Secure Mobile Access 100 10.2 Administration Guide

Modifying Clients Settings

This feature is for external users, who inherits the settings from their assigned group upon login. NetExtender client settings can be specified for the user or use the group settings.

To enable NetExtender/Mobile Connect ranges and configure Static client settings for a user

  1. Navigate to Users > Local Users.
  2. Click the configure icon next to the user you want to configure.
  3. On the Edit Local User page, select the Clients page.
    1. Under Client Address Range, select Use Static Pool from the drop-down menu.
    2. Supply a beginning client IPv4 address in the Client Address Range Begin field.
    3. Supply an ending client IPv4 address in the Client Address Range End field.
    4. Under Client IPv6 Address Range, optionally select Use Static Pool from the drop-down menu.
    5. Supply a beginning client IPv6 address in the Client Address Range Begin field.
    6. If using IPv6, supply an ending client IPv6 address in the Client Address Range End field.
  4. Under DNS Settings:

    Enter the following:

    • Primary DNS Server: Type the address of the primary DNS server in the Primary DNS Server field.
    • Secondary DNS Server: Optionally, type the IP address of the secondary server in the Secondary DNS Server field.
    • DNS Search List (in order): Type the DNS domain suffix and click Add. Next, use the up and down arrows to prioritize multiple DNS domains in the order they should be used.
      • For SMA appliances supporting connections from Apple iPhones, iPads, or other iOS devices using SonicWall Mobile Connect, use this DNS Search List. This DNS domain is set on the VPN interface of the iPhone/iPad after the device makes a connection to the appliance. When the mobile device user accesses a URL, iOS determines if the domain matches the VPN interface’s domain, and if so, uses the VPN interface’s DNS server to resolve the hostname lookup. Otherwise, the Wi-Fi or 3G/4G DNS server is used that is not able to resolve hosts within the company intranet.
  5. Under Client Settings:

    Select one of the following from the Exit Client After Disconnect drop-down menu:

    • Use group setting – Take the action specified by the group setting.
    • Enabled – Enable this action for the user. Overrides the group setting.
    • Disabled – Disable this action for all members of the group. Overrides the global setting.
  6. In the Uninstall Client After Exit drop-down menu, select one of the following:

    • Use group setting – Take the action specified by the group setting.
    • Enabled – Enable this action for the user. Overrides the group setting.
    • Disabled – Disable this action for all members of the group. Overrides the global setting.
  7. In the Allow Client to Turn Off Auto Update drop-down menu, select one of the following:

    • Use group setting – Take the action specified by the group setting.
    • Enabled – Enable this action for the user. Overrides the group setting.
    • Disabled – Disable this action for all members of the group. Overrides the global setting.
  8. In the Create Client Connection Profile drop-down menu, select one of the following:

    • Use group setting – Take the action specified by the group setting.
    • Enabled – Enable this action for the user. Overrides the group setting.
    • Disabled – Disable this action for all members of the group. Overrides the global setting.
  9. In the Username & Password Caching drop-down menu, select one of the following:

    • Use group setting – Take the action specified by the group setting.
    • Allow saving of username only – Allow caching of the username. The user only needs to enter a password when starting NetExtender. Overrides the group setting.
    • Allow saving of username & password – Allow caching of the username and password. The user is automatically logged in when starting NetExtender. Overrides the group setting.
    • Prohibit saving of username & password – Do not allow caching of the username and password. The user is required to enter both username and password when starting NetExtender. Overrides the group setting.
  10. In Allow client to use Touch ID on IOS devices, the control only blocks future attempts to log in with fingerprint technology on IOS devices when the option is disabled as there is no method for the server to change the client settings until the client attempts a connection. So, in some cases, a client might not be conforming to previous policies for the initial connection. Configuration is allowed globally, by group, or per user.
  11. In Allow client to use Fingerprint Authentication on Android devices, the control only blocks future attempts to log in with fingerprint technology on Android devices when the option is disabled as there is no method for the server to change the client settings until the client attempts a connection. So, in some cases, a client might not be conforming to previous policies for the initial connection. Configuration is allowed globally, by group, or per user.
  12. In Allow client to use Touch ID on macOS devices, the control only blocks future attempts to log in with fingerprint technology on macOS devices when the option is disabled as there is no method for the server to change the client settings until the client attempts a connection. So, in some cases, a client might not be conforming to previous policies for the initial connection. Configuration is allowed globally, by group, or per user.
  13. In Allow client to use Face ID on iOS devices, the control only block future attempts to log in with Face ID technology on iOS devices when the option is disabled there is no method for the server to change client settings until the client attempts connection. So, in some cases, a client might not be conforming to previous policies for the initial connection. Configuration is allowed globally, by group, or per user.
  14. In the Always on VPN section, configure the following:

    • For Enable Always on VPN, select one of the following:
      • Use global setting – Take the action specified by the global setting.
      • Enabled – Enable this action for the user. Overrides the global setting.
      • Disabled – Disable this action for all members of the group. Overrides the global setting.
    • For Allow User to Disconnect select one of the following:
      • Use global setting – Take the action specified by the global setting.
      • Enabled – Enable this action for the user. Overrides the global setting.
      • Disabled – Disable this action for all members of the group. Overrides the global setting.
    • For Allowing accessing network if VPN fail to connect select one of the following:
      • Use global setting – Take the action specified by the global setting.
      • Enabled – Enable this action for the user. Overrides the global setting.
      • Disabled – Disable this action for all members of the group. Overrides the global setting.
    • For Don’t connect VPN in trusted network select one of the following:
      • Use global setting – Take the action specified by the global setting.
      • Enabled – Enable this action for the user. Overrides the global setting.
      • Disabled – Disable this action for all members of the group. Overrides the global setting.
  15. In the Internal Proxy Settings section, select from the drop-down menu to apply global settings or to enable or disable the Internal Proxy feature. Click Accept.

