Secure Mobile Access 12.5 Administration Guide

Technical Documentation> Introduction> About Secure Mobile Access> What’s New in This Release> SMA AMC Enhancements

Secure Mobile Access 12.5.0
Introduction
- About Secure Mobile Access
Installation
- Installation and Initial Setup
Management
Authentication
- Network and Authentication Configuration
Administration
- Security Administration
  - Creating and Managing Resources
    Resource Types
    Built-In Resources
    Secure Mobile Access WorkPlace (Resource Type: URL)
    Connect Tunnel (Resource Type: URL)
    Network Explorer (Resource Type: Network Share)
    Web Resources
    Client/Server Resources
    File Share Resources
    Resources and Resource Groups
    Viewing Resources and Resource Groups
    Adding Resources
    Example: Specifying a URL Alias
    Example: Blocking Email Attachments
    Example: Supporting Exchange on iPhones
    Example: Restricting Access to Sensitive Data
    Editing Resources
    Deleting Resources
    Configuring a Resource as a SharePoint Web Service
    Exclusions
    Using the Exclusions
    Using Variables in Resource and WorkPlace Shortcut Definitions
    Using Session Property Variables
    Using Query-Based Variables
    Creating a Resource Pointing to Users’ Remote Desktops
    Creating a WorkPlace Link Giving Users Access to Their Remote Desktops
    Creating a Variable Containing a Variable
    Modifying Query Results
    Displaying a Series of Shortcuts Using a Single Definition
    Creating and Managing Resource Groups
    Adding Resource Groups
    Example: Working with a URL Redirect
    Editing, Deleting and Copying Resource Groups
    Web Application Profiles
    Viewing Web Application Profiles
    Adding Web Application Profiles
    Preconfigured Web Application Profiles
    Web Application Profile Examples
    How Requests for Web Resources are Evaluated
    Associating one profile with an entire domain
    Editing and Deleting Web Application Profiles
    Configuring a Single Sign-On Authentication Server
    Forms-Based Single Sign-On
    Basic Authentication Forwarding
    NTLM Authentication Forwarding
    Creating Forms-Based Dynamic Single Sign-On Profiles
    Dynamic SSO Profile for Microsoft RDWeb
    Configuring Microsoft RD Web Access in AMC
    Creating Dynamic SSO Profile for Microsoft Remote Desktop Web Client
    Creating Web Application Profile
    Creating RDWeb URL resource with custom access
    Adding RDWeb in start page
    Dynamic SSO Profile for Citrix XenApp
    Configuring Citrix XenApp in AMC
    Creating Dynamic SSO Profile for Citrix XenApp
    Creating Web Application Profile
    Creating Citrix XenApp URL resource with custom access
    Adding Citrix Xenapp in start page
    Kerberos Constrained Delegation
    Configuring Kerberos Constrained Delegation
    Configuring SMA Support for Microsoft Outlook Anywhere
    Viewing User Sessions
  - Access Control Rules
    Configuring Access Control Rules
    Viewing Access Control Rules
    Access Control Rules for Bi-Directional Connections
    Requirements for Reverse and Cross-Connections
    Securing Application Ports for Reverse Connections
    Adding Access Control Rules for a Forward Connection
    Specifying Advanced Access Control Rule Attributes
    Adding Access Control Rules for a Reverse Connection
    Adding a Pair of Access Control Rules for a Cross-Connection
    Configuring Advanced Access Control Rule Attributes
    Access Methods and Advanced Options
    Adding Users and Resources From Within Access Control Rules
    Editing, Copying, and Deleting Access Control Rules
    Resolving Deny Rule Incompatibilities
    Resolving Invalid Destination Resources
    Invalid Resource Examples
- System Administration
End Point Control
Components
Mobile Connect
- Using SMA with Mobile Connect
Appendix
SonicWall Support
- About This Document

SMA AMC Enhancements

In SMA12.5.0 the following are AMC enhancements.

IPv6 Support

Secure Mobile Access (SMA) now supports you to work with both IPv4 and IPv6 for better connectivity. SMA offers flexibility in network configuration, allowing for transitions between IPv4 and IPv6 through three distinct tunnelling methods:

IPv4-only: This method wraps IPv6 packets in IPv4 packets. It helps organizations move to IPv6 while still using their current IPv4 systems.
IPv6-only: This method carries only IPv6 traffic, best for places that fully use IPv6.
Dual-stack: This method allows devices to use both IPv4 and IPv6 at the same time. It helps during the transition between the two.

Key features include:

Support for IPv6 traffic: This ensures safe communication between clients and servers using IPv6.
Support for both addressing types: It works with both IPv4 and IPv6 addresses, making it adaptable to different networks.
Auto-Addressing: This feature allows devices to automatically configure their IPv6 addresses, simplifying the setup.
Static Address Pools: Administrators can manage IPv6 addresses more easily with static pools.
Better Routing: This makes communication with IPv6 hosts easier and more efficient.
Handling IPv6 Resources: The SMA solutions can manage various IPv6 resources to meet modern networking needs.

Alerts

The Alerts feature helps manage appliances by allowing administrators to spot and resolve issues before they impact users. It provides timely notifications and performance insights to ensure a smooth user experience. Initially, the Alerts feature was available only in the Central Management Server (CMS); it has now been extended to standalone appliances to improve user visibility. Refer to Alerts in AMC for Effective Appliance Management section.

Managing the Citrix Agent or VMware View Clients

Graphical terminal agents can be configured and uninstalled successfully using the user interface.

In the AMC, navigate to User Access > Agent Configuration> Other Agents > Graphical terminal agents, and you can uninstall the specified agent. Refer to Managing Graphical Terminal Agents section.

Force authenticating users with SAML Authentication servers

Enable Force users to re-authenticate to ask the Identity Provider to check the user’s credentials every time they log into their account. Refer to Configuring a SAML 2.0 Identity Provider Authentication Server section.

Improvements in SMA Licensing

SMA appliances now use dynamic licensing, simplifying product registration and license management. Users can register directly through the interface, eliminating manual downloads and uploads. This change streamlines activation and automates renewals while still supporting manual uploads for closed networks. Refer to License Management section.

Prefix Length

IP addresses utilize two formats for subnet masks: dotted-decimal notation (example, 255.255.255.0) for IPv4 and CIDR notation (example, /24) to indicate network size. For IPv6 addresses, we use the term Prefix (example, /64). In SMA 12.5.0 fields or columns that can contain either an IPv4 or IPv6 address, we refer to them as netmask/prefix.

Examples of such fields include:

Network interfaces
Routing tables
Address pool ranges
SNMP hosts
SSH hosts
Subnet resources
Static address pool ranges
Auth server OTP registration hostshosts

Downloading the SMA1000 Client Installation Packages

This section describes how to download the installation package for the Connect Tunnel client to your local workstation.

The following latest processor and versions are supported to download the client:

ARM 64 processor is supported for Windows and Linux.

macOS Ventura (13.x) apple version is required for MAC operating system.

Refer to the Downloading the Secure Mobile Access Client Installation Packages section.

< Prev Section

Next Section >