SonicWall NetExtender Client FAQs
08/27/2020 352 People found this article helpful 221,140 Views
Does NetExtender work on other operating systems than Windows?
Yes, NetExtender can be installed on Linux. For Mac we recommend Mobile connect, please follow:How Can I Install Mobile Connect On MacOS?
NetExtender installation packages are downloadable from mysonicwall.com for each release.
TIP: Please follow How Can I Download And Install NetExtender For Windows? .
Can I block communication between NetExtender clients?
Yes, this can be achieved with the User/Group/Global Policies by adding a ‘deny’ policy for the NetExtender IP range.
Can NetExtender run as a service?
Yes, NetExtender cab be run as a Windows service, which will allow systems to login to domains across the NetExtender client.
What range do I use for NetExtender IP client address range?
This range is the pool that incoming NetExtender clients will be assigned – NetExtender clients actually appear as though they are on the internal network – much like the Virtual Adapter capability found in SonicWall’s Global VPN Client. You will need to dedicate one IP address for each active NetExtender session, so if you expect 20 simultaneous NetExtender sessions to be the maximum, create a range of 20 open IP addresses. Make sure that these IP addresses are open and are not used by other network appliances or are contained within the scope of other DHCP servers.
What do I enter for NetExtender client routes?
These are the networks that will be sent to remote NetExtender clients and should contain all networks that you wish to give your NetExtender clients access to.
What does the ‘Tunnel All Mode’ button do?
Activating this feature will cause the SSL-VPN appliance to push down two default routes that tell the active NetExtender client to send all traffic through the SSL-VPN appliance. This feature is useful in environments where the SSL-VPN appliance is deployed in tandem with a SonicWall security appliance running all UTM services, as it will allow you to scan all incoming and outgoing NetExtender user traffic for viruses, spyware, intrusion attempts, and content filtering.
Is there any way to see what routes the SSL-VPN is sending NetExtender?
Yes, right-click on the NetExtender icon in the taskbar and select route information. You can also get status and connection information from this same menu.
Once I install the NetExtender is it uninstalled when I leave my session?
By default, when NetExtender is installed for the first time it stays resident on the system, although this can be controlled by selecting the Uninstall On Browser Exit > Yes option from the NetExtender icon in the taskbar while it is running. If this option is checked, NetExtender will remove itself when it is closed. It can also be uninstalled from the “Add/Remove Program Files” in Control Panel. NetExtender remains on the system by default to speed up subsequent login times.
How do I get new versions of NetExtender?
New versions of NetExtender are included in patch releases of the SSL-VPN software and have version control information contained within. If the SSL-VPN appliance has been upgraded with new software, and a connection is made from a system using a previous, older version of NetExtender, it will automatically be upgraded to the new version.
How is NetExtender different from a traditional IPSec VPN client, such as SonicWall’s Global VPN Client (GVC)?
NetExtender is designed as an extremely lightweight client that is installed using a Web browser connection, and utilizes the security transforms of the browser to create a secure, encrypted tunnel between the client and the SSL-VPN appliance. While it does not have anywhere near the feature set of GVC, it is useful in most environments where basic network connectivity is required.
Which Cipher Method Is Being Used In SSL VPN Session?
In SonicOS 184.108.40.206 and later, the cipher preference option under SSL VPN server settings is removed. This is due to SonicOS support more cipher methods and it is designed to chose one cipher automatically in the negotiation with the client.
To find out which cipher is being used in the ssl vpn session. You could capture the packets on ether Firewall or the client. Decode the TCP packets with port 4433 as SSL and select the Server Hello packet. Then you can find the cipher suite which is being used under Secure Socket Layer sub-tree.
What is the PPP adapter that is installed when I use the NetExtender?
This is the transport method NetExtender uses. It also uses compression (MPPC). You can elect to have it removed during disconnection by selecting this from the NetExtender menu.
Why is it required that an ActiveX component be installed?
NetExtender is installed via an ActiveX-based plug-in from Internet Explorer. Users using Firefox browsers may install NetExtender via an XPI installer.
Does NetExtender support desktop security enforcement, such as AV signature file checking, or windows registry checking?
Not at present, although these sorts of features are planned for future releases of NetExtender.
Does NetExtender support client-side certificates?
Users need to authenticate to the SSL-VPN portal and then launch NetExtender. This feature is not available from the stand-alone NetExtender client on the SonicWall UTM devices, however certification based auth is supported on the SMA devices.
Do the SSL-VPN appliances support the ability for the same user account to login simultaneously?
Yes, On the portal layout, you can enable or disable the ‘Enforce login uniqueness’ option. If this box is unchecked, users can log in simultaneously with the same username and password.
Are the Username, Password, and Domain fields in NetExtender case-sensitive?
The Password and Domain fields are Case-Sensitive, but not the Username field. The NetExtender 4.0 and above versions report an error message when the domain is invalid and includes a note that domains are case-sensitive.