SonicWALL SSL-VPN 2000 Service manual
COMPREHENSIVE INTERNET SECURITY
SonicWALL SSL VPN 4.0
Administrator’s Guide
SonicWALL Secure Remote Access Appliances
i
SonicWALL SSL VPN 4.0 Administrator’s Guide
SonicWALL SSL VPN 4.0
Administrator’s Guide
SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124-3452
Phone: +1.408.745.9600
Fax: +1.408.745.9300
E-mail: [email protected]
ii
SonicWALL SSL VPN 4.0 Administrator’s Guide
Copyright Notice
© 2012 SonicWALL, Inc.
All rights reserved.
Under the copyright laws, this manual or the software described within, cannot be copied, in whole
or part, without the written consent of the manufacturer, except in the normal use of the software to
make a backup copy. The same proprietary and copyright notices must be affixed to any permitted
copies as were affixed to the original. This exception does not allow copies to be made for others,
whether or not sold, but all of the material purchased (with all backup copies) can be sold, given,
or loaned to another person. Under the law, copying includes translating into another language or
format.
Specifications and descriptions subject to change without notice.
Trademarks
SonicWALL is a registered trademark of SonicWALL, Inc.
Microsoft Windows 7, Windows Vista, Windows XP, Windows Server 2003, Windows 2000,
Windows NT, Internet Explorer, and Active Directory are trademarks or registered trademarks of
Microsoft Corporation.
Firefox is a trademark of the Mozilla Foundation.
Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe
Systems Incorporated in the U.S. and/or other countries.
Cisco Systems and Cisco PIX 515e and Linksys and Linksys Playtoy23 are either registered
trademarks or trademarks of Cisco Systems in the U.S. and /or other countries.
Watchguard and Watchguard Firebox X Edge are either registered trademarks or trademarks of
Watchguard Technologies Corporation in the U.S. and/or other countries.
NetGear, NetGear FVS318, and NetGear Wireless Router MR814 SSL are either registered
trademarks or trademarks of NetGear, Inc., in the U.S. and/or other countries.
Check Point and Check Point AIR 55 are either registered trademarks or trademarks of Check
Point Software Technologies, Ltd., in the U.S. and/or other countries.
Other product and company names mentioned herein may be trademarks and/or registered
trademarks of their respective companies and are the sole property of their respective
manufacturers.
iii
SonicWALL SSL VPN 4.0 Administrator’s Guide
SonicWALL GPL Source Code
GNU General Public License (GPL)
SonicWALL will provide a machine-readable copy of the GPL open source on a CD. To obtain a
complete machine-readable copy, send your written request, along with a certified check or money
order in the amount of US $25.00 payable to "SonicWALL, Inc." to:
General Public License Source Code Request
SonicWALL, Inc. Attn: Jennifer Anderson
2001 Logic Drive
San Jose, CA 95124-3452
Limited Warranty
SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case
commencing not more than ninety (90) days after the original shipment by SonicWALL), and
continuing for a period of twelve (12) months, that the product will be free from defects in materials
and workmanship under normal use. This Limited Warranty is not transferable and applies only to
the original end user of the product. SonicWALL and its suppliers' entire liability and Customer's
sole and exclusive remedy under this limited warranty will be shipment of a replacement product.
At SonicWALL's discretion the replacement product may be of equal or greater functionality and
may be of either new or like-new quality. SonicWALL's obligations under this warranty are
contingent upon the return of the defective product according to the terms of SonicWALL's then-
current Support Services policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress,
damaged by accident, abuse, misuse or misapplication, or has been modified without the written
permission of SonicWALL.
DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS
OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT
LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR
ARISING FROM A COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE
HEREBY EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE
EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED
IN DURATION TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS
DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE
LIMITATION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL
RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION
TO JURISDICTION. This disclaimer and exclusion shall apply even if the express warranty set
forth above fails of its essential purpose.
DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A
REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO
EVENT SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS,
BUSINESS INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS
ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL,
INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED
AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR
iv
SonicWALL SSL VPN 4.0 Administrator’s Guide
INABILITY TO USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall
SonicWALL or its suppliers' liability to Customer, whether in contract, tort (including negligence),
or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the
above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR
JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR
INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
SonicWALL Technical Support
For timely resolution of technical support questions, visit SonicWALL on the Internet at
<http://www.sonicwall.com/us/support.html>. Web-based resources are available to help you
resolve most technical issues or contact SonicWALL Technical Support.
To contact SonicWALL telephone support, see the telephone numbers listed below. See
<http://www.sonicwall.com/us/support/contact.html>for the latest technical support telephone
numbers.
North America Telephone Support
U.S./Canada - 888.777.1476 or +1 408.752.7819
International Telephone Support
Australia - + 1800.35.1642
Austria - + 43(0)820.400.105
EMEA - +31(0)411.617.810
France - + 33(0)1.4933.7414
Germany - + 49(0)1805.0800.22
Hong Kong - + 1.800.93.0997
India - + 8026556828
Italy - +39.02.7541.9803
Japan - + 81(0)3.3457.8971
New Zealand - + 0800.446489
Singapore - + 800.110.1441
Spain - + 34(0)9137.53035
Switzerland - +41.1.308.3.977
UK - +44(0)1344.668.484
v
SonicWALL SSL VPN 4.0 Administrator’s Guide
More Information on SonicWALL Products
Contact SonicWALL, Inc. for information about SonicWALL products and services at:
Web: http://www.sonicwall.com
E-mail: [email protected]
Phone: (408) 745-9600
Fax: (408) 745-9300
Current Documentation
Check the SonicWALL documentation Web site for that latest versions
of this manual and all other SonicWALL product documentation.
http://www.sonicwall.com/us/support.html
vi
SonicWALL SSL VPN 4.0 Administrator’s Guide
About This Guide
vii
SonicWALL SSL VPN 4.0 Administrator’s Guide
About This Guide
The SonicWALL SSL VPN Administrator’s Guide provides network administrators with a high-
level overview of SonicWALL SSL VPN technology, including activation, configuration, and
administration of the SonicWALL SSL VPN management interface and the SonicWALL
SSL-VPN appliance.
Note Always check <http://www.sonicwall.com/support/documentation.html> for the latest
version of this guide as well as other SonicWALL products and services documentation.
Guide Conventions
The following conventions used in this guide are as follows:
Icons Used in this Manual
These special messages refer to noteworthy information, and include a symbol for quick
identification:
Tip Useful information about security features and configurations on your SonicWALL.
Note Important information on a feature that requires callout for special attention.
Timesaver Useful tips about features that may save you time
Indicates a feature that is supported only on the SSL-VPN 2000 and 4000 platforms.
Indicates a client feature that is only supported on the Microsoft Windows platform.
Convention Use
Bold Highlights dialog box, window, and screen names. Also
highlights buttons and tabs. Also used for file names and
text or values you are being instructed to type into the inter-
face.
Italic Indicates the name of a technical manual, emphasis on cer-
tain words in a sentence, or the first instance of a significant
term or concept.
Menu Item > Menu Item Indicates a multiple step Management Interface menu
choice. For example, System > Status means select the
Status page under the System menu.
About This Guide
viii
SonicWALL SSL VPN 4.0 Administrator’s Guide
Indicates a client feature that is supported on Microsoft Windows, Apple MacOS, and Linux
Organization of This Guide
The SonicWALL SSL VPN Administrator’s Guide is organized in chapters that follow the
SonicWALL SSL VPN Web-based management interface structure.
