en-US
search-icon

Mobile Connect 4.0 OS X User Guide

Installing and Connecting

This section describes how to install Mobile Connect on your device and how to configure and initiate a VPN connection using Mobile Connect.

Topics:

Related topics:

Installing Mobile Connect

SonicWall Mobile Connect is installed through the Mac App Store.

To download and install the Mobile Connect app:
1
On your Mac, tap the App Store icon.

2
In the Search field, type SonicWall Mobile Connect, and tap Enter.
3
In the search results, select SonicWall Mobile Connect.
4
Tap Free and then Install. The app installs on your Mac. When installation is complete, the SonicWall Mobile Connect icon appears in your Applications folder and in Launchpad.

* 
NOTE: If you encounter an error when attempting to download SonicWall Mobile Connect, see the Mac App Store Support web site, where you can find troubleshooting procedures and instructions on how to report the issue to Apple Support if necessary: http://www.apple.com/support/mac/app-store/

Creating and Saving Connections

The process of creating a Mobile Connect connection is slightly different depending on the type of SonicWall appliance to which you are connecting.

Creating Firewall or SMA 100 Series / SRA Connections

To create and save a new connection to a SonicWall network security appliance, SMA 100 Series, or SRA appliance:
1
The first time you launch Mobile Connect, you must add a VPN connection before you can connect. Select Add connection from the Connection list.

2
In the Name field on the popup dialog, type in a descriptive name for the connection.
3
In the Server field, type in the hostname or IP address of the server (firewall or SMA 100 Series / SRA appliance).

4
Tap Next. Mobile Connect attempts to contact the SonicWall appliance.

If the attempt fails, a warning message displays, asking if you want to save the connection. Verify that the server address or URL is spelled correctly, and then tap Save.

5
If Mobile Connect successfully contacts the server, you are prompted to enter your username and password, unless the server does not require this information. Type your credentials into the Username and Password fields.

* 
NOTE: If the previous screenshot does not match what is displayed on your device, you are connecting to a SonicWall SMA 1000 Series or E-Class SRA appliance. See Creating SMA 1000 Series / E-Class SRA Connections.
6
The Domain field is auto-populated with the default domain from the server. To select a different domain, tap Domain to display a drop-down menu of the available options and then select the correct domain.

7
Tap Save to create the new connection.

Creating SMA 1000 Series / E-Class SRA Connections

To create and save a new connection to a SonicWall SMA 1000 Series / E-Class SRA appliance:
1
The first time you launch Mobile Connect, you must add a VPN connection before you can connect. Select Add connection from the Connection list.

2
In the Name field on the popup dialog, type in a descriptive name for the connection.
3
In the Server field, type in the hostname or IP address of the server (SMA 1000 Series / E-Class SRA appliance).

4
Tap Next. Mobile Connect attempts to contact the SonicWall appliance.
If Mobile Connect contacts the appliance successfully, the server connection is added to the list of saved connections.
If the attempt fails, a warning message displays, asking if you want to save the connection. Verify that the server address or URL is spelled correctly, and then tap Save.

Tapping Save adds the server connection to the list of saved connections.

Connecting to the Mobile Connect Server

To establish a Mobile Connect session:
1
In the Connection list, select the connection that you want to initiate.

2
Tap Connect.
3
Type your credentials into the Username and Password fields, if prompted (depending on whether the appliance you are connecting to allows for saving usernames and passwords), and then tap Login.

4
When the connection is successfully established, the Status row changes to Connected and the Connect button changes to Disconnect.

5
After connecting, you can access your Intranet network with other apps. The Mobile Connect menu bar icon indicates the connected state.

The native Mac system VPN Status in the menu bar can also be displayed from the System Preferences app under Network. The VPN Status icon changes to the connected state, and the connection time can be shown.

If the VPN connection is interrupted, the menu bar icons change to indicate that you are no longer connected or that Mobile Connect is reconnecting the VPN, and you are no longer able to access the Intranet network. This can happen if your device connection transitions from one WiFi network to another WiFi network or to another network type.

If the VPN disconnects, return to SonicWall Mobile Connect to reestablish the connection. Optionally, you can enable the Automatic Reconnect option in the Mobile Connect app Preferences to have Mobile Connect automatically attempt to reestablish interrupted connections.

Configuring Client Certificates

Client certificate support is only available for connections to SMA 1000 Series / E-Class SRA appliances and SMA 100 Series / SRA appliances.

Topics:

Configuring Client Certificates with SMA 1000 Series / E-Class SRA Appliances

If a client certificate is required during authentication, you are automatically prompted to select a client certificate that is present in your keychain in OS X.

To configure the client certificate on your Mac:
1
Initiate a connection to the SMA 1000 Series / E-Class SRA appliance. You are prompted to choose the certificate.

2
Select the client certificate from the list of certificates and then tap Continue.

If you successfully authenticate with a client certificate, the VPN connection profile is automatically updated to use the client certificate for each subsequent connection attempt.

To reset the client certificate selection when disconnected:
1
In the Connections list, select the connection and tap the Edit icon to edit it.
2
Tap the Forget Selections button.

* 
NOTE: If no client certificates are installed, an error message is shown indicating that no matching client certificates are present on your device. The Keychain Access app (in Applications/Utilities) can be used to view client certificates. Tap the My Certificates category to easily see available client certificates.

Configuring Client Certificates with SMA 100 Series / SRA Appliances

If a client certificate is required during authentication, you are automatically prompted to select a client certificate that is present in your keychain in OS X.

To configure the client certificate on your Mac:
1
Initiate a connection to the SMA 100 Series / SRA appliance. You are prompted to choose the certificate.

2
Select the client certificate from the list of certificates and then tap Continue.

By default, the client certificate is set to Choose during login for a VPN connection.

To modify the client certificate setting when disconnected:
1
In the Connections list, select the connection and tap the Edit icon to edit it.
2
In the Certificate field, select the appropriate client certificate option and then tap Save.

Enabling Connect on Demand

The Connect on Demand feature provided by Mobile Connect provides the ability to automatically establish a VPN connection when you attempt to access a domain on the private network. To support Connect on Demand, a VPN connection should not request any user interaction. This provides a seamless VPN connectivity experience without the need to manually launch Mobile Connect.

* 
NOTE: Connect on Demand is only available for connections to SMA 1000 Series / E-Class SRA and SMA 100 Series / SRA appliances.

See the following:

Enabling Connect on Demand with SMA 1000 Series

A VPN configuration on the SMA 1000 Series / E-Class SRA appliance must meet the following requirements to support Connect on Demand:

The VPN tunnel must not be configured for Redirect-All mode.
The realm must be configured to use client certificates for authentication. Chained authentication (where a second authentication server is used) does not support Connect on Demand.
The valid client certificate for the realm must be present.
The user must successfully connect to the appliance at least once.
There must be no user interaction required for the user to connect.

If the Mobile Connect app is not running and user interaction is required for the VPN connection attempt to succeed, Connect on Demand might fail to connect. Scenarios where user interaction might be required include the following:

User authentication by entering a username and password is required.
Two-factor authentication is enabled, requiring a one-time password or token.
The VPN server's SSL certificate is untrusted, requiring acceptance of an SSL certificate warning.
Personal Device Authorization is enabled on the server and the device has not been authorized, requiring acceptance of a personal device authorization policy.
To enable Connect on Demand to an SMA 1000 Series / E-Class SRA appliance:
1
On your Mac, open Network Settings in System Preferences.
2
Select the VPN connection from the list of network connections.
3
Select the Connect on demand checkbox to enable the feature.

4
Tap Apply.

Enabling Connect on Demand to SMA 100 Series / SRA

To support Connect on Demand, a VPN configuration on the SMA 100 Series / SRA appliance must meet the following requirements:

The user’s effective client certificate enforcement policy, configured at the domain or user level, must be enabled to use client certificates for authentication.
The user’s effective user name and password caching policy, configured at the global, group, or user level, must be set to Allow saving of username and password.
The valid client certificate for the user must be present on the Mac.
The VPN connection profile must have the user name and password configured, and the appropriate client certificate must be selected.
* 
NOTE: If no client certificates are installed, an error message is shown indicating that no matching client certificates are present on your device. The Keychain Access app (in Applications/Utilities) can be used to view client certificates. Click the My Certificates category to view available client certificates.
To enable Connect on Demand to an SMA 100 Series / SRA appliance:
1
On your Mac, open Network Settings in System Preferences.
2
Select the VPN connection from the list of network connections.
3
Select the Connect on demand checkbox to enable the feature.

4
Tap Apply.