User Guide - SonicWALL
Contents
1. The process of creating a Mobile Connect connection is slightly different depending on which type of Dell SonicWALL appliance you are connecting to The following sections describe how to create a connection e Creating a Connection to Dell SonicWALL Firewall and SRA Appliances on page 9 e Creating a Connection to Dell SonicWALL E Class SRA Appliances on page 11 Creating a Connection to Dell SonicWALL Firewall and SRA Appliances 1 Launch SonicWALL Mobile Connect You will be presented with the screen to begin your first connection Tap Add connection Name Enter a descriptive name for the connection Server Enter the URL or IP address of the server a 8 Add Connection Name Example Server access example com ay tw er t yuiop al foe PON eee fon Ani EJS ERT Bi 4 gt z xcv bnm 21233 Next 2 Tap Next Mobile Connect will then attempt to contact the Dell SonicWALL appliance If the attempt fails a warning message will display asking if you want to save the connection Verify that the server address or URL is spelled correctly and then tap Save A sslvpn example com is either currently unreachable or is not a valid SonicWALL appliance Would you like to save this connection anyway Cancel 3 Before tapping Save verify that the server address or URL is spelled correctly Using Mobile Connect 9 4 If Mobile Connect successfully contacts the server you will be prompted to enter2. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OR MERCHANTIBILITY FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT OF THIRD PARTY RIGHTS IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE FExyrant ae eantainad in thie nntira tha nama nf a 34 SonicWALL Mobile Connect for Android User Guide When a Mobile Connect session is active the Android System Notifications area includes an entry indicating that the VPN is connected 3 22 MON MARCH 31 SE 9 VPN is activated by SonicW 2 56 PM Mobile Connected to access exampe com Tap 9 Connect ws USB debugging connected Touch to disable USB debugging Connected as a media device Touch for other USB options Tapping on the SonicWALL Mobile Connect entry in the Android System Notifications area displays a summary of statistics on the VPN session The statistics page displays the server name duration of the session and the amount of traffic that has been sent and received Three buttons are also provided on this screen e Cancel Closes the statistics screen e Disconnect Disconnects the Mobile Connect session e Configure Launches the SonicWALL Mobile Connect app O Mobile Connect Session Duration Sent Received Cancel
3. access example com 00 35 07 7983 bytes 107 packets 13995 bytes 101 packets Disconnect Configure Monitoring Mobile Connect 35 Mobile Connect Widget When the SonicWALL Mobile Connect app is installed a widget for Android is also created in the widgets tab It can then be dragged from the widgets tab to the home screen This widget is used as follows The widget shows the connection status connected disconnected connecting etc e Tap the icon to establish a tunnel when disconnected e Tap the icon to disconnect the tunnel when connected e Tap any other area of the widget to launch the Mobile Connect client S SRA 4600 Connected 36 SonicWALL Mobile Connect for Android User Guide Troubleshooting Mobile Connect If you are unable to connect to the Dell SonicWALL server perform the following steps to troubleshoot the connection 1 Double check that you have entered the server name properly in the connection configuration 2 Go to the web browser on your device and attempt to navigate to the SSL VPN appliance web portal 3 If you are unable to load the web portal the problem is with the Dell SonicWALL appliance Contact your network administrator if the problem persists 4 Ifthe web portal loads successfully on the browser and you still cannot establish a Mobile Connect connection notify Dell SonicWALL Support as follows a On the Settings tab enable the Debug Logging option b At
4. The Settings tab also provides Support information which includes a User Guide and device connection and server information Connect On Launch Automatic Reconnect URL Control Bookmarks Files Logs SUPPORT User Guide Device Information Email Logs The following options are controlled from the Settings tab e Connect on Launch Sets Mobile Connect to automatically initiate a connection to the last used profile when it is launched e Automatic Reconnect Sets Mobile Connect to automatically attempt to reconnect if the connection is lost The SSL VPN connection can be disrupted when your device s connection transitions to a different network type for example from Wi Fi to 3G This setting lets applications rely on a sustained VPN connection There is no limit on the amount of time it takes to reconnect URL Control Allows other mobile applications to pass action requests using special URLs to Mobile Connect These action requests can create VPN connection entries and connect or disconnect VPN connections For example another application can launch Mobile Connect access internal resources as needed and then disconnect by using the mobileconnect or sonicwallmobileconnect URL scheme Some common examples of URL Control are Add profile mobileconnect addprofile name ConnectionName amp server ServerAddress amp Parameter1 Value amp Parameter2 Value Connect mobileconnect connect name Conn