This section contains a description of the following chapters and appendices:
•“SSL VPN Overview” on page viii
•“System Configuration” on page viii
•“Network Configuration” on page ix
•“Portals Configuration” on page ix
•“NetExtender Configuration” on page ix
•“Virtual Assist Configuration” on page ix
•“Web Application Firewall Configuration” on page ix
•“Users Configuration” on page ix
•“Log Configuration” on page ix
•“Virtual Office Configuration” on page x
•“Appendix A: Accessing Online Help” on page x
•“Appendix B: Configuring SonicWALL SSL VPN with a Third-Party Gateway” on page x
•“Appendix C: Use Cases” on page x
•“Appendix D: NetExtender Troubleshooting” on page x
•“Appendix E: FAQ” on page x
•“Appendix F: Glossary” on page x
•“Appendix G: SMS Email Formats” on page xi
SSL VPN Overview
“SSL VPN Overview” on page 7 provides an introduction to SSL VPN technology and an
overview of the SonicWALL SSL-VPN appliance and Web-based management interface
features. The SSL VPN Overview chapter includes SSL VPN concepts, a Web-based
management interface overview, and deployment guidelines.
System Configuration
“System Configuration” on page 59 provides instructions for configuring SonicWALL SSL VPN
options under System in the navigation bar of the management interface, including:
•Registering the SonicWALL appliance
•Setting the date and time
•Working with configuration files
•Managing firmware versions and preferences
•General appliance administration
•Certificate management
•Viewing SSL VPN monitoring reports
•Using diagnostic tools
About This Guide
ix
SonicWALL SSL VPN 4.0 Administrator’s Guide
Network Configuration
“Network Configuration” on page 91 provides instructions for configuring SonicWALL SSL VPN
options under Network in the navigation bar of the management interface, including:
•Configuring network interfaces
•Configuring DNS settings
•Setting network routes and static routes
•Configuring hostname and IP address information for internal name resolution
•Creating reusable network objects representing network resources like FTP, HTTP, RDP,
SSH and File Shares
Portals Configuration
“Portals Configuration” on page 105 provides instructions for configuring SonicWALL SSL VPN
options under Portals in the navigation bar of the management interface, including portals,
domains (including RADIUS, NT, LDAP and Active Directory authentication), and custom logos.
NetExtender Configuration
“NetExtender Configuration” on page 159 provides instructions for configuring SonicWALL SSL
VPN options under NetExtender in the navigation bar of the management interface, including
NetExtender status, setting NetExtender address range, and configuring NetExtender routes.
Virtual Assist Configuration
“Virtual Assist Configuration” on page 169 provides instructions for configuring SonicWALL
SSL VPN options under Virtual Assist in the navigation bar of the management interface,
including Virtual Assist status, settings and licensing.
Web Application Firewall Configuration
“Web Application Firewall Configuration” on page 179 provides instructions for configuring
SonicWALL SSL VPN options under Web Application Firewall in the navigation bar of the
management interface, including Web Application Firewall status, settings, signatures, log, and
licensing.
Users Configuration
“Users Configuration” on page 201 provides instructions for configuring SonicWALL SSL VPN
options under Users in the navigation bar of the management interface, including:
•Access policy hierarchy overview
•Configuring local users and local user policies
•Configuring user groups and user group policies
•Global configuration
Log Configuration
“Log Configuration” on page 253 provides instructions for configuring SonicWALL SSL VPN
options under Log in the navigation bar of the management interface, including viewing and
configuring logs and creating alert categories.
About This Guide
x
SonicWALL SSL VPN 4.0 Administrator’s Guide
Virtual Office Configuration
“Virtual Office Configuration” on page 265 provides a brief introduction to the Virtual Office, the
user portal feature of SonicWALL SSL VPN. The administrator can access the Virtual Office
user portal using Virtual Office in the navigation bar of the SonicWALL SSL VPN Web-based
management interface. Users access the Virtual Office using a Web browser. The SonicWALL
SSL VPN User’s Guide provides detailed information about the Virtual Office.
Appendix A: Accessing Online Help
“Online Help” on page 269 provides a description of the help available from the Online Help
button in the upper right corner of the management interface. This appendix also includes an
overview of the context-sensitive help found on most pages of the SonicWALL SSL VPN
management interface.
