User Guide - SonicWALL
Contents
1. Cancel Edit Connection Save ES Connect On Demand Name SRA 4600 Connect On Demand Server access example com Note In iOS 7 Always Connect domains example com are no longer supported and behave the Domain LocalDomain same as Connect If Needed Note In iOS 7 Always Connect domains are no longer supported and behave the same as Connect If Needed Certificate John Doe Connect On Demand OFF Delete Connection 32 SonicWALL Mobile Connect for iOS User Guide 3 Setthe Domain List option to Connect If Needed to have Mobile Connect establish a VPN connection when accessing a resource with any of the domain suffixes listed Setting the Domain List option to Never Connect disables Connect on Demand for the domain suffixes listed 4 If more than one domain is listed tap a domain name to enable Connect on Demand for an individual domain Note In iOS 7 Always Connect domains are no longer supported and behave the same as Connect if Needed NS gt Cancel Edit Connection Name SRA 4600 Server access example com Username johndoe Password e e0090909090 Domain LocalDomain Certificate John Doe Connect On Demand ON Delete Connection Configure Trusted Network Detection The Apple Trusted Network Detection TND enhancement to the OS Connect On Demand feature is available in OS 6 TND results in the following e Can be used only with Connect on Demand e Extends the Connect on Deman2. 01 PM Passcode Not Configured E Restrictions Not Configured Use this section to configure how the device connects to wireless networks via VPN including the necessary Not Configured a 3 A 3 Not Configured E Exchange ActiveSync CA Not Configured VPN LDAP Not Configured CalDAV Not Configured Using Mobile Connect 35 36 4 Inthe Connection Name field enter Connection Name a General A Jd Mandatory Y Passcode Not Confiqured y E Restrictions in Not Configured VPN y Connection Name Display name of the connection displayed on the device Connection Name Connection Type The type of connection enabled by this policy SonicWALL Mobile Connect 2 Wi Fi Not Configured Server Hostname or IP address for server SSiVPTLEXSMpie com Account User account for authenticating the connection A Mail Not Configured CA Exchange ActiveSync CA Not Configured Login Group or Domain al LDAP Login group or domain for the connection Not Configured Calendar Sa gt AR User Authentication Not Configured St Bee EU Authentication type for the connection Subscribed Calendars Password gt Not Configured Password Contacts Password used to authenticate the connection a Not Configured Web Clips Proxy Not Configured Configure the proxy to be used with this VPN connection A 7 None a Credentials Not Configured In the
3. AM Message Mail O i iia feos mae Guemes CERES Cancel Cancel Tapping Share button Tapping Open In button 10 13 AM UO Message Mail a 5 O Save Image Copy Print Open in Cancel Tapping Share button when all Files policies are enabled 28 SonicWALL Mobile Connect for OS User Guide Configure Connect on Demand Note Connect on Demand is only available for connections to Dell SonicWALL E Class SRA and SMB SRA appliances The Connect on Demand feature provides the ability for Mobile Connect to automatically establish a VPN connection when you attempt to access a domain on the private network This provides a seamless VPN connectivity experience without the need to manually launch Mobile Connect Configuring a Connection to Dell SonicWALL E Class SRA Appliances The easiest way to determine if Connect on Demand is available for your E Class SRA connection is to look at the Connection tab when a VPN is connected If the Gi gt info indicator appears to the right of the Status row Connect on Demand may be configured while connected esco 4 23 PM Connection SONICWALL gt Connection E Series SRA rN Status Connected i O IMT Connection A VPN configuration on the Dell SonicWALL E Class SRA appliance must meet the following requirements to support Connect on Demand e The VPN tunnel must not be configured for Redirect All mode e The realm must be configured to use client certi
4. Connection Type drop down menu select SonicWALL Mobile Connect In the Server field enter the hostname or IP address for the Dell SonicWALL appliance Optional In the Account field enter the username for the account oN Oo The Login Group or Domain value depends on the type of appliance used for the connection For profiles connecting to Dell SonicWALL UTM or SRA appliances enter the value in the Domain field shown in the Edit Connection window of the Mobile Connect app For profiles connecting to Dell SonicWALL E Class SRA appliances enter the value selected in the Log in to window when initiating a connection in Mobile Connect 9 Inthe User Authentication drop down menu select Password 10 Optional for connections to UTM or SRA appliances In the Password field enter the password for the user account if the Dell SonicWALL appliance you are connecting to is configured to allow for saving passwords Note that only Dell SonicWALL UTM or SRA appliances can store passwords Dell SonicWALL E Class SRA appliances cannot allow for stored passwords 11 Optional for connections to E Class SRA appliances If a proxy server is used for the connect in the Proxy drop down menu select either Manual or Automatic If a proxy server is not used leave this set to None Note that only Dell SonicWALL E Class SRA appliances support Mobile Connect over proxy Currently Dell SonicWALL UTM and SRA appliances do not support Mobile Conn
5. Note The addprofile command requires either the name or server parameter and accommodates both All other parameters are optional When the URL is opened in Mobile Connect all of the parameters included in the URL are saved in the connection entry associated with that name and server Syntax mobileconnect addprofile name ConnectionName amp server ServerAddress amp Parameterl Value amp Parameterz Value Following are examples of the addprofile command mobileconnect addprofile name Example amp server vpn example com sonicwallmobileconnect addprofile name Example amp server vpn example com mobileconnect addprofile name Example S202 amp server vpn example com mobileconnect addprofile name vpn example com mobileconnect addprofile server vpn2 example com mobileconnect addprofile name SRA 20Connection amp server ssilvpn example com amp username test amp password password domain LocalDomain amp connect 1 mobileconnect addprofile name EXS20Connectiong server workplace example com username test password password realm Corp connect 1 All appropriate characters in values of parameters used in URLs are required to be URL encoded For instance to match a space enter 20 Using Mobile Connect 17 Add Profile Command Parameters Command Parameter Description name The unique name of the VPN connection entry that will be created and appear in the Mobile Connect Connections list Mobile Connect a