5. remains in the ON position o amp 8 wv O SONICWALL gt Connection SRA 4600 VPN ON Status Connected Showing All mA 3 0 Release Notes Mobile Connect 3 0 Release Notes Intranet 7 Sharepoint 2013 Marketing Files server share My PC Windows 8 1 a a Any bookmarks defined for the portal are displayed below the Disconnect button Navigate to a bookmark s destination Bookmarks will only appear after a VPN connection is established if the server is running firmware that supports Mobile Connect bookmarks and bookmarks have been defined for that user Press the Home button to return to your device s home screen You can now navigate to other apps to access your Intranet network The status bar will display a VPN icon y to indicate that the session is still connected Google If the VPN connection is interrupted the VPN icon will disappear and you will no longer be able to access the Intranet network This can happen if your device s connection transitions to a different network connection for example from Wi Fi to cellular Return to Mobile Connect to reestablish the connection Optionally you can configure the Automatic Reconnect option on the Settings tab to have Mobile Connect automatically attempt to reestablish interrupted connections Using Mobile Connect 15 Configuring Mobile Connect Settings SonicWALL Mobile Connect provides several settings for connection and logging options
6. your Username and Password unless the server does not require this information ae 8 Add Connection Name Example Server access example com Username Password qwertyiuii an ESA PON EiS bobo pis lt gt A A E E 7123 Y AS Note If the screenshots above do not match what is displayed on your device you are connecting to a Dell SonicWALL E Class SRA appliance Proceed to Creating a Connection to Dell SonicWALL E Class SRA Appliances on page 11 5 The Domain field is auto populated with the default domain from the server To select a different domain tap Domain to display a drop down menu of the available options and tap Save E 8 Add Connection Server access example com Username l LocalDomain Choose during login LocalDomain PL PLL au EST PON fee COS tree fe EKS Ri 4 gt zZz Xc Vv bnm 2123 10 SonicWALL Mobile Connect for Android User Guide Creating a Connection to Dell SonicWALL E Class SRA Appliances 1 Launch Mobile Connect You will be presented with the screen to begin your first connection Tap Add connection Name Enter a descriptive name for the connection Server Enter the URL or IP address of the server E 8 Add Connection Name Example Server access example com qwerty u A E Eia COI tU S 4 zZz xcv bnm a 21231 Next 2 Tap Next Mobile Connect will then attempt to contact the Dell SonicWALL appliance If the a
7. B POF 3 0 Release Notes mm Presentations wy Times Square jpg Mobile Connect 3 0 Release Notes 02 21 14 10 41 AM TETAS PM 220 66 KB al Marketing Files _ Product Specs server share 01 27 14 4 16 PM wA New Mobile Connect Data Sheet Videos 3 0 Data Sheet _ 03 3 14 9 37 AM Supported File Types Mobile Connect supports all file types natively supported by Android including the following File Extension Images Jpg jpeg tif tiff png Music mp3 m4a wav Movies mov mp4 Microsoft Word Documents doc docx Microsoft Excel Spreadsheets XIS XISX Microsoft Powerpoint Presentations ppt pptx Adobe PDF pdf Web Pages htm html Text and Rich text Files txt rtf Using Mobile Connect 27 28 Unsupported Files lf a file type is not supported the user will be prompted that the file may not be viewable unless there is another app installed that can view the file The user can tap Try Anyway and if there is another app that is registered to handle that file type the user will have the option to open the file in that app o amp E Unsupported TarFile tar 10 29 12 10 04 PM 770 00 KB TarGzipFile tgz 08 15 11 5 27 PM 179 69 KB WindowsExe exe 07 26 08 8 56 PM 120 00 KB WindowsMediaAudio wma 06 13 05 4 01 PM 7 54 MB ZipFile zip 03 12 12 5 29 PM 3 29 MB SonicWALL Mobile Connect for Android User Guide Mobile Connect does not find any appropriate app to view thi
8. Galaxy S3 e Motorola Droid Razr Tablet e Samsung Galaxy Tab e Amazon Kindle Fire Note Although Mobile Connect is designed to work with all Android devices running the 4 0 or newer platform only the above platforms have been tested and verified to run Mobile Connect Custom ROMs are not officially supported Dell SonicWALL Appliance Support SonicWALL Mobile Connect is a free app but requires a concurrent user license on one of the following Dell SonicWALL solutions in order to function properly e Dell SonicWALL firewall appliances including the TZ NSA E Class NSA running SonicOS 5 8 1 0 or higher e Dell SonicWALL SRA appliances running 5 5 or higher e Dell SonicWALL Aventail E Class SRA appliances running 10 5 4 or higher What s New in This Release The following features some of which are specific to E Class SRA appliances or SMB SRA appliances and Next Generation Firewalls have been added in Mobile Connect 3 0 e Ul Redesign Mobile Connect 3 0 has a new app icon splash screen and look and feel The Connect Disconnect button has been replaced with an On Off switch File Bookmarks Mobile Connect 3 0 working with SRA 7 5 firmware introduces secure mobile access to files Granular policy controls can be configured to allow other Android apps to use each file Policies include control over whether a file may be securely cached or opened in a third party app Files Bookmarks are displayed after the VPN is connected Se