Appendix B: Configuring SonicWALL SSL VPN with a Third-Party Gateway
“Configuring SonicWALL SSL VPN with a Third-Party Gateway” on page 271 provides
configuration instructions for configuring the SonicWALL SSL-VPN appliance to work with third-
party gateways, including:
•Cisco PIX
•Linksys WRT54GS
•WatchGuard Firebox X Edge
•NetGear FVS318
•Netgear Wireless Router MR814
•Check Point AIR 55
•Microsoft ISA Server 2000
Appendix C: Use Cases
“Use Cases” on page 291 provides use cases for importing CA certificates and for configuring
group-based access policies for multiple Active Directory groups needing access to Outlook
Web Access and SSH.
Appendix D: NetExtender Troubleshooting
“NetExtender Troubleshooting” on page 309 provides troubleshooting support for the
SonicWALL SSL VPN NetExtender feature.
Appendix E: FAQ
“FAQs” on page 313 provides a list of frequently asked questions about the SonicWALL SSL
VPN Web-based management interface and SonicWALL SSL-VPN appliance.
Appendix F: Glossary
“Glossary” on page 337 provides a glossary of technical terms used in the
SonicWALL SSL VPN Administrator’s Guide.
About This Guide
xi
SonicWALL SSL VPN 4.0 Administrator’s Guide
Appendix G: SMS Email Formats
“SMS Email Formats” on page 339 provides a list of SMS email formats for selected worldwide
cellular carriers.
About This Guide
xii
SonicWALL SSL VPN 4.0 Administrator’s Guide
1
SonicWALL SSL VPN 4.0 Administrator’s Guide
Table of Contents
SonicWALL SSL VPN 4.0
Administrator’s Guide ...............................................................................................i
Copyright Notice ..................................................................................................................................................ii
Trademarks ............................................................................................................................................................ii
SonicWALL GPL Source Code ........................................................................................................................iii
GNU General Public License (GPL) .......................................................................................................iii
Limited Warranty .................................................................................................................................................iii
SonicWALL Technical Support ....................................................................................................................... iv
More Information on SonicWALL Products ...................................................................................................v
About This Guide .............................................................................................................................................. vii
Guide Conventions ................................................................................................................................... vii
Organization of This Guide .................................................................................................................... viii
Table of Contents ......................................................................................................1
SSL VPN Overview ....................................................................................................7
Overview of SonicWALL SSL VPN .................................................................................................................8
SSL for Virtual Private Networking (VPN) .............................................................................................8
SSL VPN Software Components ...............................................................................................................9
SSL-VPN Hardware Components .............................................................................................................9
Concepts for SonicWALL SSL VPN ............................................................................................................. 12
Encryption Overview ............................................................................................................................... 12
SSL Handshake Procedure ....................................................................................................................... 12
IPv6 Support Overview ............................................................................................................................ 13
Browser Requirements for the SSL VPN Administrator .................................................................... 15
Browser Requirements for the SSL VPN End User ............................................................................ 16
Portals Overview ....................................................................................................................................... 16
Domains Overview ................................................................................................................................... 17
NetExtender Overview ............................................................................................................................ 17
Network Resources Overview ................................................................................................................. 21
SNMP Overview ....................................................................................................................................... 27
DNS Overview .......................................................................................................................................... 27
Network Routes Overview ...................................................................................................................... 27
Two-Factor Authentication Overview ................................................................................................... 27
One Time Password Overview ............................................................................................................... 28
Virtual Assist Overview ............................................................................................................................ 31
Web Application Firewall Overview ...................................................................................................... 43
What is Web Application Firewall? ........................................................................................................ 43
Benefits of Web Application Firewall .................................................................................................... 45
How Does Web Application Firewall Work? ....................................................................................... 45
Navigating the SSL VPN Management Interface ......................................................................................... 49
Management Interface Introduction ...................................................................................................... 49
Navigating the Management Interface ................................................................................................... 51
Navigation Bar ........................................................................................................................................... 54
2
SonicWALL SSL VPN 4.0 Administrator’s Guide
Deployment Guidelines ....................................................................................................................................56
Support for Numbers of User Connections ..........................................................................................56
Resource Type Support .............................................................................................................................57
Integration with SonicWALL Products ..................................................................................................57
Typical Deployment ..................................................................................................................................57
System Configuration ............................................................................................59
System > Status ..................................................................................................................................................60
System > Status Overview ........................................................................................................................60
Registering Your SonicWALL SSL-VPN from System Status ...........................................................62
Configuring Network Interfaces ..............................................................................................................64
System > Licenses ..............................................................................................................................................64
System > Licenses Overview ...................................................................................................................64
Registering the SSL-VPN from System > Licenses .............................................................................67
Activating or Upgrading Licenses ...........................................................................................................69