6. is still connected 12 42 PM Sjela Calendar Photos Camera E Weather Contacts If the VPN connection is interrupted the VPN icon will disappear and you will no longer be able to access the Intranet network This can happen if your device s connection transitions from Wi Fi to cellular or to another network type Return to Mobile Connect to reestablish the connection Optionally you can configure the Automatic Reconnect option on the Settings tab to have Mobile Connect automatically attempt to reestablish interrupted connections 14 SonicWALL Mobile Connect for OS User Guide Configure Mobile Connect Settings SonicWALL Mobile Connect provides several settings for connection and logging options The Settings tab also provides Support information which includes a User Guide and device connection and server information eeeoo F 12 47 PM Settings SETTINGS Connect On Launch Automatic Reconnect C URL Control q Bookmarks Files Logs SUPPORT O TM roa O Settings The following options are controlled from the Settings tab Connect on Launch Sets Mobile Connect to automatically initiate a connection to the last used profile when the app is launched Automatic Reconnect Sets Mobile Connect to automatically attempt to reconnect if the connection is lost The SSL VPN connection can be disrupted when your device s connection transitions to a different network type for example from Wi Fi t
7. non null the connection will be ini tiated if the profile was successfully added callbackurl Optional The callback URL is opened by Mobile Connect after the connect command has been processed See Callback URL on page 20 for full details of the callback URL syntax and options Disconnect Command The disconnect command is used to disconnect an active connection In addition a callback URL can be provided that Mobile Connect will open after the connection is disconnected which makes it possible to return to the calling app If there is no active VPN connection the command is ignored Syntax mobi Leconnectt7 disconnect mobi econnect 7 drsconnect 2 cal lbackir l lt cal Thackurl gt Following are examples of the disconnect command mobileconnect disconnect mobidleconn ect disconnecv sonicwallmobileconnect disconnect mobileconnect disconnect callbackurl customapps3A 2F 2FhostS3Fstatus s3D 24STATUSS24 261login group 3Ds24LOGIN GROUPS 26error_codes3D 24ERROR_CODES24 sonicwallmobileconnect disconnect callbackurl customapps3AS2F 2FhostS3Fstatus 3D 24STATUSS24 2ologin group33D 24LOGIN GROUP s26error codes3De24ERROR CODES24 Using Mobile Connect 19 Disconnect Command Parameters Command Parameter Description callbackurl Optional The callback URL is opened by Mobile Connect after the disconnect command has been processed See Callback URL on page 20 for full details of the callb
8. 00 Y sra4600 example com SRA EX Virtual Appliance sraexvm example com SRA EX9000 workplace example com SRA Virtual Appliance O sravm example com To establish a Mobile Connect session perform the following tasks 1 Tap the connection in the list that you want to initiate The Connection page displays Enable the VPN by tapping the switch 12 37 PM Connection SONICWALL gt Connection SRA 4600 VPN O Fr 0 Connection Monitor Settings About 2 Enter your username and password if prompted depending on whether the appliance you are connecting to allows for saving usernames and passwords and tap Login Using Mobile Connect 13 3 When the connection is successfully established the Status row changes to Connected and the VPN switch will be on eeooo gt 10 21 AM Connection SONICWALL gt Connection SRA 4600 VPN Status Connected Showing All ya 3 0 Release Notes 7 Mobile Connect 3 0 Release Notes A Intranet Sharepoint 2013 i Vionitor Settings About Connection Any bookmarks defined for the portal are displayed below the Status row Launch a bookmark by tapping on it 4 Press the Home button on your iPhone iPod touch or iPad to display its home screen You can now navigate to other apps to access your Intranet network The status bar at the top of the iPhone iPod touch or iPad displays a VPN icon to indicate that the Mobile Connect session
9. 12 11 6 12 PM 384 42 KB Documents SRA SMB Series Appliance EE 2 12 14 11 32 PM gt H2012 0 2 PM 507 27 KB gt Pictures SuperMassive jpg 1 24 14 12 30 PM gt 1 10 11 12 24 PM 1 04 MB Presentations Times Square jpg 2 21 14 10 40 AM gt 12 8 11 3 57 PM 220 66 KB Product Specs 1 27 14 4 17 PM Videos 1 24 14 12 11 PM Supported File Types Mobile Connect supports the file types natively supported by Apple iOS including the following File Type File Extension Images Jpg jpeg tif tiff png Music mp3 m4a wav Movies mov mp4 Microsoft Word Documents doc docx Microsoft Excel Spreadsheets XIS XISX Microsoft PowerPoint Presentations ppt pptx Adobe PDF pdf Keynote Presentations key Pages Documents pages Numbers Spreadsheets numbers Web Pages htm html Text and Rich text Files txt rtf Using Mobile Connect 25 Unsupported File Types If a file type is not supported an Unsupported File message is displayed identifying that the file may not be viewable unless another app is installed that can view the file Tap Try Anyway to try opening the file with another app that may be registered to handle that file type 10 04 AM 10 03 AM Unsupported gt TarFile tar 10 29 12 10 02 PM 770 00 KB gt TarGzipFile tgz E EROS MG 9 45 11 5 27 PM 179 69 KB Mobile Connect does not support files with the extension zip gt WindowsExe ex
10. 7 BOOKMARKS id a RR A Resi ecw ads ae Gea eh eae ee ede 21 Fr Se gaspar ee aaa odas dd iy Teo 23 Configure Connection Demands cronica vee cere e eS Gee eee eee ieee beeen oe 29 Configure Trusted Network Detection A a ee Pe A ee ee 33 To Use the iPhone Configuration Utility with Mobile Connect 2 000 eee es 34 MONIKO MODISE CONNCCE ts sawn inne wie aw ate Ste a ae See aa 37 TFOUDIESHOOT MODIS CONNEC im Gund tra a Cake pene deed ae eh ee a Oem Othe aa 38 Table of Contents 3 4 SonicWALL Mobile Connect for OS User Guide Using Mobile Connect for OS SonicWALL Mobile Connect for OS is an app for Apple iPhone iPod touch and iPad that enables secure mobile connections to private networks protected by Dell SonicWALL security appliances How Mobile Connect Works Modern business practices increasingly require that users be able to access any network resource files internal websites etc anytime anywhere At the same time ensuring the security of these resources is a constant struggle While most users are aware that they must take care to protect computers from network security risks this security awareness does not always extend to mobile devices like the iPhone iPod touch and iPad And yet mobile devices are increasingly subject to security attacks Furthermore mobile devices often use insecure untrusted public Wi Fi hotspots to connect to the Internet It is therefore a challenge to provide secure mobile access
