SonicWall NetExtender

SonicWall NetExtender - What Is It?

SonicWall NetExtender is a Windows, Mac, and Linux tool that allows a remote user to access applications, data, resources, and more from a base network while being secured by the security apparatus of that base network.

A remote user would require a current SonicWall VPN license to use it. A virtual private network, or VPN, is a safe way to access company data from anywhere in the globe. SonicWall VPNs operate in conjunction with NetExtender to safely route a distant user's device, whether it's a desktop or a mobile device, to the base network.

How You Can Improve Your Remote Workforce with SonicWall NetExtender

By providing VPN licenses to a remote workforce, you give your company and users the same level of security as if they were in the office. Remote employees using NetExtender have more direct access to files and apps, allowing them to work at a faster pace. They als get security features that are only available to users connected to your base network.

Learn new & advanced Architectures in SonicWall with hkr's SonicWall Online Training!

Advantages of SonicWall NetExtender:

• From any location in the world, you may access secure data.
• Secure conversations by utilizing all of the business-critical applications you're used to.
• Employees who work from home should have access to the same levels of security as those who work on-site.
• Maintaining compliance needs.

SonicWall NetExtender VPNs: How Much Do They Cost?

SonicWall VPN solutions are built to be cost-effective. The cost of the solution is determined by the number of licenses required, the VPN protocols used, and the configuration and support options available. You can discover more about the various SonicWall VPN clients that work with NetExtender, with this SonicWall VPN Clients. The comparisons between Global VPN and SonicWall SSL VPN will help you to learn more. It can be difficult to compare SonicWall SSL VPN and Global IPSec VPN services. Both types of remote access can offer users safe connections, but they do it in different ways. The authentication, encryption, and data distribution levels of the network determine how Global IPsec VPN and SSL VPN services differ. A side-by-side comparison of our SSL VPN and Global VPN products may be found in the handy chart below.

SonicWall SSL VPN:

• SSL data encryption is the most recent advancement.
• Traditional IPSec VPNs take longer to connect and perform.
• In a mixed network setting, it's best to use (mobile, tablets, PCs).
• Lightweight, simple client software deployment.
• Only works with SonicWall firewalls and SMA devices.

SonicWall Global VPN

• Technology with proven strong data encryption.
• In a Windows network, it's best used.
• Setup could be more complicated and expensive than SSL VPN.
• Decrypt through pre-shared private keys or digital certificates.
• Some third-party VPN appliances are compatible.

Searching for a VPN solution with NetExtender

Configure a NetExtender Solution That Is Scalable

It's not easy to set up the correct SonicWall VPN solution. Our network security professionals are standing by to assist you with your decision-making.

How Could I Configure SSL-VPN?

Using the NetExtender client, SonicWall's SSL VPN features allow secure remote access to the network. NetExtender is a transparently downloaded SSL VPN client for Windows or Linux that allows you to execute any program safely on the company's network. It utilizes PPP. NetExtender provides remote clients with seamless access to your local network's resources. NetExtender can be accessed in two ways:

• Logging into the SonicWall security appliance's Virtual Office website and selecting the NetExtender button.
• The standalone NetExtender client is launched.

When you open NetExtender for the first time, the standalone client is installed. On Windows systems, it may be accessed immediately from the Start menu; on Linux systems, it could be accessed directly from the pathname or the shortcut bar.

Click here to get latest SonicWall interview questions and answers for 2021!

For Sonicos 7.X Resolution: 

This firmware provides significant user interface modifications as well as a slew of new capabilities not found in SonicOS 6.5 or older versions. Customers running SonicOS 7.X firmware should use the following resolution.

• Go to the  Network |SSL VPN | Server Settings.
• Go to SSL VPN STATUS ON ZONES, which shows the status of SSL VPN Access on each Zone.
• By toggling the zone below, you can enable or disable SSL-VPN access. The color green denotes that the SSL VPN is active.
• Navigate to SSL VPN SERVER SETTINGS, Choose the SSL VPN Port, and Domain as expected.

• Setup the Network|SSL VPN | Client Settings.
• The administrator can configure the client address range information and NetExtender client settings on the SSL VPN | Client Settings page. The most essential considerations are where the SSL-VPN will be terminated (in this example, on the LAN) and which IP addresses will be assigned to connecting clients. Finally, decide where users would be able to log in from (This will most likely be the WAN, so simply click on the WAN entry).
• For the Default Device profile, click the Configure icon.

• Set Zone IP V4 to SSL VPN and Network Address IPV4 to the previously constructed Address Object.

• The Client Routes page allows the administrator to manage SSL VPN users' network access. The NetExtender client routes are supplied to all NetExtender clients and are used to control which private networks and resources a remote user can access through an SSL VPN connection.

• The Client Settings page allows the administrator to input DNS, WINS, and Suffix information, as well as regulate password caching, user names, and the NetExtender Client's behavior when accessing domain resources by name.
• Enable Create Client Connection Profile - The SSL VPN Server name, Domain name, and optionally the username and password will be recorded in a connection profile created by the NetExtender client.