9. MB SRA Appliances On SMB SRA appliances client certificate authentication is available as a second factor authentication method in addition to standard user name and password authentication If a client certificate is required during authentication you are automatically prompted to select a client certificate from the Android device client certificate store sd SONICWALL gt Login Server access example com Username johndoe Password LocalDomain Cancel qwer tyu asdfgh jki 4 Zz xcv bnm 32 SonicWALL Mobile Connect for Android User Guide The app SonicWALL has requested a certificate Choosing a certificate will let the app use this identity with servers now and in the future The app has identified the requesting server as sra1200 eng sonicwall com but you should only give the app access to the certificate if you trust the app John Doe Client Cert E johndoe dexample com CN John Doe OU Engineering O Dell SonicWALL L Los Angeles ST CA C US You can install certificates from a PKCS 12 file with a pfx or a p12 extension located in external storage WAE Allow a Select the client certificate from the list of certificates and tap Allow By default the client certificate is set to Choose during login for a VPN configuration If you successfully authenticate with a client certificate the VPN configuration profile is automatically updated to set the client certificate to the one that was chosen
10. RROR CODES24 sonicwallmobileconnect disconnect callbackurl customapp 3A 2F 2Fhost 3Fstatus 3D 24STATUSS24 261login group s3Ds24LOGIN GROUP s26error codes3De24ERROR CODES24 Disconnect Command Parameters Command Parameter Description callbackurl Optional The callback URL is opened by Mobile Connect after the disconnect command has been processed See Disconnect Command on page 20 for full details of the callback URL syntax and options Callback URL Note While invoking Mobile Connect using a URL a third party application can include a callback URL that is called by Mobile Connect once it completes the requested action The callback URL value may also contain special tokens that will be evaluated and dynamically replaced by Mobile Connect to provide additional status and connection information back to the app that is opened by the callback URL Tokens are evaluated in place in the same order in which the tokens were specified To ensure that it functions properly the base callback URL format should be RFC 1808 compliant and should be able to be launched independently of Mobile Connect For example it should launch through a web page or iOS web clip URL lt scheme gt lt net loc gt lt path gt lt params gt lt query gt lt tragment gt The value of callbackurl must also be properly URL encoded to ensure that Mobile Connect can process the callback URL correctly Dynamic Tokens Supported by the Callback URL Dy
11. Secure Web HTTPS Select browser app on launch Using Mobile Connect 23 Mobile Connect supports the following types of bookmarks and associated apps Desktop Bookmarks Portal name Terminal Services RDP ActiveX Terminal Services RDP Java Internal type RDP5ActiveX RDPSJava RDP bookmark types attempt to launch with the associated RDP application as configured in the Settings tab Android Version Wyse PocketCloud Pro 1 4 217 2X Client RDP Remote Desktop 11 0 1899 Remote RDP Lite 4 2 8 Remote RDP 4 2 8 Remote RDP Enterprise 4 2 8 Microsoft Remote Desktop 8 0 5 Additional details such as screen resolution should be provided to the client However support for passing such parameters will vary based on the application For example e Wyse PocketCloud Pro does not support the connect to console option Portal name Virtual Network Computing VNC Internal type VNC VNC bookmark types attempt to launch with the associated VNC application as configured in the Settings tab Android Version Wyse PocketCloud Pro 1 4 217 android vnc viewer 0 5 0 Additional details such as screen resolution should be provided to the client However support for passing such parameters varies based on the application Portal name Citrix Portal Citrix Internal type Citrix Citrix_https Citrix bookmark types will attempt to launch with the associated Citrix application Android Version Citrix Receiver 3 4 13 Ad
12. SonicWALL Mobile Connect Mobile Connect for Android 3 0 User Guide SONICWALL gt Notes Cautions and Warnings NOTE A NOTE indicates important information that helps you make better use of your system CAUTION A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed A WARNING A WARNING indicates a potential for property damage personal injury or death 2014 SonicWALL LLC Trademarks SonicWALL Aventail SonicWALL Mobile Connect and all other SonicWALL product and service names and slogans are trademarks of SonicWALL LLC a wholly owned subsidiary of Dell 2014 4 P N 232 002407 00 Rev A Table of Contents How Mobile Connect Works 2 ees 5 Pre QUISIMOS E A A OS 5 Android Product SUDOR 6 Dell SonicWALL Appliance Supports 000 0 a ee eee eee eed eed eee 6 Whats New im TRIS Release lt 0 ccs tahoe eee ae o oases habe bel 6 Required Network Information 0000 eee eee ee ees 7 Installing Mobile Connector is A AA 8 Using Mobile Connect ura ds ads a AAA a Ad 8 Creating a ONS CUI a ii ds A dl id a 9 Connecting to the Mobile Connect Server 00 00 eee es 12 Configuring Mobile Connect SettingS 0c cee eee eee 16 URL Control Syntax and Parameters s icos d ide wie eee a a 18 Callback URL towne abs o os des E Sereleste ee ee cds 21 BOOKINANKS crasa mia trde belt nc O eer eos Sl a Aw te ace Ae na ee 23 lara adri dodo di
13. To reset the client certificate selection edit the connection and set the Client Certificate field back to Choose during login Ed O Edit Connection Username Password Domain Choose during login Client Certificate John Doe Client Cert qwer t y u a sd fgh j 4 gt zx cvbnrnam cn y Next Note If no client certificates are installed an Android No certificates found dialog appears with an option to install a PKCS 12 file located in external storage Configure Client Certificates 33 Monitoring Mobile Connect The Monitor tab displays additional details about the connection statistics on traffic transmitted DNS information and routes that have been installed 8 E O CONNECTION INFO Status Connected 21 09 Server access example com Client IP 10 128 1 130 Protocol TLSv1 2 Cipher AES256 GCM SHA384 STATISTICS Sent 7 67 KB 105 packets Received 13 46 KB 99 packets Data Compression 6 85 Throuahnut N hvtes Ser The About tab of SonicWALL Mobile Connect displays the version number and legal text E SonicWALL Mobile Connect Secure Remote Access Client Version 3 0 4 Copyright 2014 SonicWALL LLC All rights reserved SONICWALL the SONICWALL Logo and SONICWALL MOBILE CONNECT are trademarks or registered trademarks of SonicWALL LLC a wholly owned subsidiary of Dell THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED
14. VPN connection password Optional The password used in the VPN connection realm Optional The realm used in the VPN connection profile Applies to EX series connections only domain Optional The domain used in the VPN connection profile Applies to SRA and UTM connections only sessionid Optional The session ID or Team ID used for authentication connect Optional If presented and the value is non null the connection will be ini tiated if the profile was successfully added callbackurl Optional The callback URL is be opened by Mobile Connect after the connect command has been processed See Connect Command on page 19 for full details of the callback URL syntax and options Disconnect Command 20 The disconnect command is used to disconnect an active connection In addition a callback URL can be provided that Mobile Connect will open after the connection is disconnected which makes it possible to return to the calling app If there is no active VPN connection the command is ignored Syntax mobi leconnect disconnect mobi leconnect disconnect 7 callbacktirl lt callbackurl gt SonicWALL Mobile Connect for Android User Guide Following are examples of the disconnect command mobileconnect disconnect mobileconnect disconnect sonicwallmobileconnect disconnect mobileconnect disconnect callbackurl customapps3A 52F32Fhosts3Fstatus33D 3245TATUSS245S 261login group33D 24LOGIN GROUP S26error codes3D 24E
15. ct app for Android devices provides secure mobile access to sensitive network resources Mobile Connect establishes a Secure Socket Layer Virtual Private Network SSL VPN connection to private networks that are protected by Dell SonicWALL security appliances All traffic to and from the private network is securely transmitted over the SSL VPN tunnel To get started with SonicWALL Mobile Connect 1 Install SonicWALL Mobile Connect from the Google Play Store or the Amazon Appstore 2 Enter connection information server name username password etc 3 Initiate a connection to the network 4 Mobile Connect establishes a SSL VPN tunnel to the Dell SonicWALL security appliance 5 You can now access resources on the private network All traffic to and from the private network is securely transmitted over the SSL VPN tunnel Prerequisites The following sections describe prerequisites for SonicWALL Mobile Connect e Android Product Support on page 6 e Dell SonicWALL Appliance Support on page 6 e Required Network Information on page 7 How Mobile Connect Works 5 Android Product Support SonicWALL Mobile Connect requires the Android 4 0 or newer platform and a cellular or Wi Fi connection SonicWALL Mobile Connect has been verified to run on the following Android devices running the official Android 4 0 platform e Dell Venue 7 and 8 e ASUS Nexus 7 e Samsung Nexus 10 e ASUS FonePad e Samsung Galaxy S2 e LG Nexus 4 e Samsung
16. ctada 25 Configure Client Certificates iia a ici lay a e 30 Configuring a Connection to Dell SonicWALL E Class SRA Appliances 30 Configuring a Connection to Dell SonicWALL SMB SRA Appliances oo ooooooo 32 MONOD MODIS CONNEC 2 2 2 240 ame ae daa 34 Mobile Connect VIC OC Uv sa oa eta aca Wik lc cd dd ee arde 36 Troubleshooting Mobile Connect 0 002 ee ee 37 Table of Contents 3 4 SonicWALL Mobile Connect for Android User Guide Using Mobile Connect for Android SonicWALL Mobile Connect for Android is an app that enables Android devices to establish secure mobile connections to private networks protected by Dell SonicWALL security appliances How Mobile Connect Works Modern business practices increasingly require that users be able to access any network resource files internal websites etc anytime anywhere At the same time ensuring the security of these resources is a constant struggle While most users are aware that they must take care to protect computers from network security risks this security awareness does not always extend to mobile devices And yet mobile devices are increasingly subject to security attacks Furthermore mobile devices often use insecure untrusted public Wi Fi hotspots to connect to the Internet It is therefore a challenge to provide secure mobile access while still guarding against the inherent security risks of using mobile devices The SonicWALL Mobile Conne
17. ditional details such as screen resolution should be provided to the client However support for passing such parameters will very based on the application 24 SonicWALL Mobile Connect for Android User Guide Files Web Bookmarks Portal name Web HTTP Secure Web HTTPS External Web Site Internal type HTTP HTTPS URL URL_https These bookmarks will launch in an associated web browser and the provided Name or IP Address HostID will be passed as the parameter to display in the browser Android Version Any Browser Yes Google Chrome 33 0 1750 170 Portal name Mobile Connect Internal type MC Mobile Connect bookmark type will rely fully on the OS to determine and launch the proper application The bookmark is expected to be properly configured for launch The Mobile Connect app will attempt to launch it as is for example telnet server Terminal Bookmarks Portal name Telnet Secure Shell Version 1 SSHv1 Secure Shell Version 2 SSHv2 Internal type Telnet SSH SSHv1 Android Version ConnectBot 1 7 1 ConnectBot notes Proper formatting is required for ConnectBot SSH server bookmark field requires username server Note Some supported third party apps may not yet be available in the Amazon Appstore Mobile Connect 3 0 introduces secure mobile access to files through new File bookmarks File bookmarks are displayed after the VPN is connected in the table of bookmarks Tapping a File bookmark allow