11. SonicWALL Mobile Connect Mobile Connect for iOS 3 0 User Guide SONICWALL gt Notes Cautions and Warnings NOTE A NOTE indicates important information that helps you make better use of your system CAUTION A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed A WARNING A WARNING indicates a potential for property damage personal injury or death O 2014 Dell Inc Trademarks SonicWALL Aventail SonicWALL Mobile Connect and all other SonicWALL product and service names and slogans are trademarks of SonicWALL LLC a wholly owned subsidiary of Dell 2014 3 P N 232 002406 00 Rev A Table of Contents HOW MODIIC COMMEGE VV OUKS i tinct detects we act rd oi Rda ed 5 PIClCQUISHCS sae che done eae ea EA tae AAA 5 Apple Product SUDDO oia rada A ee ira eet a ich E A lee ar a anh ees ete aso 6 Dell Some wALL Appliance SUD DONE viral ri ea kG eee ae week ee be ew ect eee wk ee ee ee dur 6 Whats Newih TRIS Release tac a bade Ge ee oe Ad a na 6 Required Network Informations inisin cal bel eek eee ee She a ad eae 7 InStalling Moble Connect aires a A reat Sale A a el 8 USING Mobile GOMMOC Ee cata A A a 9 Create a COMNMCCION aid ie ne dr E deck aie Wace AL a a rd ios 9 Connect tothe Mobile Connect Server a A AAA a iw eet dS 13 Contigure Mobile Connect Settings 45 204 trade O ee A eo a ee eee eee AA tas 15 URE Control syntax and Parameters 4 ccnonneids lidad ea 1
12. ack URL syntax and options Callback URL While invoking Mobile Connect using a URL a third party application can include a callback URL that is called by Mobile Connect once it completes the requested action The callback URL value may also contain special tokens that will be evaluated and dynamically replaced by Mobile Connect to provide additional status and connection information back to the app that is opened by the callback URL Tokens are evaluated in place in the same order in which the tokens were specified To ensure that it functions properly the base callback URL format should be RFC 1808 compliant and should be able to be launched independently of Mobile Connect For example it should launch through a web page or iOS web clip URL lt scheme gt lt net_ loc gt lt path gt lt params gt lt query gt lt fragment gt Note The value of callbackurl must also be properly URL encoded to ensure that Mobile Connect can process the callback URL correctly Dynamic Tokens Supported by the Callback URL Dynamic Token Description SERROR MESSAGESS The string value of the error message from the failed connec tion attempt SLOGIN GROUPS The string value of the authentication login group or realm Applies to EX series connections only SCOMMUNITYS The string value of authentication community Applies to EX series connections only SZONES The string value of EPC zone Applies to EX series connec tions only STUNNEL IPS The s
13. alid SonicWALL appliance Would you like to save this connection anyway Cancel 10 SonicWALL Mobile Connect for OS User Guide 5 If Mobile Connect successfully contacts the server you will be prompted to optionally enter your Username and Password unless the server does not require this information Enter your Username and Password and then scroll down to the Domain field e e eom gt 12 15 PM C Ii Cancel Add Connection Save Name Test Server access example com Username Optional Password Optional Domain LocalDomain AR U AR AR SAR U AR EE SA AY SY SA SY AR SR EEE A EA EA A A NS 123 Q space Next Note lf the screenshots above do not match what is displayed on your device you are connecting to a Dell SonicWALL E Class SRA appliance Proceed to Create a Connection to Dell SonicWALL E Class SRA Appliances on page 12 The Domain field is auto populated with the default domain from the server To select a different domain tap Domain to display a drop down menu of the available options select the correct domain Cancel Add Connection Username Optional Password Optional Domain LocalDomain LocalDomain 6 Tap Save which displays the Connections window where you select the server connection Using Mobile Connect 11 Create a Connection to Dell SonicWALL E Class SRA Appliances 1 The first time you launch Mobile Connect you will be prompted to enable VPN functionali
14. anaging their credential identities to gain access This feature requires 10 7 x E Class SRA firmware Network Awareness VPN connections can be configured to detect whether the user is remote or on premise and control the VPN connection accordingly This feature requires 10 7 x E Class SRA firmware IPv6 Phase Support VPN connections can connect to SRA EX appliances via IPv6 and access IPv6 resources over the VPN This feature requires 10 7 x E Class SRA firmware TLSv1 1 1 2 Support This feature requires 10 6 4 or 10 7 x E Class SRA firmware SMB SRA amp Next Generation Firewall Features Client Certificate Authentication and OS VPN On Demand Support iOS supports VPN On Demand for networks that use certificate based authentication VPN On Demand automatically establishes a secure VPN connection when needed Client certificate configuration is now available for SRA appliance connections If a client certificate is selected VPN On Demand settings may be configured as well Compression Traffic over the VPN tunnel is compressed using the LZ4 algorithm when connected to a server that supports compression and has it enabled for the tunnel A Compression row displaying the overall compression ratio is shown on the Monitor tab if compression is enabled This feature requires 7 5 SRA firmware End Point Control End Point Control policy checking is performed before establishing the VPN connection established Mobile Connect s