To enable client ranges and configure DHCP client settings for a user

  1. Navigate to Users > Local Users.
  2. Click the configure icon next to the user you want to configure.
  3. In the Edit Local User page, select the Clients page.
    1. Under Client Address Range, select Use DHCP from the drop-down menu.
    2. Under Select Interface, use the drop-down menu to select the interface to use for DHCP.
    3. Supply the DHCP Server in the field provided.
    4. Under Client IPv6 Address Range, optionally select Use DHCPv6 from the drop-down menu.
    5. Under Select Interface, use the drop-down menu to select the interface to use for DHCPv6.
    6. Optionally supply the DHCPv6 Server in the field provided.
  4. Under DNS Settings:

    Enter the following:

    • Primary DNS Server: Type the address of the primary DNS server in the Primary DNS Server field.
    • Secondary DNS Server: Optionally, type the IP address of the secondary server in the Secondary DNS Server field.
    • DNS Search List (in order): Type the DNS domain suffix and click Add. Next, use the up and down arrows to prioritize multiple DNS domains in the order they should be used.

    For SMA appliances supporting connections from Apple iPhones, iPads, or other iOS devices using SonicWall Mobile Connect, use this DNS Search List. This DNS domain is set on the VPN interface of the iPhone/iPad after the device makes a connection to the appliance. When the mobile device user accesses a URL, iOS determines if the domain matches the VPN interface’s domain, and if so, uses the VPN interface’s DNS server to resolve the hostname lookup. Otherwise, the Wi-Fi or 3G/4G DNS server is used that is not able to resolve hosts within the company intranet.

  5. Under Client Settings, select one of the following from the Exit Client After Disconnect drop-down menu:

    • Use group setting – Take the action specified by the group setting.
    • Enabled – Enable this action for the user. Overrides the group setting.
    • Disabled – Disable this action for all members of the group. Overrides the global setting.
  6. In the Uninstall Client After Exit drop-down menu, select one of the following:

    • Use group setting – Take the action specified by the group setting.
    • Enabled – Enable this action for the user. Overrides the group setting.
    • Disabled – Disable this action for all members of the group. Overrides the global setting.
  7. In the Create Client Connection Profile drop-down menu, select one of the following:

    • Use group setting – Take the action specified by the group setting.
    • Enabled – Enable this action for the user. Overrides the group setting.
    • Disabled – Disable this action for all members of the group. Overrides the global setting.
  8. In the Username & Password Caching drop-down menu, select one of the following:

    • Use group setting – Take the action specified by the group setting.
    • Allow saving of username only – Allow caching of the username. The user only needs to enter a password when starting NetExtender. Overrides the group setting.
    • Allow saving of username & password – Allow caching of the username and password. The user is automatically logged in when starting NetExtender. Overrides the group setting.
    • Prohibit saving of username & password – Do not allow caching of the username and password. The user is required to enter both username and password when starting NetExtender. Overrides the group setting.
  9. In Allow client to use Touch ID on IOS devices, the control only blocks future attempts to log in with fingerprint technology on IOS devices when the option is disabled as there is no method for the server to change the client settings until the client attempts a connection. So, in some cases, a client might not be conforming to previous policies for the initial connection. Configuration is allowed globally, by group, or per user.
  10. In Allow client to use Fingerprint Authentication on Android devices, the control only blocks future attempts to log in with fingerprint technology on Android devices when the option is disabled as there is no method for the server to change the client settings until the client attempts a connection. So, in some cases, a client might not be conforming to previous policies for the initial connection. Configuration is allowed globally, by group, or per user.
  11. In Allow client to use Touch ID on macOS devices, the control only blocks future attempts to log in with fingerprint technology on macOS devices when the option is disabled as there is no method for the server to change the client settings until the client attempts a connection. So, in some cases, a client might not be conforming to previous policies for the initial connection. Configuration is allowed globally, by group, or per user.
  12. In Allow client to use Face ID on iOS devices, the control only block future attempts to log in with Face ID technology on iOS devices when the option is disabled there is no method for the server to change client settings until the client attempts connection. So, in some cases, a client might not be conforming to previous policies for the initial connection. Configuration is allowed globally, by group, or per user.
  13. In the Always on VPN section, configure the following:

    • For Enable Always on VPN, select one of the following:
      • Use group setting – Take the action specified by the group setting.
      • Enabled – Enable this action for the user. Overrides the group setting.
      • Disabled – Disable this action for all members of the group. Overrides the global setting.
    • For Allow User to Disconnect select one of the following:
      • Use group setting – Take the action specified by the group setting.
      • Enabled – Enable this action for the user. Overrides the group setting.
      • Disabled – Disable this action for all members of the group. Overrides the global setting.
    • For Allowing accessing network if VPN fail to connect select one of the following:
      • Use group setting – Take the action specified by the group setting.
      • Enabled – Enable this action for the user. Overrides the group setting.
      • Disabled – Disable this action for all members of the group. Overrides the global setting.
    • For Don’t connect VPN in trusted network select one of the following:
      • Use group setting – Take the action specified by the group setting.
      • Enabled – Enable this action for the user. Overrides the group setting.
      • Disabled – Disable this action for all members of the group. Overrides the global setting.
  14. In the Internal Proxy Settings section, select from the drop-down menu to enable or disable the Internal Proxy feature.
  15. Click Accept.

To select user-mapped address settings for a user

  1. In the SMA management interface, navigate to Users > Local Users.
  2. Hover over a user and click the Edit icon.
  3. Click Clients tab.

  4. In the CLIENT ADDRESS RANGE section, select Use user-mapped address.
  5. Click Submit.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.