18. ectionName server ServerAddress amp Parameter1 Value amp Parameter2 Value Disconnect mobileconnect disconnect Additional information about URL Control is provided in URL Control Syntax and Parameters on page 18 16 SonicWALL Mobile Connect for Android User Guide Note Files are supported on SRA appliances only when running 7 5 or higher and not Bookmarks Displays centrally configured shortcuts called bookmarks to VPN resources like web pages Remote Desktop servers and terminal servers These bookmarks which are displayed on the main Connection tab when the VPN is connected provide one touch access to frequently used applications If using a SRA appliance pulling down the Connection screen and releasing it refreshes the bookmarks Mobile Connect supports Remote Desktop options like screen size and enable disable audio as long as both the server bookmark and third party application support the option Note Bookmarks are supported on SRA appliances only when running 7 0 or higher and not supported on UTM appliances running SonicOS Additional information about bookmarks is provided in Bookmarks Files gt Delete Cached Files Deletes all cached files that have been downloaded and stored on the device Note that cached files are stored encrypted on the device for added security supported on appliances running SonicOS Additional information about Files is provided in Files Logs gt Debug Loggi
19. ed to select a client certificate from the Android device client certificate store Compression Traffic over the VPN tunnel is compressed using the LZ4 algorithm when connected to a server that supports compression and has it enabled for the tunnel A Compression row displaying the overall compression ratio is shown on the Monitor tab if compression is enabled This feature requires 7 5 SRA firmware End Point Control End Point Control policy checking is performed before establishing the VPN connection established Mobile Connect supports the following attributes Application Directory name File name Equipment ID Android version This feature requires 7 5 SRA firmware Required Network Information In order to use SonicWALL Mobile Connect you will need the following information from your network administrator or IT support server name or address This is either the IP address or URL of the SSL VPN server that you will connect to Username and password Typically you will be required to enter your username and password although some connections may not require this Domain name The domain name of the SSL VPN server Mobile Connect may be able to automatically determine this when it first contacts the server or there may be multiple domains that can be selected Prerequisites 7 Installing Mobile Connect SonicWALL Mobile Connect is installed through the Google Play Store or the Amazon Ap
20. er configured file policy for that file bookmark If the file is not already cached on the device it securely downloads the file from the SRA appliance Once the file is downloaded it is opened in the Android default file viewer app for that file type 3 58 o 5H 3 58 o mw 3 59 S rou O Mobile Connect for OS Data Sheet p Mobile Connect for iOS Data SONICWALL Connection SRA 4600 VPN ON Status Connected Casa Downloading Showing Files 1022 35 KB 2 27 MB mA 3 0 Release Notes Mobile Connect 3 0 Release Notes Marketing Files server share Cancel 26 SonicWALL Mobile Connect for Android User Guide Tapping a File bookmark to a folder or directory allows for directory browsing and file download and viewing of any file in the folder All attempts to browse a file folder or view a file query the server to enforce access policies On Android the default file viewer app is automatically launched after a file is downloaded o amp o e a d S GE A Pictures SONICWALL gt Gee Audio Bay Mobile Connect png 03 3 14 9 34 AM 01 24 14 12 24 PM 44 71 KB Connection SRA 4600 _ Blog Posts Nay SRA E Series Appliances jpg 01 24 14 12 12 PM 10 12 11 6 11 PM 384 42 KB VPN oN alll Documents Y SRA SMB Series Appliances jpg Status Connected 02 12 14 11 33 PM 07 20 12 5 20 PM 507 27 KB Pictures m RUTNESICN e ORGE UES _ 01 24 14 12 29 PM 01 10 11 12 24 PM 1 04 M
21. lecting a Files bookmark checks and enforces the server policy securely downloads the file and displays it within the appropriate app Bookmarks to folders or file share root directories can also be created to allow for directory navigation At this time File bookmarks are supported only in SMB SRA appliances running SRA 7 5 firmware File bookmark support in the E Class SRA and Next Generation Firewalls is expected in a future release E Class SRA Features e Credential Caching Users may now cache their username and password credentials to reduce the burden of managing their credential identities to gain access This feature requires 10 7 x E Class SRA firmware 6 SonicWALL Mobile Connect for Android User Guide Network Awareness VPN connections can be configured to detect whether the user is remote or on premise and control the VPN connection accordingly This feature requires 10 7 x E Class SRA firmware IPv6 Phase I Support VPN connections can connect to SRA EX appliances via IPv6 and access IPv6 resources over the VPN This feature requires 10 7 x E Class SRA firmware TLSv1 1 1 2 Support This feature requires 10 6 4 or 10 7 x E Class SRA firmware SMB SRA amp Next Generation Firewall Features Client Certificate Authentication Support Client certificate authentication is now available for SRA appliance connections If a client certificate is required during authentication the user will be automatically prompt