15. cation method in addition to standard user name and password authentication If a client certificate is required during authentication the user is automatically prompted to select a client certificate from the OS device gt gt 4 23 PM Cancel Cancel Certificate Server access example com John Doe Issued by Dell SonicWALL Test CA G Expires Feb 25 00 11 51 2024 GMT Username johndoe Password c o Domain LocalDomain Noa Nec Nao Nec NN Ne S ee SA AISIDIFIGIHIJIK IL _ o E A A N N M a A AA e A O A y A Tapping on the info indicator that appears to the right of the client certificate displays additional details for the client certificate Certificate Details SUBJECT Common Name John Doe Country US Organization Dell SonicWALL ISSUER Common Name Dell SonicWALL Test CA Country US Organization Dell SonicWALL Serial 21 By default a VPN configuration will be the client certificate setting to Choose during login To support Connect on Demand a VPN connection should not request any user interaction to seamlessly connect A VPN configuration on the Dell SonicWALL SMB SRA appliance must meet the following requirements Using Mobile Connect 31 e The user s effective client certificate enforcement policy configured at the domain or user level must be enabled to use client certificates for authentication e The user s effective user name and password caching policy configured at the global
16. ccepts the name only if it is unique Letters are case sensitive server The domain name or IP address of the Dell SonicWall appliance in which you wish to connect For example vpn example com username Optional The username used in the VPN connection password Optional The password used in the VPN connection realm Optional The realm used in the VPN connection profile Applies to EX series connections only domain Optional The domain used in the VPN connection profile Applies to SRA and UTM connections only sessionid Optional The session ID or Team ID used for authentication connect Optional If presented and the value is non null the connection will be initiated if the profile was successfully added sstibaetel Optional The callback URL is be opened by Mobile Connect after the add profile command has been processed See Callback URL on page 20 for full details of the callback URL syntax and options Connect Command 18 The connect command is used to easily establish VPN connections Connection information can be embedded in the URLs and they can be provided to users for easy setup and configuration In addition a callback URL can be provided that Mobile Connect will open after the connection attempt is completed making it possible for other applications to initiate VPN connections in a seamless manner Syntax mobileconnect connect name ConnectionNamelserver ServerAddress Parameterl ValuegtParamete
17. ce web portal 3 If you are unable to load the web portal the problem is with the Dell SonicWALL appliance Contact your network administrator if the problem persists 4 Ifthe web portal loads successfully on the Safari browser and you still cannot establish a Mobile Connect connection notify Dell SonicWALL Support as follows a On the Settings tab enable the Debug Logging option b Attempt a connection to the server again to ensure that full debugging messages are logged for the attempt c Then return to the Settings tab and tap the Email Logs button An email will launch in your mail client with the Mobile Connect log attached Address the email to Support sonicwall com Add any additional comments to the email and tap Send Dell SonicWALL Support staff will contact you after reviewing your case 38 SonicWALL Mobile Connect for OS User Guide
18. d functionality by determining whether the user is on a trusted network e Configured with the iPhone Configuration Utility e Used for Wi Fi connections only When operating over other types of network connections Connect on Demand does not use TND to determine whether a VPN should be connected Connect On Demand starts a VPN connection whenever a user tries to access a destination with a hostname specified in the domains list For example if example com is in the Always Connected list wnen a user accesses internal example com the client starts a VPN connection Using Mobile Connect 33 regardless of the network to which the device is currently connected TND compares the VPN and local DNS servers and DNS suffixes to determine whether to use Mobile Connect and dial the VPN as shown in the following table DNS Suffixes DNS Servers Login None None Refused no VPN None Same Refused no VPN Same Same Refused no VPN Same Same and others Allowed Same Different Allowed Different Same Allowed Some Some Allowed Consult documentation from Apple Inc for more information about Trusted Network Detection and Connect on Demand To determine if TND is available for your connection tap the info indicator in the Status row on the Connection tab This displays the buttons used to enable disable TND if available e0000 T VPN 4 32 PM G 4 Close Connect On Demand Edit Connect On Demand O Trusted Networks O Domain List To c
19. d heading click the arrow icon Select the Customize default settings checkbox and enter the DNS domain name in the Search domains field Installing Mobile Connect SonicWALL Mobile Connect is installed through the Apple App Store 1 On your iPhone iPod touch or iPad tap the App Store icon 2 Go to the Search tab enter SonicWALL Mobile Connect and tap Search 3 In the search results select SonicWALL Mobile Connect 8 SonicWALL Mobile Connect for iOS User Guide 4 Tap Free and then Install The app will install on your device When installation is complete the SonicWALL Mobile Connect icon will appear on your device 0 Mobile Connect SonicWALL Note If you encounter an error when attempting to download SonicWALL Mobile Connect please see Tunes Store Customer Support where you can find troubleshooting procedures and instructions on how to report the issue using your Tunes account http www apple com support itunes Using Mobile Connect The following sections describe how to use SonicWALL Mobile Connect e Create a Connection on page 9 e Connect to the Mobile Connect Server on page 13 e Configure Mobile Connect Settings on page 15 e Configure Connect on Demand on page 29 e To Use the iPhone Configuration Utility with Mobile Connect on page 34 Create a Connection The process of creating a Mobile Connect connection is slightly different depending on wh
20. e dl 7 26 08 8 54 PM 120 00 KB You can try downloading the file gt WindowsMediaAudio wma anyway but it may not be viewable 6 13 05 4 02 PM 7 54 MB unless you have an appropriate app S ZipFile zip installed for viewing it 3 12 12 5 29 PM 3 29 MB p Cancel Try Anyway O ma 23 A is Open in Open in Open in Open in Explore Dropbox Evernote Google Drive N Cancel File Policies On OS policies can be configured on the server to control whether a file may be e Printed e Copied to the clipboard e Opened in a third party app or e Securely cached on the device If a file has an Allow policy Allow Print Allow Copy or Allow Open In enabled a Share button is displayed in the top right of the navigation bar when the file is viewed gt 9 22 AM X Mobile Connect for iOS 26 SonicWALL Mobile Connect for iOS User Guide Allow Print If the file has the Allow Print policy enabled tapping the Share button displays the Print button 10 14 AM Cancel Allow Copy If the file has the Allow Copy policy enabled tapping the Share button displays the Copy button 10 14 AM Cancel Using Mobile Connect 27 Allow Open In If the file has the Allow Open in policy enabled tapping the Share button displays the Open in button and icons for other apps that can open the file Tapping the Open in button displays a list of apps that can open the file 10 13 AM 10 49
21. ect over proxy SonicWALL Mobile Connect for iOS User Guide Monitor Mobile Connect The Monitor tab displays additional details about the connection statistics on traffic transmitted DNS information and routes that have been installed es emm T 1 04 PM Monitor CONNECTION INFO Status Connected 00 23 Server access example com Client IP 100 128 1 110 Protocol TLSv1 2 Cipher AES256 GCM SHA384 STATISTICS Sent 40 bytes 0 O fe Connection Monitor Settings About The About tab of Mobile Connect displays the version number and legal text SonicWALL Mobile Connect Secure Remote Access Client Version 3 0 8 Copyright 2014 SonicWALL LLC All rights reserved SONICWALL the SONICWALL Logo and SONICWALL MOBILE CONNECT are trademarks or registered trademarks of SonicWALL LLC a wholly owned subsidiary of Dell THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OR RAPT PA ARAL A RP ATA Oe rsa re AN eA O Fr 0 Connection Monitor Settings About Monitor Mobile Connect 37 Troubleshoot Mobile Connect If you are unable to connect to the Dell SonicWALL server perform the following steps to troubleshoot the connection 1 Double check that you have entered the server name properly in the connection configuration 2 Goto the Safari browser on your iPhone iPod touch or iPad and attempt to navigate to the SRA applian
22. ficates for authentication Chained authentication where a second authentication server is used does not support Connect on Demand e The valid client certificate for the realm must be present e The user must successfully connect to the appliance at least once Using Mobile Connect 29 To configure Connect on Demand perform the following tasks 1 Tap the info indicator Gi gt in the Status row on the Connection tab which displays the Connect On Demand screen SS 4 28 PM ES Close Connect On Demand Edit Connect On Demand Trusted Networks Domain List example com Note In iOS 7 Always Connect domains are no longer supported and behave the same as Connect If Needed Tap Connect on Demand Set the Domain List option to Connect If Needed to have Mobile Connect establish a VPN connection when accessing a resource with any of the domain suffixes listed 4 Setting the Domain List option to Never Connect disables Connect on Demand for the domain suffixes listed 5 If more than one domain is listed you can enable Connect on Demand for individual domains by tapping on the domain name Note In iOS 7 Always Connect domains are no longer supported and behave the same as Connect if Needed 30 SonicWALL Mobile Connect for iOS User Guide Configuring a Connection to Dell SonicWALL SMB SRA Appliances On SMB SRA appliances client certificate authentication is available as a second factor authenti
23. gin Group Split Tunnel Remember Credentials q Forget this Login Group Delete Connection 16 SonicWALL Mobile Connect for iOS User Guide The following options can be configured e Remember Credentials Enables saving of user authentication credentials for the VPN connection This is disabled by default and can be controlled by the E Series SRA server setting e Forget this Login Group Mobile Connect remembers the Login Group that you specified when configuring the connection To change to a different Login Group tap Forget this Login Group The next time you connect to the server you will be prompted to select a new Login Group Note If these options are not displayed then you are connecting to either a Dell SonicWALL firewall or SRA appliance The Support section of the Settings tab provides the following support information e User Guide Displays the SonicWALL Mobile Connect User Guide e Device Information Displays information about the iOS device Wi Fi connection Cellular connection Bluetooth connection and DNS servers e Email Logs Creates an email to send the Mobile Connect log files to Dell SonicWALL Support staff Tap Send to send the email URL Control Syntax and Parameters This section provides the full set of URL parameters for the URL Control feature URL Control currently supports the addprofile connect and disconnect commands Callback URLs are also supported Add Profile Command
24. group or user level must be set to Allow saving of username and password e The valid client certificate for the user must be present on the OS device e The iOS VPN connection profile must have the user name and password configured and the appropriate client certificate must be selected To configure Connect on Demand perform the following tasks 1 Select a client certificate under the Certificate row on the Edit Connection screen which displays the Connect On Demand row 4 38 PM gt gt F 4 37 PM gt F 4 37 PM Cancel Edit Connection Cancel Certificate Cancel Edit Connection Name SRA 4600 Name SRA 4600 Choose during login Server access example com You will be prompted to select a Server access example com certificate if the server requires one Username johndoe None Username johndoe If the server requires a certificate login will be canceled Password eeeceeeee Password e0000000 John Doe L ID Y Issued by Dell SonicWALL Test CA i L ID Domain ocalDomain Expires Feb 25 00 11 51 2024 GMT Domain ocalDomain Certificate Choose during login Certificate John Doe Connect On Demand OFF Delete Connection Delete Connection 2 Select the Connect On Demand row on the Edit Connection screen and enable Connect On Demand F 4 37 PM 4 38 PM 4 39 PM _ Connect On Demand Edit O Connect On Demand C Domain List Domain List Username johndoe TEE Connect If Needed Password 0000000