• The SSL VPN | Portal Settings page is used to customize the SSL VPN Virtual Office web portal's functionality and appearance. The website is the Virtual Office portal.

• Ensure that the necessary user or user group is a member of the "SSLVPN Services" group under Device|Users | Local users & Groups

• Select one or more networks from the Networks list and click the arrow button | to transfer them to the Access List on the VPN Access Tab, which allows users to connect to networks through a VPN tunnel. Choose the network from the Access List and click the left arrow button to disable the user's access to it.

• Go to Policy | Rules and Policies |Access Rules. Choose the SSL VPN to LAN rules through the highlighted matrix button as shown below.

• If SSL VPN users require access to resources in other Zones, such as the DMZ or a Custom Zone, check or add the appropriate Access Rules.

Related Article:SonicWall TZ350

FOR SONICOS 6.5 RESOLUTION

This update offers significant user interface changes as well as a slew of new functionality not found in SonicOS 6.2 or prior firmware. Customers running SonicOS 6.5 firmware should use the following resolution.

Login to the SonicWall Appliance and go to the SSL-VPN | Server Settings page by clicking MANAGE.

1. Configure the SSL VPN | Client Settings.

The administrator can configure the client address range information and NetExtender client settings on the SSL VPN | Client Settings page. The most essential considerations are where the SSL-VPN will be terminated (in this example, on the LAN) and which IP addresses will be assigned to connecting clients. Finally, choose where users would be able to log in (probably, this will be the WAN, so just click on the WAN entry).

For the Default Device profile, click the Configure icon.

Then select Zone IP v4 (SSLVPN) and the address object for Network Address IPV4 (SSLVPN Pool) on the Settings Tab.

2. The SSL VPN | Client Routes page allows administrators to manage SSL VPN users' network access. All NetExtender clients receive client routes, which are used to manage which private networks and resources a remote user can access via an SSL VPN connection.

3. The SSL VPN | Client Routes page allows administrators to manage SSL VPN users' network access. All NetExtender clients receive client routes, which are used to manage which private networks and resources a remote user can access through an SSL VPN connection.

4. NetExtender Client Settings Configuration:

Enable the option Create Client Connection Profile - The SSL VPN Server name, Domain name, and optionally the username and password will be recorded in a connection profile created by the NetExtender client.

5. The SSL VPN | Portal Settings page allows you to customize the SSL VPN Virtual Office web portal's design and functionality. The Virtual Office portal is the website where NetExtender is launched after logging in.

6. Ensure that the necessary user or user group is a member of the "SSLVPN Services" group under Users | Local users:

For users in the area, Navigate to System Setup | Users | Local Users and Groups by clicking MANAGE.

Navigate to groups and add SSL VPN Services by clicking the Configure icon for the user.

Edit the SSL VPN Services user group and add the user group under the Members tab to set up a membership for a local or LDAP user group.

Select one or more networks from the Networks list and click the arrow button | to transfer them to the Access List on the VPN Access Tab, which allows users to connect to networks via a VPN tunnel. Select the network from the Access List and click the left arrow button to disable the user's access to it.

7. Notice the new SSLVPN zone under Firewall | Access Rules.

8. Other zones' firewall access rules are automatically created from and to the SSLVPN zone. You might also change the auto-created SSL VPN to LAN rule to only allow access to users who are configured (When dealing with groups, it is preferable to employ a single rule rather than many rules when dealing with individual users.). Ignore any warnings about enabling login from the SSLVPN zone.

Ensure HTTPS user login is enabled on the WAN interface (for this, click MANAGE and travel to Network | Interfaces, then click the configure button for X1) (Default WAN).

Related Article: SonicWall Certifications

How to put this scenario to the test:

1. Users can now access Sonicwall's public IP address. Take a look at the new "click here for SSL login" link:

2. Users could then login and start NetExtender:

NetExtender allows distant users to connect to your secure internal network. The experience is nearly identical to that of using a regular IPSec VPN client, with the exception that NetExtender doesn’t require any manual client installation. Instead, while using the Internet Explorer browser, ActiveX control or the XPCOM plugin immediately installs the NetExtender Windows client on the remote user's PC. The NetExtender client can also be installed and used on Linux systems.

NetExtender instantly runs and connects a virtual adapter after installation for secure SSL-VPN point-to-point access to internal network hosts and subnets.

To log in, use the remote server's IPv6 address and the service port.

On the client, IPv4 and IPv6 addresses should be distributed.

Additionally, ping could be used to test functionality and connectivity.

Conclusion

In this blog, we have successfully learned various insights covering the costs, improvements, benefits, solutions, and SONICOS 7.x and SONICOS 6.5 resolution configurations of SSL-VPN.

Related Articles: 

• Sonicwall Port Forwarding
• SonicWall Firewall
• Sonicwall Firewall Configuration
• SonicWall Firewall