22. n be embedded in the URLs and they can be provided to users for easy setup and configuration In addition a callback URL can be provided that Mobile Connect will open after the connection attempt is completed making it possible for other applications to initiate VPN connections in a seamless manner Using Mobile Connect 19 Syntax mobileconnect connect name ConnectionName server ServerAddress amp Parameterl Value amp Parameterz Value Following are examples of the mobileconnect command mobileconnect connect name Example sonicwallmobileconnect connect name Example mobileconnect connect name Example mobileconnect connect server vpn example com mobileconnect connect name ExampleS202 amp server vpn example com mobileconnect connect name SRA S20Connection amp server sslvpn example com amp username test password password domain LocalDomain mobileconnect connect name EX 20Connection amp server workplace example com amp username test amp password password realm Corp Connect Command Parameters Command Parameter Description name The unique name of the VPN connection entry that will be created and appear in the Mobile Connect Connections list Mobile Connect accepts the name only if it is unique Letters are case sensitive server The domain name or IP address of the Dell SonicWall appliance in which you wish to connect For example von example com username Optional The username used in the
23. namic Token Description SERROR MESSAGES The string value of the error message from the failed connec tion attempt SLOGIN GROUPS The string value of the authentication login group or realm Applies to EX series connections only SCOMMUNITYS The string value of authentication community Applies to EX series connections only SZONES The string value of EPC zone Applies to EX series connec tions only STUNNEL IPS The string value of the Mobile Connect IPv4 client address Using Mobile Connect 21 22 Note Any number of tokens from the table above can be specified Dynamic Token Description STUNNEL MODES One of split split nonlocal redirectall or redirectall nonlocal depending on the tunnel mode Applies to SRA and UTM con nections only SESP ENABLED Yes or no depending on if ESP is enabled Applies to SRA and UTM connections only Following are examples using the callback URL Callback URL customapp host status SSTATUSS amp login group SLOGIN GROUPS amp error codes ERROR CODES Full URL with URL Encoded Callback URL Value mobileconnect connect sessionid lt teamid gt amp callbackurl customapp 3A 2F 2Fhost 3Fstatuss3De24STATUSs24s26login groups3D e24LOGIN GROUPS Z berror_codes3D 24ERROR_CODES24 Callback URL myapp callback status STATUSSS login group LOGIN GROUP amp error code SERROR_ CODES Full URL with URL Encoded Callback URL Value mobileconnect connect sessionid lt teamid gt amp callback
24. ng Enables full debug log messages of Mobile Connect activity Leave this setting disabled unless instructed to enable it by Dell SonicWALL Support staff Logs gt Clear Logs Deletes all log files saved on the device The Support section of the Settings tab provides the following support information User Guide Displays the SonicWALL Mobile Connect User Guide Device Information Displays information about the device Wi Fi connection Cellular connection and DNS servers Email Logs Creates an email to send the Mobile Connect log to Dell SonicWALL Support staff Tap Send to send the email Using Mobile Connect 17 E Class SRA Settings Connections to Dell SonicWALL E Class SRA appliances have two additional options that are available on the Edit Connection window To view this option go to the Connection tab and tap and hold on the Connection line to bring up the Edit Connection window a 8 Edit Connection Server access example com LOGIN GROUP Corp The following options can be configured Remember Credentials Enables saving of user authentication credentials for the VPN connection This is enabled by default and can be controlled by the E Series SRA server setting e Forget Selections Mobile Connect remembers the Login Group that you specified when configuring the connections To change to a different Login Group tap Forget Selections The next time you connect to the server you will be promp
25. pstore 1 On your Android device tap the Google Play icon Play Store Or type the following in the browser Google Play Store https play google com store apps details id com sonicwall mobileconnect Amazon Appstore https www amazon com gp mas dl android p com sonicwall mobileconnect 2 Go to the Search tab type SonicWALL Mobile Connect and tap Search 3 In the search results select SonicWALL Mobile Connect 4 Click the Install button under SonicWALL Mobile Connect The app will install on your device When installation is complete the SonicWALL Mobile Connect icon will appear on your device LS Mobile Connect SonicWALL If you encounter an error when attempting to download SonicWALL Mobile Connect please go to the appropriate site for help Google Play Store Help Follow troubleshooting procedures and instructions on how to report the issue using your Google account http support google com googleplay hl en Amazon Appstore Help Follow troubleshooting procedures and instructions on how to report the issue using your Google account http www amazon com gp help customer display htmi nodeid 201111910 Using Mobile Connect The following sections describe how to use Mobile Connect e Creating a Connection on page 9 e Connecting to the Mobile Connect Server on page 12 e Configuring Mobile Connect Settings on page 16 8 SonicWALL Mobile Connect for Android User Guide Creating a Connection