25. hrough new File bookmarks File bookmarks allow secure access to files by first checking and enforcing the server configured file policy and then securely downloading and displaying the file within the Mobile Connect app Using Mobile Connect 23 24 Server configured policies include control over whether a file may be printed copied to the clipboard opened in a third party app or securely cached on the OS device File bookmarks can also be created to folders or file share root directories to allow directory navigation Note In Mobile Connect for iOS 3 0 File bookmarks are supported only on the Dell SonicWALL SRA appliances with SRA 7 5 or later firmware Support for File bookmarks in E Class SRA and Next Generation Firewall appliances is expected in a future release When File bookmarks are configured for the user on the server appliance they appear in the list of bookmarks after the VPN is established and can be filtered by selecting the Showing Files row that is displayed when there are more than five bookmarks 10 71 AMA Connection 9 20 AM Connection 9 20 AM Connection SONICWALL Connection VPN Status Showing Al 3 0 Release Notes L 7 Imiraurnmot 15 ahili Showing All 3 0 Release Notes Mobile Connect 3 0 Release Notes Intranet Sharepoint 2013 9 y Dg m 0 Connection Monitor Settings About Connection SRA 4600 VPN O Status Connected Showing Files pa 3 0 Relea
26. ich type of Dell SonicWALL appliance you are connecting to The following sections describe how to create a connection e Create a Connection to Dell SonicWALL Firewall and SRA Appliances on page 9 e Create a Connection to Dell SonicWALL E Class SRA Appliances on page 12 Create a Connection to Dell SonicWALL Firewall and SRA Appliances 1 The first time you launch Mobile Connect you will be prompted to enable VPN functionality Tap Enable a omm om amm m o n oe m m m a o 1 SonicWALL Mobile Connect Do you want to enable SonicWALL Mobile Connect VPN functionality Enable Using Mobile Connect 9 2 You will then be presented with the screen to begin your first connection to the Dell SonicWALL firewall or appliance Tap Add connection Name Enter a descriptive name for the connection Server Enter the URL or IP address of the server 12 12 PM Cancel Add Connection Name Test Server access example com 3 Tap Next Mobile Connect will then attempt to contact the Dell SonicWALL appliance If Mobile Connect successfully contacts the appliance the server connection is added to the list of saved connects on the Connections screen 4 If the attempt fails a warning message will display asking if you want to save the connection Verify that the server address or URL is spelled correctly and then tap Save Warning access example com is either currently unreachable or is not a v
27. ny changes then adapted to iOS 6 Mobile Connect has been completely redesigned to be simpler and more useful according to the design principles of iOS 7 Mobile Connect 3 0 has a new app icon splash screen and look and feel when run on OS 7 The Connect Disconnect button has been replaced with an On Off switch matching the same VPN controls in the Settings app On OS 6 Mobile Connect retains its original look and feel File Bookmarks Mobile Connect 3 0 working with SRA 7 5 firmware introduces secure mobile access to files Granular policy controls can be configured to allow or deny other iOS apps and features to use each file Policies include control over whether a file may be printed securely cached copied to the clipboard or opened in a third party app Files 6 SonicWALL Mobile Connect for OS User Guide Bookmarks are displayed after the VPN is connected Selecting a Files bookmark checks and enforces the server policy securely downloads the file and displays it within the Mobile Connect app Bookmarks to folders or file share root directories can also be created to allow for directory navigation At this time File bookmarks are supported only in SMB SRA appliances running SRA 7 5 firmware File bookmark support in the E Class SRA and Next Generation Firewalls is expected in a future release E Class SRA Features Credential Caching Users may now cache their username and password credentials to reduce the burden of m
28. o cellular This setting lets applications rely on a sustained VPN connection There is no limit on the amount of time it takes to reconnect URL Control Allows other mobile applications to pass action requests using special URLs to Mobile Connect These action requests can create VPN connection entries and connect or disconnect VPN connections For example another application can launch Mobile Connect access internal resources as needed and then disconnect by using the mobileconnect or sonicwallmobileconnect URL scheme Some common examples of URL Control are Add profile mobileconnect addprofile name ConnectionName amp server ServerAddress amp Parameter1 Value amp Parameter2 Value Connect mobileconnect connect name ConnectionName server ServerAddress amp Parameter1 Value amp Parameter2 Value Disconnect mobileconnect disconnect Additional information about URL Control is provided in URL Control Syntax and Parameters on page 17 Using Mobile Connect 15 e Bookmarks Displays centrally configured shortcuts called bookmarks to VPN resources such as URLs Outlook Web Access and OS applications These bookmarks which are displayed on the main Connection tab when the VPN is connected provide one touch access to frequently used applications If using an SRA appliance pulling down the Connection screen and releasing it refreshes the bookmarks Mobile Connect supports Remote Desktop o
29. onfigure TND perform the following tasks 1 Tap the info indicator i gt in the Status row on the Connection tab 2 Ensure Connect On Demand is turned on 3 Turn on Trusted Networks Note Trusted Network Detection is available only for connections to Dell SonicWALL E Class SRA appliances To Use the iPhone Configuration Utility with Mobile Connect The iPhone Configuration Utility provides the ability for administrators of enterprise environments to create configuration profiles for the iPhone iPod touch and iPad These profiles provide the ability for administrators to preconfigure the device settings for enterprise policies such as VPN configuration security policies Wi Fi settings etc The iPhone Configuration Utility enables administrators to configure Mobile Connect profiles for their users OS devices The iPhone Configuration Utility can be downloaded here http www apple com support iphone enterprise To configure a Mobile Connect profile using the iPhone Configuration Utility perform the following steps 1 Download install and launch the Phone Configuration Utility for Windows or Mac OS X 34 SonicWALL Mobile Connect for OS User Guide 2 Click File gt New Configuration Profile File New Configuration Profile Crtil N Add to Library Duplicate Share via Email Eril L Shift Crtl 85 Si A oe 3 Select VPN and then click the Configure button Profile Name 1 26 2012 5 32
