firewall Settings
- Enabling Web Application Firewall and Configuring General Settings
- Configuring Global Exclusions
- Configuring Intrusion Prevention Error Page Settings
- Configuring Cross-Site Request Forgery Protection Settings
- Configuring Cookie Tampering Protection Settings
- Configuring Web Site Cloaking
- Configuring Information Disclosure Protection
- Configuring Session Management Settings
- Configuring Web Application Firewall Signature Actions
- Configuring Custom Rules and Application Profiling
- Using Web Application Firewall Monitoring
- Licensing Web Application Firewall
- Capture ATP
- Geo IP and Botnet Filter
- High Availability Configuration
- Services Configuration
- Configuring Users & Logs
- Users Configuration
- Users > Status
- Users > Local Users
- Local Users
- Editing User Settings
- Adding User Policies
- Adding a Policy for an IP Address
- Adding a Policy for an IP Network
- Adding a Policy for All Addresses
- Setting File Share Access Policies
- Adding a Policy for a File Share
- Adding a Policy for a URL Object
- Policy URL Object Field Elements
- Adding a Policy for All IPv6 Addresses
- Adding a Policy for an IPv6 Address
- Adding a Policy for an IPv6 Network
- Adding or Editing User Bookmarks
- Terminal Services (RDP) or Terminal Services (RDP - HTML5)
- Virtual Network Computing (VNC)
- Citrix Portal (Citrix)
- Web (HTTP)
- Secure Web (HTTPS)
- External Web Site
- Mobile Connect
- File Shares (CIFS)
- File Transfer Protocol (FTP)
- SSH File Transfer Protocol (SFTP)
- Telnet
- Secure Shell Version 2 (SSHv2)
- HTML5 SSH Key File Authentication Support
- Creating a Citrix Bookmark for a Local User
- Creating Bookmarks with Custom SSO Credentials
- Configuring Login Policies
- Denying Mobile App Binding when Login is Attempted from any External Network
- Reusing Mobile App Binding Text Code
- Flexibility in Choosing Two-factor Authentication Method for NetExtender Login
- Configuring End Point Control for Users
- Configuring Capture ATP
- Users > Local Groups
- Deleting a Group
- Adding a New Group
- Editing Group Settings
- Editing General Local Group Settings
- Enabling Routes for Groups
- Adding Group Policies
- Editing a Policy for a File Share
- Configuring Group Bookmarks
- Terminal Services (RDP), Terminal Services (RDP-HTML5) or Terminal Services (RDP-Native)
- Virtual Network Computing (VNC)
- Citrix Portal (Citrix)
- Web (HTTP)
- Secure Web (HTTPS)
- External Web Site
- Mobile Connect
- File Shares (CIFS)
- File Transfer Protocol (FTP) and SSH File Transfer Protocol (SFTP)
- Secure Shell Version 2 (SSHv2) HTML5 Settings
- SSHv2 Common Settings
- Configuring Group End Point Control
- LDAP Attribute Information
- Group Configuration for Active Directory and RADIUS Domains
- Creating a Citrix Bookmark for a Local Group
- Global Configuration
- Log Configuration
- Users Configuration
- Using Virtual Office
- Appendices
- Using Online Help
- Configuring an SMA Appliance with a Third-party Gateway
- Printer Redirection
- Use Cases
- Secure Mobile Access Security Best Practices
- Multi-Factor Authentication
- Additional Configuration Recommendations for Security Best Practices
- Prohibit Saving Username and Password
- Hide Domain List on Portal Login Page
- Enable HTTP Strict Transport Security (HSTS) for SMA
- Enforce Login Uniqueness
- Enforce Client Source Uniqueness
- Enable “Login Schedule”
- Enable “Logout Schedule”
- Enforce Password Complexity
- Enable Client Certificate Enforcement (Advanced Security Feature)
- Restrict Request Headers
- Use a Public Certificate
- Allow Touch ID and Face ID on Mac, Apple IOS, and Android Devices
- Disconnection on Inactivity Timeout
- Disable the Default Admin Account
- Allow Policy Match Logging
- Setup Connection Policies
- Device Registration
- End Point Control
- GEO IP Fencing
- Capture ATP for the SMA 100 Series
- Security Enhancements
- General Considerations
- Frequently Asked Questions
- Using the Command Line Interface
- Using SMS Email Formats
- Support Information
- Glossary
- SonicWall Support
Terminal Services (RDP), Terminal Services (RDP-HTML5) or Terminal Services (RDP-Native)
-
In the Screen Size drop-down menu, select the default terminal services screen size to be used when users execute this bookmark. Because different computers support different screen sizes, when you use a remote desktop application, you should select the size of the screen on the computer from which you are running a remote desktop session. Additionally, you might want to provide a path to where your application resides on your remote computer by typing the path in the Application and Path field.
- In the Colors drop-down menu, select the default color depth for the terminal service screen when users execute this bookmark.
-
Select an Access Type Selection. Smart or Manual.
-
Smart: Allows the firmware to decide which mode to launch on the client.
When creating a new unified bookmark, Smart is selected by default. Auto-detection is processed using bookmark-specific default modes while launching the bookmark.
-
Manual: Provides options to configure the modes, their priorities, and the choose method. At least one mode should be enabled in the selection box.