26. rust the app John Doe Client Cert E johndoe example com CN John Doe OU Engineering O Dell SonicWALL L Los Angeles ST CA C US You can install certificates from a PKCS 12 file with a pfx or a p12 extension located in external storage WAEN Allow 2 E Select the client certificate from the list of certificates and tap Allow By default a VPN configuration prompts you to select the client certificate during authentication If you successfully authenticate with a client certificate the VPN configuration profile is automatically updated to use the client certificate for each subsequent connection attempt To reset the client certificate selection edit the connection and tap the Forget Selections button 30 SonicWALL Mobile Connect for Android User Guide Note If no client certificates are installed an Android No certificates found dialog appears with an option to install a PKCS 12 file located in external storage The app SonicWALL has requested a certificate Choosing a certificate will let the app use this identity with servers now and in the future The app has identified the requesting server as sra1200 eng sonicwall com but you should only give the app access to the certificate if you trust the app You can install certificates from a PKCS 12 file with a pfx or a p12 extension located in external storage Install Configure Client Certificates 31 Configuring a Connection to Dell SonicWALL S
27. rwise you run the risk of having your data compromised by a malicious software I trust this application Cancel 3 For E Class SRA connections only If Mobile Connect successfully contacts the server you will be prompted to select which Login Group on the appliance you want to connect to If you do not know which Login Group to connect to contact your network administrator Split Tunnel Redirect All Web PKI Tunnel Other Note If the screenshots above do not match what is displayed on your device you are connecting to a Dell SonicWALL firewall or SRA appliance Proceed to Creating a Connection to Dell SonicWALL Firewall and SRA Appliances on page 9 step 4 Using Mobile Connect 13 4 For E Class SRA connections only If the Login Group you connect to is not listed select Other to manually type in the group name example For E Class SRA connections only Enter your username and password if prompted depending on whether the Dell SonicWALL appliance you are connecting to allows for saving usernames and passwords amp SONICWALL gt Please log in Log in here to establish a secure connection to your network resources Username Password Cancel ToT gt t dg td tod as fsa EOS ee FOR bien SS EKS Pi 4 gt zx cvbonm a 14 SonicWALL Mobile Connect for Android User Guide When the connection is successfully established the Status changes to Connected and the VPN switch
28. s file You can try downloading the file anyway but it may not be viewable on your device Cancel Try anyway File Policies On Android server configured policies control whether a file can be opened in a third party app or securely cached on the device For example if a file has the Allow Open In policy disabled the file cannot be viewed on an Android device Mobile Connect launches third party apps to view all file types so the Allow Open in policy must be enabled to view a file S fox SONICWALL gt Connection SRA 4600 VPN ON Status Connected Showing Files Mobile Connect 3 0 Release Notes ES 3 0 Release Notes Marketing Files server share os The file is not allowed to be opened in external apps Using Mobile Connect 29 Configure Client Certificates Note Client certificate support is only available for connections to Dell SonicWALL E Class SRA and SMB SRA appliances Configuring a Connection to Dell SonicWALL E Class SRA Appliances If a client certificate is required during authentication you are automatically prompted to select a Client certificate from the Android device client certificate store The app SonicWALL has requested a certificate Choosing a certificate will let the app use this identity with servers now and in the future The app has identified the requesting server as sra1200 eng sonicwall com but you should only give the app access to the certificate if you t
29. s secure access to files by first checking and enforcing the server configured file policy and then securely downloading and displaying the file within the Mobile Connect app On Android policies include control over whether a file may be opened in a third party app or securely cached on the device File bookmarks can also be created to folders or file share root directories to allow directory navigation Note Note In Mobile Connect for Android 3 0 Files bookmarks are supported on the Dell SonicWALL SRA appliances starting with SRA 7 5 firmware Support for Files in E Series SRA and NGFW is expected in a future release Using Mobile Connect 25 When Files bookmarks are configured for the user on the server appliance they appear in the list of bookmarks after the VPN is established and can be filtered by selecting the Showing Files row that is displayed when there are more than five bookmarks X Sirf x gt e 8 SONICWALL gt SONICWALL gt Connection SRA 4600 Connection SRA 4600 VPN ON Show Bookmarks A ON Status Connected All Status Connected Showing All Showing Files DESK POF 3 0 Release Notes Por 3 0 Release Notes Mobile Connect 3 0 Release Notes Files Mobile Connect 3 0 Release Notes Intranet Web Marketing Files Sharepoint 2013 server share VERGIES ES New Mobile Connect Data Sheet server share 3 0 Data Sheet MyPC i Windows 8 1 Tapping a File bookmark queries and enforces the serv