30. or higher iPhone 4S running iOS 6 or higher Phone 4 running iOS 6 or higher Phone 3GS running OS 6 or higher iPad Air Sth generation running iOS 7 or higher iPad 4th generation running iOS 6 or higher iPad 3rd generation running iOS 6 or higher iPad 2 running iOS 6 or higher iPad mini running iOS 6 or higher iPad 4th generation running OS 6 or higher iPad 3rd generation running iOS 6 or higher iPad 2 running iOS 66 or higher iPad mini 2nd generation running iOS 7 or higher iPad mini running iOS 6 or higher Pod touch 4th generation or later running iOS 6 or higher Dell SonicWALL Appliance Support SonicWALL Mobile Connect is a free app but requires a concurrent user license on one of the following Dell SonicWALL solutions in order to function properly Dell SonicWALL firewall appliances including the TZ NSA E Class NSA running SonicOS 5 8 1 0 or higher Dell SonicWALL SRA appliances running 5 5 or higher Dell SonicWALL Aventail E Class Secure Remote Access SRA appliances running 10 5 4 or higher What s New in This Release The following features some of which are specific to E Class SRA appliances or SMB SRA appliances and Next Generation Firewalls have been added in Mobile Connect 3 0 OS 7 Redesign Apple introduced many new UI changes and design paradigms in OS 7 that require apps to be fundamentally redesigned for iOS 7 with a
31. p P Ey VNC Remoter VN a SSH Mobile Connect supports the following types of bookmarks and associated apps Note In Mobile Connect for OS 3 0 only Web and Desktop bookmarks are supported on the Dell SonicWALL EX series SRA appliances Desktop Bookmarks Portal name Terminal Services RDP ActiveX Terminal Services RDP Java Internal type RDP5ActiveX RDP5Java RDP bookmark types attempt to launch with the associated RDP application as configured in the Settings tab OS Version Wyse PocketCloud Pro 2 3 211 2X Client RDP Remote Desktop 11 0 1872 Remote RDP Lite Remote RDP Remote RDP Enterprise Additional details such as screen resolution should be provided to the client However support for passing such parameters will vary based on the application For example e Wyse PocketCloud Pro does not support the connect to console option e 2X Client does not accept screen resolution settings on OS Portal name Virtual Network Computing VNC Internal type VNC VNC bookmark types attempt to launch with the associated VNC application as configured in the Settings tab OS Version Wyse PocketCloud Pro android vnc viewer Remoter VNC 4 5 04 22 SonicWALL Mobile Connect for OS User Guide Files Additional details such as screen resolution should be provided to the client However support for passing such parameters varies based on the application Portal name Citrix Portal Ci
32. ptions like screen size and enable disable audio as long as both the server bookmark and third party iOS application support the option Note Bookmarks are supported on SRA appliances only when running 7 5 or higher and Next Generation Firewall appliances running SonicOS 5 9 0 2 and higher Additional information about bookmarks is provided in Bookmarks on page 21 e Files Deletes all cached files that have been downloaded and stored on the device Note that cached files are encrypted on the device for added security Note Files are Supported on SMB SRA appliances only when running 7 5 or higher and not supported on appliances running SonicOS Additional information about Files is provided in Files on page 23 e Logs Serves two purposes Enables full debug log messages of Mobile Connect activity Leave this section disabled unless instructed to enable it by Dell SonicWALL Support staff Deletes all log files that have been saved on the device E Class SRA Settings Two additional options can be modified for connections to Dell SonicWALL E Class SRA appliances To view these options go to the Connection tab and tap the Connection line to display the list of connections Tap the info indicator i gt to the left of the connection you want to modify The Edit Connection window displays TY TT 12 56 PM Cancel Edit Connection Name E Series SRA Server access example com SELECTIONS Lo
33. r2 Value Following are examples of the mobileconnect command mobileconnect connect name Example sonicwallmobileconnect connect name Example mobileconnect connect name Example mobileconnect connect server vpn example com mobileconnect connect name ExampleS202 amp server vpn example com mobi leconnect connect name SRA 20Connection amp server sslvpn example com amp username test password password domain LocalDomain mob LeconnectiJ connect name EX 20Connection server workplace example com amp username test amp password password realm Corp SonicWALL Mobile Connect for iOS User Guide Connect Command Parameters Command Parameter Description name The unique name of the VPN connection entry that will be created and appear in the Mobile Connect Connections list Mobile Connect accepts the name only if it is unique Letters are case sensitive server The domain name or IP address of the Dell SonicWall appliance in which you wish to connect For example von example com username Optional The username used in the VPN connection password Optional The password used in the VPN connection realm Optional The realm used in the VPN connection profile Applies to EX series connections only domain Optional The domain used in the VPN connection profile Applies to SRA and UTM connections only sessionid Optional The session ID or Team ID used for authentication connect Optional If presented and the value is
34. se Notes 2__ Mobile Connect 3 0 Release Notes gt Marketing Files server share E New Mobile Connect Data Sh 3 0 Data Sheet GS i 0 Connection Monitor Settings About Selecting a File bookmark queries the server and enforces any file policies configured on the server for that File bookmark If the file is not already cached on the device the file is securely downloaded from the SRA appliance Once downloaded the file is displayed within the Mobile Connect app 9 24 AM Connection Connection VPN Status Showing Files server share H P y 3 0 Data Sheet 5 Connection Monitor SonicWALL Mobile Connect for iOS User Guide 3 0 Release Notes Mobile Connect 3 0 Release Notes Marketing Files New Mobile Connect Data Sh gt 9 23 AM X Mobile Connect for OS Data S Downloading 00 04 remaining Cancel gt 9 22 AM X Mobile Connect for iOS Mobile Connect Selecting a File bookmark to a folder or directory allows directory browsing and download and viewing of any file in the folder All attempts to browse a file folder or view a file will query the server to enforce access policies 9 33 AM A kakea 9 33 AM lt SRA SMB Series Applianc u Pictures Audio Mobile Connect png 1 24 14 12 11 PM gt 1 24 14 12 24 PM 44 71 KB Blog Posts SRA E Series Appliances jpg 1 24 14 12 11 PM gt 10
