SonicOS 7.0 SSL VPN

Configuring Virtual Office

The SSL VPN > Virtual Office page displays the Virtual Office web portal inside of the SonicOS management interface.

Accessing the Virtual Office Portal

You can access the Virtual Office Portal two different ways. System administrators can access it through the appliance interface and have rights to make changes applicable to the entire site. Users access it differently through different process and can only make changes that affect their particular profile.

For system administrators to access the SSL VPN Virtual Office portal

  1. Select the NETWORK view.
  2. Look under SSL VPN > Virtual Office.

For users to view the SSL VPN Virtual Office web portal

  1. Navigate to the IP address of the firewall.
  2. Click the link at the bottom of the Login page that says Click here for sslvpn login.

Using NetExtender

SonicWall NetExtender is a transparent software application that enables remote users to securely connect to the remote network. With NetExtender, remote users can securely run any application on the remote network. Users can upload and download files, mount network drives, and access resources as if they were on the local network. The NetExtender connection uses a Point-to-Point Protocol (PPP) connection. The Virtual Office portal displays a link to download the NetExtender client.

Users can access NetExtender in these ways:

  • Logging in to the Virtual Office portal provided by the SonicWall security appliance and clicking on the NetExtender download link, then installing and launching NetExtender.
  • Launching the standalone NetExtender client. After downloading NetExtender from the Virtual Office portal and installing it the first time, it can thereafter be accessed directly from the user’s PC as you would with any other client application.

NetExtender displays a popup window when launched. The SonicWall server is prepopulated with the server used for the initial NetExtender launch and client download. The domain is also populated with the corresponding domain. The user enters username and password and then clicks Connect.

After the connection is established, the NetExtender window provides three screens: Status, Routes, and DNS. The Status screen displays the server, client IP address, the number of kilobytes sent and received, and the throughput in bytes per second. The Routes screen displays the destination subnet IP addresses and corresponding netmasks. The DNS screen displays the DNS servers, DNS suffix, and WINS servers. The routes and DNS settings are controlled by the SonicOS administrator on the SonicWall appliance.

Users can close the NetExtender window after the connection is established. The connection stays open, while window is minimized and can be reopened from the system tray (on Windows).

See About NetExtender for additional information about NetExtender.

Configuring SSL VPN Bookmarks

User bookmarks can be defined to appear on the Virtual Office home page. Individual users cannot modify or delete bookmarks created by the administrator.

When creating bookmarks, remember that some services can run on non-standard ports, and some expect a path when connecting. When you configure a portal bookmark, you need to match the Service type with the right format for the Name or IP Address. Refer to the following table when setting those options.

Service types for ActiveX and Java do not exist in SonicOS 7.0. Preferences from older versions convert to HTML5 during an upgrade.

Bookmark Name or IP Address Formats by Service Type

Service Type Format Example for Name or IP Address Field
  • RDP - ActiveX
  • RDP - Java IP Address
  • IP:Port (non-standard)
  • FQDN
  • Host name
  • 10.20.30.4
  • 10.20.30.4:6818
  • JBJONES-PC.sv.us.sonicwall.com
  • JBJONES-PC
VNC IP Address
  • IP: Port (mapped to session)
  • FQDN
  • Host name

Do not use session or display number instead of port. 10.20.30.4

  • 10.20.30.4:5901 (mapped to session 1)
  • JBJONES-PC.sv.us.sonicwall.com
  • JBJONES-PC

Do not use 10.20.30.4:1

For a bookmark to a Linux server, see the Tip below this table.

Telnet
  • IP Address
  • IP:Port (non-standard)
  • FQDN
  • Host name
  • 10.20.30.4:6818
  • JBJONES-PC.sv.us.sonicwall.com
  • JBJONES-PC
  • 10.20.30.4

SSHv1

SSHv2

  • IP Address
  • IP:Port (non-standard)
  • FQDN
  • Host name
  • 10.20.30.4
  • 10.20.30.4:6818
  • JBJONES-PC.sv.us.sonicwall.com
  • JBJONES-PC

When creating a Virtual Network Computing (VNC) bookmark to a Linux server, you must specify the port number and server number in addition to the Linux server IP the Name or IP Address field in the form of ipaddress:port:server. For example, if the Linux server IP address is 192.168.2.2, the port number is 5901, and the server number is 1, the value for the Name or IP Address field would be 192.168.2.2:5901:1.

To add a portal bookmark

  1. Navigate to the NETWORK | SSL VPN > Virtual Office page.
  2. Click ADD.

  3. Type a descriptive name for the bookmark in the Bookmark Name field.
  4. In the Name or IP Address field, enter the fully qualified domain name (FQDN) or the IPv4 address of a host machine on the LAN. Refer to the Bookmark Name or IP Address Formats by Service Type table for examples of the Name or IP Address expected for a given Service type.
  5. In the Service drop-down menu, chose the appropriate service type:

    • RDP (HTML5-RDP)
    • SSHv2 (HTML5-SSHv2)
    • TELNET (HTML5-TELNET)
    • VNC (HTML5-VNC)

    Different options display, depending on what you selected.

  6. Complete the remaining fields for the service you selected. For the options and definitions, refer to the following table:

    If Service is set to RDP (HTML5-RDP), configure the following

    Screen Size From the drop-down menu, choose the default terminal services screen size to be used when users execute this bookmark.
    From the drop-down menu, choose the default terminal services screen size to be used when users execute this bookmark.
    Colors In the drop-down menu, select the default color depth for the terminal service screen when users select this bookmark.
    Application and Path (optional) If you want, enter the local path to where your application resides on your remote computer.
    Start in the following folder If you want, enter the local folder from which to execute application commands.
    Show windows advanced options

    Click the arrow to expand this and see all the Windows advanced options. Check the box to enable those that you want:

    • Redirect clipboard
    • Auto reconnection
    • Window drag
    • Redirect audio
    • Desktop background
    • Menu/window animation
    Display Bookmark to Mobile Connect Clients Check the box to display the bookmarks to Mobile Connect users.

    If Service is set to SSHv2 (HTML5-SSHv2), configure the following

    Automatically accept host key Check the box to enable.
    Display Bookmark to Mobile Connect clients Check the box to display the bookmarks to Mobile Connect users.

    If Service is set to TELNET (HTML5-TELNET), configure the following

    Display Bookmark to Mobile Connect clients Check the box to display the bookmarks to Mobile Connect users.

    If Service is set to VNC (HTML5-VNC), configure the following:

    View Only Check the box to set the bookmark to view only mode
    Share Desktop Enables the shared desktop feature.
    Display Bookmark to Mobile Connect clients Check the box to display the bookmarks to Mobile Connect users.

7 Click OK to save the configuration.

Dynamic Variables
Text Usage Variable Example Usage
Login Name %USERNAME% US\%USERNAME%
Domain Name %USERDOMAIN% %USERDOMAIN\%USERNAME%

Configuring Device Profile Settings for IPv6

SonicOS supports NetExtender connections for users with IPv6 addresses. On the SSL VPN > Client Settings page, first configure the traditional IPv6 IP address pool, and then configure an IPv6 IP Pool. Clients will be assigned two internal addresses: one IPv4 and one IPv6.

IPv6 Wins Server is not supported.

On the SSL VPN > Client Routes page, user can select a client routes from the drop-down list of all address objects including all the pre-defined IPv6 address objects.

IPv6 FQDN is supported.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden