en-US
search-icon

Secure Mobile Access 8.6 User Guide

Introduction

About the Secure Mobile Access User Guide

Welcome to the SonicWall Secure Mobile Access (SMA) User Guide. This document provides information on using the Secure Mobile Access user portal called Virtual Office that allows you to create bookmarks and run services over the SMA/SRA appliance.

Check the SonicWall documentation Web site for the latest versions of all SonicWall product documentation at https://support.sonicwall.com/sonicwall-secure-mobile-access/sma%206200/release-notes-guides.

Organization of this Guide

The SonicWall Secure Mobile Access User Guide is structured into the following parts:

Chapter 1 About the Secure Mobile Access User Guide

This chapter provides helpful information for using this guide. It includes conventions used in this guide, information on how to obtain additional product information, and a Quick Access Worksheet that you should complete before using the SMA/SRA appliance.

Chapter 2 Virtual Office Overview

This chapter provides an overview of SMA/SRA appliance user features, NetExtender, File Shares, Secure Virtual Assist, Secure Virtual Access, Secure Virtual Meeting, services, sessions, bookmarks, and service tray menu options.

Chapter 3 Using Secure Mobile Access Connect Agents

This chapter provides procedures on importing certificates, using Two-Factor authentication, and using One-Time Passwords.

Chapter 4 Using Virtual Office Authentication

This chapter provides details on how to use the authentication features of theSonicWall Secure Mobile Access (SMA) Virtual Office portal.

Chapter 5 Using NetExtender

This chapter provides procedures on installing, configuring, and using NetExtender.

Chapter 6 Using Secure Virtual Assist and Virtual Meeting

This chapter provides procedures on installing and using Secure Virtual Assist and Secure Virtual Meeting.

Chapter 7 Using File Shares

This chapter provides procedures on using file shares.

Chapter 8 Managing Bookmarks

This chapter provides procedures on configuring bookmarks.

Appendix A Warranty and License Agreements

This appendix provides the Limited Hardware Warranty and End User Licensing Agreement, and SonicWall Support contact information.

Guide Conventions

The conventions used in this guide are as follows:

 

Guide conventions 

Convention

Use

Bold

Highlights dialog box, window, and screen names. Also highlights buttons. Also used for file names and text or values you are being instructed to type into the interface.

Italic

Indicates the name of a technical manual. Also indicates emphasis on certain words in a sentence. Sometimes indicates the first instance of a significant term or concept.

Virtual Office Overview

This section provides an overview of the SonicWall Secure Mobile Access (SMA) user portal, the Virtual Office. It also includes information about supported browsers and associated requirements.

Topics:

About Virtual Office

Secure Mobile Access Virtual Office provides secure remote access to network resources, such as applications, files, intranet web sites, and email through web access interfaces such as Microsoft Outlook Web Access (OWA). The underlying protocol used for these sessions is SSL.

With Secure Mobile Access, mobile workers, telecommuters, partners, and customers can access information and applications on your intranet or extranet. What information should be accessible to the user is determined by access policies configured by the Secure Mobile Access administrator.

Accessing Virtual Office resources

Remote network resources can be accessed in the following ways:

Using a standard Web browser - To access network resources, you must log in to the Secure Mobile Access portal. After authenticated, you might access intranet HTTP and HTTPS sites, offloaded portals, Web-based applications, and Web-based email. In addition, you might upload and download files using FTP or Windows Network File Sharing. All access is done through a standard Web browser and does not require any client applications to be downloaded to remote users’ machines.
Using Java thin-client access to corporate desktops and applications – The SonicWall SMASRA security appliance includes several Java or ActiveX thin-client programs that can be launched from within the SonicWall SMASRA security appliance. Terminal Services and VNC Java clients allow remote users to access corporate servers and desktops, open files, edit and store data as if they were at the office. Terminal Services provides the ability to open individual applications and support remote sound and print services. In addition, users might access Telnet and SSH servers for SSH version 1 (SSHv1) and SSH version 2 (SSHv2), from the Secure Mobile Access portal.
Using the NetExtender Secure Mobile Access client – The SonicWall Secure Mobile Access network extension client, NetExtender, is available through the Secure Mobile Access Virtual Office portal through an ActiveX control or through standalone applications for Windows, Linux, and Mac OS X platforms. To connect using the SMASRA client, log in to the portal, download the installer application and then launch the NetExtender connector to establish the SSL VPN tunnel. About the Virtual Office web interface. After you have set up the SSL VPN tunnel, you can access network resources as if you were on the local network.

The NetExtender standalone applications are automatically installed on a client system the first time you click the NetExtender link in the Virtual Office portal. The standalone client can be launched directly from users’ computers without requiring them to log in to the Secure Mobile Access portal first.

Using the SonicWall Mobile Connect app – SonicWall Mobile Connect is an app for iOS, Android, Mac OS X, Windows Phone, Windows 10, and ChromeOS that, like NetExtender, uses SSL VPN to enable secure, mobile connections to private networks protected by SonicWall security appliances. For information about installing and using SonicWall Mobile Connect, see the SonicWall Mobile Connect User Guide available at:
https://support.sonicwall.com/sonicwall-secure-mobile-access/sma%206200/release-notes-guides

For secure remote access to work as described in this guide, the SonicWall SMASRA security appliance must be installed and configured according to the directions provided in the Getting Started Guide for your model.

* 
NOTE: If your Administrator has Remediation enabled, the warning message “Access is denied by Geo IP & Botnet Filter” displays when attempting to accessing remote network resources. A browser window is automatically opened to display a CAPTCHA picture and entry field. You must complete remediation within the specified time limit before you can login. Refer to the SonicWall Secure Mobile Access Administration Guide for details.

Browser requirements

the Browser versions per client operating systems table provides information about the browsers supported on various client operating systems.

Browser versions per client operating systems

Browser

Operating System

 

Internet Explorer 11

Windows 7

 

Internet Explorer 10

Windows 10

 

Internet Explorer 11

Windows 10

 

Mozilla Firefox (latest version)

Windows Vista

Windows 7

Windows 10

Windows 10

Linux

Mac OS X

Google Chrome (latest version)

Windows Vista

Windows 7

Windows 10

Windows 10

Linux

Mac OS X

Apple Safari (latest version)

Mac OS X

 

For Administrator management interface browser compatibility, refer to the SonicWall Secure Mobile Access Administration Guide.

Below, the Browser support for Virtual Office features table provides browser requirements for specific features of Virtual Office.

Browser support for Virtual Office features 

Application Proxy

 

Features & Browser Requirements

Windows 7

Windows 10

Linux

Mac OS X

NetExtender

Browser Independent

Browser Independent

RDP5 (ActiveX)

 

 

RDP5

 

VNC

Telnet

SSHv1, SSHv2

HTTP, HTTPS, FTP (Browser)

File Sharing (Browser)

File Sharing

 

Citrix (Active X)

 

 

Citrix

Virtual Assist

Browser Independent

Browser

Independent

HTML5

(Internet Explorer 11 and later)

 

Virtual Assist is fully supported on Windows platforms. Virtual Assist is certified to work on Windows 7, and Windows Vista. Limited functionality is supported on Mac OS where customers can request for assistance through web-requests.

* 
NOTE: If you are using an HTML5 client with Internet Explorer, it must be IE11 or later. Earlier versions of Internet Explorer do not support HTML5.
NOTE: Not all HTML5 features (such as Audio Redirect) are supported on Internet Explorer because of browser limitations.
* 
NOTE: Plug-ins might not be supported in Firefox or Chrome browsers, because of the removal of NPAPI support. To launch clients such as NetExtender and Virtual Assist, download and open the files manually.

About certificates

If the SMASRA appliance uses a self-signed SSL certificate for HTTPS authentication, then it is recommended to install the certificate before establishing a NetExtender connection. If you are unsure whether the certificate is self-signed or generated by a trusted root Certificate Authority, SonicWall recommends that you import the certificate. The easiest way to import the certificate is to click Import Certificate on the System > Certificates page.

If the certificate is not issued by an authorized organization, a message is displayed warning users of the risk. A user can then view detailed information and choose to continue or end the connection.

When using the network logon method from the Windows login screen, NetExtender uses System Store for certificate-based authentication. When the user is already logged in to Windows, NetExtender uses the User Store for certificate-based authentication. A user who wants to use the network logon method when certificate authentication is also enabled should import his user certificate into the System Store as well as into the User Store.

About the Virtual Office web interface

You can access the Virtual Office portal at the URL provided to you by your network administrator.

To log in to Virtual Office:
1
On your workstation at your remote location, launch an approved browser and enter the IP address of the Virtual Office portal in the Location or Address field. By default, this is the default LAN IP address of the SMASRA appliance, https://192.168.200.1.
2
A security warning should appear. Click Yes to continue.

3
The SonicWall Secure Mobile Access login page displays and prompts you to enter your user name and password. To log in using the default administrator credentials, enter admin in the User Name field, password in the Password field, and select a domain from the Domain drop-down list and click Login. Only LocalDomain allows Administrator privileges.
* 
NOTE: Your Administrator might have set up another login and password for you that has only user privileges.

The default page displayed is the Virtual Office home page. The default version of this page shows a SonicWall logo, although your company’s system Administrator might have customized this page to contain a logo and look and feel of your company. Go to the About Virtual Office to learn more about the Virtual Office home page.