System > Time ....................................................................................................................................................71
System > Time Overview .........................................................................................................................71
Setting the Time .........................................................................................................................................72
Enabling Network Time Protocol ...........................................................................................................72
System > Settings ...............................................................................................................................................73
System > Settings Overview ....................................................................................................................73
Managing Configuration Files ..................................................................................................................74
Managing Firmware ...................................................................................................................................76
System > Administration ..................................................................................................................................78
System > Administration Overview .......................................................................................................78
Configuring Login Security ......................................................................................................................79
Enabling GMS Management ....................................................................................................................80
Configuring Web Management Settings .................................................................................................80
System > Certificates .........................................................................................................................................80
System > Certificates Overview ..............................................................................................................81
Certificate Management ............................................................................................................................82
Generating a Certificate Signing Request ...............................................................................................82
Viewing Certificate and Issuer Information ..........................................................................................83
Importing a Certificate ..............................................................................................................................83
Adding Additional CA Certificates .........................................................................................................84
System > Monitoring .........................................................................................................................................84
System > Monitoring Overview ..............................................................................................................85
Setting The Monitoring Period ................................................................................................................86
Refreshing the Monitors ...........................................................................................................................86
System > Diagnostics ........................................................................................................................................87
System > Diagnostics Overview .............................................................................................................87
Downloading the Tech Support Report .................................................................................................88
Performing Diagnostic Tests ...................................................................................................................88
System > Restart ................................................................................................................................................89
System > Restart Overview ......................................................................................................................89
Restarting the SonicWALL SSL-VPN ....................................................................................................89
Network Configuration ...........................................................................................91
Network > Interfaces ........................................................................................................................................92
Network > Interfaces Overview .............................................................................................................92
Configuring Network Interfaces ..............................................................................................................92
3
SonicWALL SSL VPN 4.0 Administrator’s Guide
Network > DNS ................................................................................................................................................ 94
Network > DNS Overview ..................................................................................................................... 94
Configuring Hostname Settings .............................................................................................................. 95
Configuring DNS Settings ....................................................................................................................... 95
Configuring WINS Settings ..................................................................................................................... 95
Network > Routes ............................................................................................................................................. 96
Network > Routes Overview .................................................................................................................. 96
Configuring a Default Route for the SSL-VPN Appliance ................................................................ 97
Configuring Static Routes for the Appliance ........................................................................................ 97
Network > Host Resolution ............................................................................................................................ 99
Network > Host Resolution Overview ................................................................................................. 99
Configuring Host Resolution .................................................................................................................. 99
Network > Network Objects ........................................................................................................................100
Network > Network Objects Overview ..............................................................................................100
Configuring Network Objects ............................................................................................................... 101
Portals Configuration ...........................................................................................105
Portals > Portals ..............................................................................................................................................106
Portals > Portals Overview .................................................................................................................... 106
Adding Portals .........................................................................................................................................107
Configuring General Portal Settings ..................................................................................................... 109
Configuring the Home Page ..................................................................................................................110
Configuring Per-Portal Virtual Assist Settings ...................................................................................114
Configuring Virtual Host Settings ........................................................................................................115
Adding a Custom Portal Logo ..............................................................................................................116
Portals > Application Offloading .................................................................................................................118
Application Offloading Overview ........................................................................................................118
Configuring an Offloaded Application ................................................................................................119
Portals > Domains ..........................................................................................................................................122
Portals > Domains Overview ................................................................................................................122
