Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

SMA (Secure Mobile Access) 11.3 - Web Only Access - WorkPlace Lite access

03/26/2020 8 People found this article helpful 198,206 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Basics

    Web only access (more commonly referred to as Reverse Proxy access) allows a user to perform a task in a working browser without any Access agents, End Point Control agents, or other agents pushed down to the client device.

    Resolution

    Although this feature has been a mainstay of  Secure Mobile Access products, in 11.3, the AMC Administrator can either give the end-user the option to enable WorkPlace Lite access mode access, force them to use WorkPlace Lite access, or disable WorkPlace Lite access entirely. This allows the AMC Administrator enough flexibility to setup a deployment where end-users can enable a checkbox or go to a specific WorkPlace site for Lite access.  If the user checks "WorkPlace Lite mode", then the system allows access to browser based graphical and text-terminal shortcuts as well as Web URL and HTML fileshare shortcuts.

     

    NOTE: Mobile Devices will always be logged in with WorkPlace Lite mode enabled.

     

    This feature can be combined with SMA-172 (Persistent Cookie) to allow (or disallow) seamless access to SharePoint documents, should the AMC Administrator desire that type of access for their users.

    Configuration

    To configure Workplace Lite mode, in the AMC, browse to WorkPlace > WorkPlace Sites > Your WorkPlace Site > Advanced.

    The administrator has the following options to choose from:

    Automatic: The user-selection checkbox for WorkPlace Lite mode on WorkPlace is not visible and WorkPlace Lite access will be enabled for mobile devices only.  This is the default for upgrades from previous firmware versions and new installations.  Label and Help text controls are disabled.

    Always: The user-selection checkbox for WorkPlace Lite mode on WorkPlace is not visible, but WorkPlace Lite access is always enabled when the user logs in to this WorkPlace site.  Label and Help text controls are disabled.

    Let user choose: The checkbox on WorkPlace for enabling or disabling WorkPlace Lite access is visible, along with the label text and help text.

    Image

    The AMC Administrator can modify or adjust the label text and help text as needed

    Image

    In AMC, this is what the User Sessions page looks like for WorkPlace Lite sessions:

    Image

    In Automatic or Always, the user is not presented any additional options on WorkPlace for Lite mode, but can verify if WorkPlace was loaded in Lite mode by clicking on Details in the upper right-hand corner

    Image

    When Let user choose is selected, the end-user is presented a checkbox to enable (or disable) WorkPlace Lite access for that specific session.

    Image

    When using a mobile device, the system will hide the WorkPlace Lite checkbox, and automatically enable Lite mode.

    Image      Image

     

    Caveats

    • Access to the Connect Tunnel installation link will be governed by existing AMC policy (ACLs or WP Layouts). If it's showing up where it shouldn't, adjust your policy.
    • Realms that have PKI Authentication enabled only will not work with the WorkPlace Lite option "Let user choose".
    • When Lite mode is enabled, end-user can only access the following.
      • Web URL links
      • Native Access Modules (NAMs) that support HTML5 (browser based) access only
        • Graphical terminal
        • Text terminal
        • Virtual desktop
    • HTML fileshare shortcuts (no Java or ActiveX)
      • Works on standard devices, as well as mobile device (tablets and phones).
    • When Zone Classification occurs for WorkPlace Lite mode sessions, only EPC Zones with no Device Profiles or the Default zone will match.
    • Personal Device Authorization (PDA) will not work with WorkPlace Lite mode.
      • In AMC, if Personal Device Authorization (PDA) is enabled, we will show a message to the administrator in the User Session details about why that particular user did not classify in to the zone.
      • In the access_servers.log, the following log message will be emitted for WP Lite user sessions that cannot classify in to an EPC Zone due to Personal Device Authorization being enabled (where {user} is replaced with the username for the active user, and {zone} is replaced with the EPC Zone that was tried).

    Workplace Lite Mode is active for user '{user}', this connection will not classify into zone '{zone}' because Personal Device Authorization is enabled for this zone.

    • Some browser profiles (3 below) have been migrated out of the configuration as a result of WorkPlace Lite mode. Browsers that do not support JavaScript (or do not have JavaScript enabled) will be unable to establish a session to WorkPlace. Any device connecting to SMA WorkPlace that would match these profiles will instead behave like a Standard Mobile Device that has JavaScript enabled (which is now the default / fallback).
      • Standard mobile (No JavaScript)
      • WAP 2.0 mobile
      • i-Mode (cHTML browser)

    FAQs

    Will file share short-cuts work on Mobile Devices?
    Yes, the HTML version of Network Explorer on all mobile devices including iOS devices is allowed. Users can manage files (upload/download) with restricted file types supported on that mobile platform.
    With HTML5 clients, is it possible to obtain user credentials by running a capture on the client device? Are the credentials stored in the browser somewhere that they could be accessed?
    For RDP with SSO enabled, WorkPlace would send the encrypted password to HTML5 RDP client. The HTML5 client would decrypt and forward the credentials to RDP server over RDP/WS protocol.
    For RDP without SSO and for other clients, when user enters the password, it's captured by the HTML5 client (JavaScript) and is forwarded to the backend server. In other words, the credentials aren't stored anywhere in the browser.

     

    Related Articles

    • SMA1000: Where can I find the EPC interrogator & SEM Logs for Version 12.4.2?
    • Printer Redirection with RDP through Secure Mobile Access
    • EPC check based on Windows version

    Categories

    • Secure Mobile Access > SMA 1000 Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top