30. ted to select a new Login Group Note If this option is not displayed you are connecting to either a Dell SonicWALL firewall or SRA appliance URL Control Syntax and Parameters This section provides the full set of URL parameters for the URL Control feature URL Control currently supports the addprofile connect and disconnect commands Callback URLs are also supported Add Profile Command The addprofile command requires either the name or server parameter and accommodates both All other parameters are optional When the URL is opened in Mobile Connect all of the parameters included in the URL are saved in the connection entry associated with that name and server 18 SonicWALL Mobile Connect for Android User Guide Syntax mobileconnect addprofile name ConnectionName amp server ServerAddress amp Parameterl Value amp Parameterz Value Following are examples of the addprofile command mobileconnect addprofile name Example amp server vpn example com sonicwallmobileconnect addprofile name Example amp server vpn example com mobileconnect addprofile name Example S202 amp server vpn example com mobileconnect addprofile name vpn example com mobileconnect addprofile server vpn2 example com mobileconnect addprofile name SRA 20Connection server sslvpn example com username test password password domain LocalDomain connect 1 mobileconnect addprofile name EX 20Connection amp server workplace e
31. tempt a connection to the server again to ensure that full debugging messages are logged for the attempt c Then return to the Settings tab and tap the Email Logs button An email will launch in your mail client with the Mobile Connect log attached Address the email to Support sonicwall com Add any additional comments to the email and tap Send Dell SonicWALL Support staff will contact you after reviewing your case Troubleshooting Mobile Connect 37
32. ttempt fails a warning message will display asking if you want to save the connection A sslvpn example com is either currently unreachable or is not a valid SonicWALL appliance Would you like to save this connection anyway Cancel 3 Before tapping Save verify that the server address or URL is spelled correctly lf Mobile Connect successfully contacts the server the connection will be automatically saved Using Mobile Connect 11 Connecting to the Mobile Connect Server After you save a new connection the list of all configured connections displays 8 Connections Next Gen Firewall ngfw example com SRA 4600 sra4600 example com SRA EX Virtual Appliance sraexvm example com SRA EX9000 workplace example com SRA Virtual Appliance sravm example com To establish a Mobile Connect session perform the following tasks 1 Tap the connection in the list that you want to initiate The Connection Status page displays Tap VPN ON OFF switch 8 E O SONICWALL gt Connection SRA 4600 VPN OFF 12 SonicWALL Mobile Connect for Android User Guide 2 The first time you initiate a connection a warning message displays Tap the I trust this application checkbox and then tap OK A SonicWALL attempts to denne Create a VPN connection By proceeding you are giving the application permission to intercept all network traffic Do NOT accept unless you trust the application Othe
33. url myapp S3A 2F 2Fcallbacks3Fstatus 3Ds24STATUSs24 26login group 3D 24LOGIN GROUPS 2oerror codes3D 24ERROR CODE 24 Callback URL http server examples20file html Full URL with URL Encoded Callback URL Value mobileconnect connect callbackurl http 3A 2F 2Fserver S2Fexample 2520file html SonicWALL Mobile Connect for Android User Guide Bookmarks When there are more than five bookmarks the bookmarks are replaced by a Filter screen that groups bookmarks by type Select the type of bookmarks to display or select All Bookmarks to display all bookmarks Note that for the SRA appliances the server must be running version 7 0 or higher All Desktop Files Terminal Web o b xP SONICWALL Connection SRA 4600 VPN ON Status Connected Es 3 0 Release Notes Mobile Connect 3 0 Release Notes E Intranet 2 Sharepoint 2013 _ Marketing Files server share My PC y Windows 8 1 Selecting a bookmark for an app that is not installed will prompt you to install the app Apps referenced by bookmarks also can be installed at any time using the Settings gt Bookmarks tab In addition to installing apps for bookmarks the Settings gt Bookmarks tabs is also used to select and install apps for bookmarks that support multiple third party apps For example you might select Chrome or Firefox for a Web bookmark o amp xP Bookmarks BOOKMARK APPS p Web HTTP Select browser app on launch O
34. xample com username test password password realm Corp connect 1 Note All appropriate characters in values of parameters used in URLs are required to be URL encoded For instance to match a space enter 20 Add Profile Command Parameters Command Parameter Description name The unique name of the VPN connection entry that will be created and appear in the Mobile Connect Connections list Mobile Connect accepts the name only if it is unique Letters are case sensitive server The domain name or IP address of the Dell SonicWall appliance in which you wish to connect For example vpn example com username Optional The username used in the VPN connection password Optional The password used in the VPN connection realm Optional The realm used in the VPN connection profile Applies to EX series connections only domain Optional The domain used in the VPN connection profile Applies to SRA and UTM connections only sessionid Optional The session ID or Team ID used for authentication connect Optional If presented and the value is non null the connection will be initiated if the profile was successfully added calibaeckuel Optional The callback URL is be opened by Mobile Connect after the add profile command has been processed See Add Profile Command on page 18 for full details of the callback URL syntax and options Connect Command The connect command is used to easily establish VPN connections Connection information ca
Download Pdf Manuals
Related Search