Adding a Domain with Local User Database Authentication ..........................................................123
Adding a Domain with RADIUS Authentication ..............................................................................124
Adding a Domain with NT Domain Authentication ........................................................................127
Adding a Domain with LDAP Authentication ...................................................................................128
Adding a Domain with Active Directory Authentication ................................................................. 130
Viewing the Domain Settings Table .....................................................................................................132
Removing a Domain ...............................................................................................................................132
Configuring Two-Factor Authentication .............................................................................................133
Portals > Custom Logo ..................................................................................................................................143
Services Configuration .........................................................................................145
Services > Settings ...........................................................................................................................................146
Services > Bookmarks ....................................................................................................................................149
Services > Policies ........................................................................................................................................... 156
NetExtender Configuration ..................................................................................159
NetExtender > Status .....................................................................................................................................160
NetExtender > Status Overview ..........................................................................................................160
Viewing NetExtender Status .................................................................................................................160
4
SonicWALL SSL VPN 4.0 Administrator’s Guide
NetExtender > Client Settings .......................................................................................................................161
NetExtender > Client Settings Overview ............................................................................................161
Configuring the Global NetExtender IP Address Range ..................................................................161
Configuring Global NetExtender Settings ...........................................................................................162
NetExtender > Client Routes ........................................................................................................................163
NetExtender > Client Routes Overview ..............................................................................................163
Adding NetExtender Client Routes ......................................................................................................163
NetExtender User and Group Settings ........................................................................................................164
Configuring User-Level NetExtender Settings ...................................................................................164
Configuring Group-Level NetExtender Settings ................................................................................167
Virtual Assist Configuration ................................................................................169
Virtual Assist > Status .....................................................................................................................................170
Virtual Assist > Status .............................................................................................................................170
Virtual Assist > Settings ..................................................................................................................................171
General Settings .......................................................................................................................................171
Request Settings .......................................................................................................................................172
Notification Settings ................................................................................................................................173
Customer Portal Settings ........................................................................................................................174
Restriction Settings ..................................................................................................................................175
Virtual Assist > Log .........................................................................................................................................176
Virtual Assist > Licensing ...............................................................................................................................177
Virtual Assist > Licensing Overview ....................................................................................................177
Enabling Virtual Assist ............................................................................................................................177
Web Application Firewall Configuration .............................................................179
Licensing Web Application Firewall .............................................................................................................180
Configuring Web Application Firewall .........................................................................................................183
Viewing and Updating Web Application Firewall Status ...................................................................183
Configuring Web Application Firewall Settings ..................................................................................186
Configuring Web Application Firewall Signature Actions ................................................................190
Determining the Host Entry for Exclusions .......................................................................................193
Using Web Application Firewall Logs ..................................................................................................196
Verifying and Troubleshooting Web Application Firewall ........................................................................199
Users Configuration .............................................................................................201
Users > Status ...................................................................................................................................................202
Access Policies Concepts ........................................................................................................................203
Access Policy Hierarchy ..........................................................................................................................203
Users > Local Users ........................................................................................................................................204
Users > Local Users Overview ..............................................................................................................204
Adding a Local User ................................................................................................................................205
Removing a User ......................................................................................................................................206
Editing User Settings ...............................................................................................................................206
5
SonicWALL SSL VPN 4.0 Administrator’s Guide
Users > Local Groups ....................................................................................................................................227
Users > Local Groups Overview ..........................................................................................................227
Adding a New Group .............................................................................................................................227
Deleting a Group .....................................................................................................................................228
Editing Group Settings ...........................................................................................................................228
Group Configuration for LDAP Authentication Domains ..............................................................239
Group Configuration for Active Directory, NT and RADIUS Domains ...................................... 243
Creating a Citrix Bookmark for a Local Group ..................................................................................245