From the Virtual Office portal home page, you cannot navigate to the Administrator’s environment. If you have Administrator’s privileges and want to enter the Administrator environment, you need to go back to the login page and enter a username and password that have Administrator privileges, and log in again using the LocalDomain domain. Only the LocalDomain allows Administrator access to the management interface. Also note that the domain is independent of the privileges set up for the user.

Logging in as a user takes you directly to Virtual Office. The Virtual Office Home page displays as shown here.

The Virtual Office content varies based on the configuration of your network administrator. Some bookmarks and services described in the SonicWall Secure Mobile Access User Guide might not be displayed when you log in to the SMA/SRA security appliance.

The Virtual Office can contain any of the nodes described in the Virtual Office node descriptions table.

 

Virtual Office node descriptions 

Node

Description

File Shares

Provides access to the File Shares utility that gives remote users with a secure Web interface access to Microsoft File Shares using the CIFS (Common Internet File System) or SMB (Server Message Block) protocols. Using a Web interface similar in style to Microsoft’s familiar Network Neighborhood or My Network Places, File Shares allow users with appropriate permissions to browse network shares, rename, delete, retrieve, and upload files, and to create bookmarks for later recall.

NetExtender

Provides access to the NetExtender utility, a transparent SSL VPN client for Windows, Mac OS X, or Linux users that allows you to run any application securely on the remote network. It acts as an IP-level mechanism provided by the virtual interface that negotiates the ActiveX component (on Windows with IE), using a Point-to-Point Protocol (PPP) adapter instance. On non-Windows platforms, Java controls are used to automatically install NetExtender from the Virtual Office portal. After installation, NetExtender automatically launches and connects a virtual adapter for SSL secure NetExtender point-to-point access to permitted hosts and subnets on the internal network.

Secure Virtual Assist

Provides access to Virtual Assist, an easy to use tool that allows SonicWall Secure Mobile Access users to remotely support customers by taking control of their computers while the customer observes. Virtual Assist is a lightweight, thin client that installs automatically using Java from the Secure Mobile Access Virtual Office without requiring the installation of any external software. For computers that do not support Java, Virtual Assist can be manually installed by downloading an executable file from the Virtual Office.

Secure Virtual Meeting

Provides access to Virtual Meeting that allows multiple users to view a desktop and interactively participate in a meeting from virtually anywhere with an Internet connection. Virtual Meeting is similar to the one-to-one desktop sharing provided by Virtual Assist except multiple users can share a desktop.

Secure Virtual Access (if configured by Administrator

Virtual Access allows Technicians to gain access to systems outside the LAN of the SMASRA appliance. After downloading and installing the thin client for Virtual Access mode, the system appears only on that Technician’s Virtual Assist support queue, within the Secure Mobile Access management interface.

All Bookmarks

Provides a list of available bookmarks which are objects that enable you to connect to a location or application conveniently and quickly.

Downloads

Provides a list of downloadable clients and applications.

Options

Provides the option to change user password and use single sign-on, if enabled by the Administrator.

Help

Launches online help for Virtual Office.

Tips/Help

Provides a short list of common questions and tips about the Virtual Office.

Logout

Logs you out of the Virtual Office environment.

The Home page provides customized content and links to network resources. The Home Page might contain support contact information, VPN instructions, company news, or technical updates.

Only a Web browser is required to access intranet web sites, File Shares, and FTP sites. VNC, Telnet and SSHv1 require Java. SSHv2 provides stronger encryption than SSHv1, requires Oracle JRE 1.4 or above and can only connect to servers that support SSHv2. Terminal Services requires either Java or ActiveX on the client machine.

As examples of tasks you can do and environments you can reach through Virtual Office, you can connect to:

Intranet Web or HTTPS sites – If your organization supports Web-based email, such as Outlook Web Access, you can also access Web-based email
The entire network by launching the NetExtender client
FTP servers for uploading and downloading files
The corporate network neighborhood for file sharing
Telnet and SSH servers
Desktops and desktop applications using Terminal Services or VNC.
Email servers through the NetExtender client.

The Administrator determines what resources are available to users from the SonicWall Secure Mobile Access Virtual Office. The Administrator can create user, group, and global policies that disable access to certain machines or applications on the corporate network.

The Administrator might also define bookmarks, or preconfigured links, to Web sites or computers on the intranet. Additional bookmarks might be defined by the end user.

SonicWall NetExtender is a software application that enables remote users to securely connect to the remote network. With NetExtender, remote users can virtually join the remote network. Users can mount network drives, upload and download files, and access resources in the same way as if they were on the local network.

Logging Out of the Virtual Office

To end your session, simply return to the Virtual Office home page from wherever you are within the portal and click Logout.

When using the Virtual Office with the admin username, the Logout button is not displayed. This is a security measure to ensure that Administrators log out of the administrative interface, and not the Virtual Office.