SonicWALL SSL-VPN Appliances and Software: SSL-VPN 200, SSL-VPN 2000, SSL-VPN 4000.Īffected Firmware versions: All Gen4 and Gen5 firmware versions (SonicOS Enhanced).Īffected Services: SSL-VPN and DMZ port configuration.īefore continuing to connect the SonicWALL SSL-VPN appliance to your network, refer the diagrams on the "SonicWALL Recommended Deployment Scenario” in KBID 6122 to determine the proper scenario for your network configuration. You can also disconnect by double-clicking on the NetExtender icon to open the NetExtender window and. TZ series: TZ 210, TZ 210W, TZ 190, TZ 190 Wireless, TZ 180, TZ 180 Wireless, TZ 170, TZ 170 Wireless, TZ 170 SP, TZ 170 SP Wireless. The NetExtender session disconnects after few seconds. I have been running SonicWALL Global VPN v4. Gen5: NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 240. Obviously, this is a pain when you have stuff open from the network when it disconnects and always has to reboot.
Storage Performance and Utilization Management.Information Archiving & Storage Management.Hybrid Active Directory Security and Governance.Starling Identity Analytics & Risk Intelligence.One Identity Safeguard for Privileged Passwords.Also, on the Route Print from the Remote PC you can see the routes created in the route table which will be removed when Netextender disconnects.Īttachment: SonicWall_UTM_SSL_VPN_using_tunnel_all_mode_for_certain_IP_Public_addresses. As we can see when we connect to the SSL VPN the traffic to the Networks is being Natted out correctly.Ĩ. There should already be a NAT policy auto created to NAT the Traffic out of the WAN IP from the SSL VPN Network, if not create one like below, (Tip if you enable Tunnel All mode on the SSL VPN Client Route Settings and then Disable again it will auto create the NAT policy for you and retain it even after a reboot.)Ħ. We now need to add the IP addresses to the SSL VPN Services Group VPN Access Networks like on the image on the right,ĥ. Add the Firewall rule from SSLVPN to WAN, in this instance I am using the Group for the IP and the Ping to 9.9.9.9 IP.Ĥ. This currently doesn’t work With FQNS only IP address as all the SonicWall is doing is updating your route table on your PC / MAC which won’t support FQDN entries.ġ. Add the Address objects for the required remote IP addresses like below making sure the objects are in SSL VPN Zone, you can then add to a Group.Ģ. Add the individual Objects not the Group to the SSL VPN Client Routes, in this example I have also got the Internal networks added to the routes as we will need to access those via the SSL VPN.ģ.
This Document will show you how to achieve this.Though you could use Tunnel All mode, this isn’t necessary for all other web traffic, it would cause additional overhead on the SonicWall and possibly throughput issues on the remote workers endpoint. Server: NSv 200 Trial (Azure), Product Code: 72902.
At first I was running into the signed driver problem, so I.
Basically, the NetExtender install fails, either through the browser or the standalone installer package available from the SonicWALL partner site. SonicOS Enhanced 6.5.4.4-44v-21-757-3d1fff93. SonicWALL's SSL-VPN product contains a stripped down version of their VPN client called NetExtender, which installs through a web browser.
Note: The described configurations are based on the following software and hardware versions: SonicWall NetExtender Client Version 9.0.277. In certain scenarios you may need to have certain Public IP addresses forced through the SonicWall SSL VPN due to access to the sites / applications being restricted to your Business Public IP address, this would mean that any remote user would not be able to access the service or application whilst connected to the SSL VPN. LastPass offers MFA integration with your SonicWall VPN client using LastPass Universal Proxy.This document is created based on 6.5 firmware but the procedures are the same with previous versions of SonicOS.