Global Configuration ......................................................................................................................................246
Edit Global Settings ................................................................................................................................246
Edit Global Policies ................................................................................................................................ 249
Edit Global Bookmarks ..........................................................................................................................251
Log Configuration .................................................................................................253
Log > View .......................................................................................................................................................254
Log > View Overview ............................................................................................................................254
Viewing Logs ............................................................................................................................................ 256
Emailing Logs ..........................................................................................................................................257
Log > Settings ..................................................................................................................................................258
Log > Settings Overview .......................................................................................................................258
Configuring Log Settings .......................................................................................................................259
Configuring the Mail Server ................................................................................................................... 260
Log > Categories .............................................................................................................................................261
Log > ViewPoint .............................................................................................................................................262
Log > ViewPoint Overview .................................................................................................................. 262
Adding a ViewPoint Server ....................................................................................................................262
Virtual Office Configuration .................................................................................265
Virtual Office ...................................................................................................................................................265
Virtual Office Overview .........................................................................................................................266
Using the Virtual Office .........................................................................................................................266
Online Help ............................................................................................................269
Online Help ......................................................................................................................................................270
Using Context Sensitive Help ..............................................................................................................270
Configuring SonicWALL SSL VPN with a Third-Party Gateway .......................271
Cisco PIX Configuration for SonicWALL SSL-VPN Appliance Deployment .....................................272
Before you Begin .....................................................................................................................................272
Method One – SonicWALL SSL-VPN Appliance on LAN Interface ........................................... 272
Method Two – SonicWALL SSL-VPN Appliance on DMZ Interface .......................................... 275
Linksys WRT54GS ..........................................................................................................................................278
WatchGuard Firebox X Edge ........................................................................................................................279
NetGear FVS318 .............................................................................................................................................281
Netgear Wireless Router MR814 SSL configuration .................................................................................283
Check Point AIR 55 ........................................................................................................................................284
Setting up a SonicWALL SSL-VPN with Check Point AIR 55 .......................................................284
Static Route ..............................................................................................................................................285
ARP ........................................................................................................................................................... 285
6
SonicWALL SSL VPN 4.0 Administrator’s Guide
Microsoft ISA Server .......................................................................................................................................287
Deploying a SonicWALL SSL-VPN Behind a Microsoft ISA Server .............................................287
Configuring ISA .......................................................................................................................................287
Use Cases ..............................................................................................................291
Importing CA Certificates on Windows .......................................................................................................291
Importing a goDaddy Certificate on Windows ...................................................................................291
Importing a Server Certificate on Windows ........................................................................................294
Creating Unique Access Policies for AD Groups .......................................................................................295
Creating the Active Directory Domain ................................................................................................296
Adding a Global Deny All Policy ..........................................................................................................297
Creating Local Groups ............................................................................................................................298
Adding the SSHv2 PERMIT Policy ......................................................................................................300
Adding the OWA PERMIT Policies ....................................................................................................301
Verifying the Access Policy Configuration ..........................................................................................303
NetExtender Troubleshooting .............................................................................309
FAQs ......................................................................................................................313
Hardware FAQ .................................................................................................................................................316
Digital Certificates and Certificate Authorities FAQ ..................................................................................321
NetExtender FAQ ...........................................................................................................................................327
General FAQ ....................................................................................................................................................330
Glossary ................................................................................................................337
SMS Email Formats ..............................................................................................339
7
SonicWALL SSL VPN 4.0 Administrator’s Guide
30
Chapter 1: SSL VPN Overview
This chapter provides an overview of the SonicWALL SSL VPN technology, concepts, basic
navigational elements and standard deployment guidelines. This chapter includes the following
sections:
•“Overview of SonicWALL SSL VPN” section on page 8
•“Concepts for SonicWALL SSL VPN” section on page 12
•“Navigating the SSL VPN Management Interface” section on page 49
•“Deployment Guidelines” section on page 56
This manual suits for next models
1
Table of contents
Other SonicWALL Gateway manuals
SonicWALL
SonicWALL SL-VPN 4000 How to use
SonicWALL
SonicWALL TZ 150 Wireless User manual
SonicWALL
SonicWALL Secure Mobile Access 6200 Use and care manual
SonicWALL
SonicWALL ex9000 Installation and operation manual
SonicWALL
SonicWALL PRO 2040 User manual
SonicWALL
SonicWALL SSL-VPN 4000 User manual
SonicWALL
SonicWALL TZ 150 Wireless User manual
SonicWALL
SonicWALL SRA EX9000 User manual