The launch sequence is as follows: HTML5 and Native. Selecting Manual allows you to change, enable, or disable the launch methods. If you select Native to launch the RDP bookmark, then the SMA Connect Agent launches the RDP Receiver on the local machine to do the RDP connection.
The up and down arrows are used to adjust the launch priority. Fork and tick are used to disable or enable the modes. Disabled modes are put at the bottom of the list with a gray font color.
The Choose during Launch option is not enabled by default under the Manual mode. In this setting, while launching the bookmark, the first available mode in the configured list is run at once after auto-detection.
After the Choose during Launch option is enabled, while launching the unified bookmark, if there are multiple modes available for the client, a menu is provided from which you can choose within a five second count-down. When only one mode is available, the bookmark is also run immediately.
If the Remember my choice option is selected during the launch time, the selected mode is remembered through a cookie.
That means, when next launching the bookmark, the remembered mode is run directly within two seconds. Clicking anywhere in the HTML can 'forget' the remembered mode so you can re-choose.
Editing or deleting the bookmark in the same browser can also reset the remembered mode. When no modes can run on the client with the configuration, the following notice appears.
-
- Optionally enter the local path for this application in the Application and Path field.
-
Select Enable wake-on-LAN to enable waking up a computer over the network connection. Selecting this check box causes the following new fields to be displayed:
- MAC/Ethernet Address – Enter one or more MAC addresses, separated by spaces, of target hosts to wake.
- Wait time for boot-up (seconds) – Enter the number of seconds to wait for the target host to fully boot up before cancelling the WoL operation.
- Send WOL packet to host name or IP address – To send the WoL packet to the hostname or IP of this bookmark, select Send WOL packet to host name or IP address that can be applied in tandem with a MAC address of another machine to wake.
- In the Start in the following folder field, optionally enter the local folder in which to execute application commands.
- Optionally enter the local path for this application in the Application and Path field and specify the folder in the Start in the following folder field. The remote application feature displays a single application to the user. The value can also be the alias of the remote application.
- Enter the Command-line Arguments for the RemoteApp. (Option available for ActiveX or Java only.)
- In the Start in the following folder field, optionally enter the local folder in which to execute application commands. (Option available for ActiveX or Java only.)
- Select Login as console/admin session to allow login as console or admin. Login as admin replaces login as console in RDC 6.1 and newer. (Option available for all Terminal Services.)
- Select Server is TS Farm if users are connecting to a TS Farm or Load Balanced server. Enter the Terminal Services Broker information in the Load Balance Info box, such tsv://MS Terminal Services Plugin. 1. CollectionName. Maximum length is 1024 characters. For the bookmark with complex options (like RDP), options are mixed from all the modes and distinguished with tips like *non-html5, or *for html5.
- By default, the bookmark only connects to the provided name and IP address. If you enable this feature, the SMA appliance obtains the redirected address and connects the user to the correct server. Note that Interactive Login might need to be disabled for this feature to work properly.
- For RDP – HTML5, select the Default Language from the drop-down menu.
-
For Windows clients or on Mac clients running Mac OS X 10.5 or higher with RDC installed, expand Show advanced Windows options and select the check boxes for to redirect the following features on the local network for use in this bookmark:
- Redirect Printers
- Redirect Ports
- Redirect Clipboard
- Redirect Drives
- Redirect SmartCards
- Redirect Plug and Play Devices
-
Select the check boxes for any of the following additional features for use in this bookmark session:
- Display connection bar
- Desktop background
- Menu/window animation
- Show window contents while dragging/resizing
- Auto-reconnection
- Bitmap caching
- Visual styles
- Select the Remote Audio option from the drop-down menu. Audio redirection enables the user to play an audio clip on the server, either remotely or locally. Valid selections are Play on this computer, Play on remote computer, or Do not play. Note that this feature is currently supported by Chrome, Firefox, and Safari.
- For RDP – HTML5, the following Advanced Windows options are available:
- Desktop background
- Menu/window animation
- Show window contents while dragging/resizing
- Enable Compression
- Visual Styles
- Select the Remote Audio option from the drop-down menu. Audio redirection enables the user to play an audio clip on the server, either remotely or locally. Valid selections are Play on this computer, Play on remote computer, or Do not play. Note that this feature is currently supported by Chrome, Firefox, and Safari.
-
If the client application is RDP6, you can select any of the following options: (Option available for all Terminal Services)
- Font smoothing
- Select the Connection Speed from the drop-down menu for optimized performance. (Option available for all Terminal Services.)
- Select the action from the drop-down menu that happens if the Server Authentication fails. Server authentication verifies that you are connecting to the intended remote computer. The strength of the verification required to connect is determined by your system security policy. (Option available for all Terminal Services.)
-
Optionally select Automatically log in and select Use SSL-VPN account credentials to forward credentials from the current Secure Mobile Access session for log in to the RDP server. Enable the Use Login Domain for SSO option to pass the user’s domain to the RDP server. Windows 2008 and newer servers could require this option to be enabled. (Option available for all Terminal Services.)
Select Use custom credentials to enter a custom username, password, and domain for this bookmark.
-
Select Display Bookmark to Mobile Connect clients to display the bookmark on mobile devices. (Option available for all Terminal Services.)
Was This Article Helpful?
Help us to improve our support portal