35. t is displayed when there are more than five bookmarks lets you filter long lists of bookmarks by type Select the type of bookmarks to display or select All to display all bookmarks e0e000 gt 10 21 AM e0000 1 10 PM E 00 1 11 PM Connection Connection Connection SONICWALL Showing All Connection SRA 4600 wen Connection SRA 4600 Status Connected VPN O Desktop Status Connected Showing Desktop AA MyPC ca Windows 8 1 Showing All E VNC to Mac ma 3 0 Release Notes OS X Mavericks wa 3 0 Release Notes gt Mobile Cornect 3 0 Release Notes A Mobile Connect 3 0 Release Notes XenApp 6 5 Intranet Citrix v Intranet 2 A Sharepoint 2013 ASPS ix v v O re O re o Monitor Monitor S gs Abou Connection Settings About Connection Monitor Settings About Connection Using Mobile Connect 21 Selecting a bookmark for an app that is not installed will prompt you to install the app Apps referenced by bookmarks also can be installed at any time using the Settings gt Bookmarks tab In addition to installing apps for bookmarks the Settings gt Bookmarks tabs is also used to select and install apps for bookmarks that support multiple third party apps For example you might select Safari or Google Chrome for a Web bookmark 1 18 PM e e eco T VPN 1 16 PM Bookmarks Web HTTP HTTPS BOOKMARK APPS WEB APPS Web HTTP HTTPS Q Safar Y Safari gt ZA Remote Desktop RDP Chrome a PocketCloud Remote Deskto
36. tring value of the Mobile Connect IPv4 client address STUNNEL MODES One of split split nonlocal redirectall or redirectall nonlocal depending on the tunnel mode Applies to SRA and UTM con nections only SESP ENABLED Yes or no depending on if ESP is enabled Applies to SRA and UTM connections only Note Any number of tokens from the table above can be specified Following are examples using the callback URL Callback URL customapp host status SSTATUSS amp login group SLOGIN GROUPS error code SERROR_ CODES 20 SonicWALL Mobile Connect for iOS User Guide Full URL with URL Encoded Callback URL Value mobileconnect connect sessionid lt teamid gt amp callbackurl customapp 3A 2F 2Fhost 3Fstatusts3De24STATUSs24s26login group 3D 324LOGIN GROUPS Z berror_codes3D 24ERROR_CODES24 Callback URL myapp callback status SSTATUSS login group LOGIN GROUP amp error code SERROR_ CODES Full URL with URL Encoded Callback URL Value mobileconnect connect sessionid lt teamid gt amp callbackurl myapp S3A 2F 2Fcallbacks3Fstatus 3Ds24STATUSs24 26login group33D 24LOGIN GROUPS 2oerror codes3D ezZ4KRROR CODE 24 Callback URL http server example s20file html Full URL with URL Encoded Callback URL Value mobileconnect connect callbackurl http t3A 2F 2FserverS2Fexample 2520file html Bookmarks When there are more than five bookmarks the bookmarks can be filtered by selecting the Showing lt bookmark type gt row tha
37. trix Internal type Citrix Citrix_https Citrix bookmark types will attempt to launch with the associated Citrix application OS Version Citrix Receiver 5 8 3 Additional details such as screen resolution should be provided to the client However support for passing such parameters will very based on the application Web Bookmarks Portal name Web HTTP Secure Web HTTPS External Web Site Internal type HTTP HTTPS URL URL_https These bookmarks will launch in an associated web browser and the provided Name or IP Address HostID will be passed as the parameter to display in the browser OS Version Any Browser Safari Yes Google Chrome 33 0 1750 14 Portal name Mobile Connect Internal type MC Mobile Connect bookmark type will rely fully on the OS to determine and launch the proper application The bookmark is expected to be properly configured for launch The Mobile Connect app will attempt to launch it as is for example telnet server Terminal Bookmarks In Mobile Connect for OS 3 0 Dell SonicWALL E Class SRA appliances do not support Terminal bookmarks Portal name Telnet Secure Shell Version 1 SSHv1 Secure Shell Version 2 SSHv2 Internal type Telnet SSH SSHv1 OS Version ConnectBot ISSH 5 7 1 ConnectBot notes Proper formatting is required for ConnectBot SSH server bookmark field requires username server Mobile Connect 3 0 introduces secure mobile access to files t
38. ty Tap Enable SonicWALL Mobile Connect Do you want to enable SonicWALL Mobile Connect VPN functionality Enable 2 You will then be presented with the screen to begin your first connection Tap Add connection Name Enter a descriptive name for the connection Server Enter the URL or IP address of the server 12 12 PM Cancel Add Connection Name Test Server access example com QWIJE RITIYJUJIJOJP A O M ia am 11 l 17 l 3 Tap Next Mobile Connect will then attempt to contact the Dell SonicWALL appliance If Mobile Connect successfully contacts the appliance the server connection is added to the list of saved connects on the Connections screen If the attempt fails a warning message will display asking if you want to save the connection Warning access example com is either currently unreachable or is not a valid SonicWALL appliance Would you like to save this connection anyway Cancel Save 4 Before tapping Save verify that the server address or URL is spelled correctly Clicking Save adds the server connection to the list of saved connections on the Connections screen 12 SonicWALL Mobile Connect for iOS User Guide Connect to the Mobile Connect Server After you save a new connection the list of all configured connections displays 10 24 AM Connections Create a new connection Gi OR CHOOSE A CONNECTION Next Gen Firewall ngfw example com SRA 46
39. type of Dell SonicWALL appliance being used e Dell SonicWALL firewall appliances On the SSL VPN gt Client Settings page enter the DNS domain name in the DNS Domain field e Dell SonicWALL SRA appliances The DNS domain can be configured either globally at the group level or at the individual user level Global level On the Network gt DNS page enter the DNS domain name in the DNS Domain field Group level On the Users gt Local Groups page click the edit icon for the group Click on the NX Settings tab and enter the DNS domain the DNS Domain field User level On the Users gt Local Users page click the edit icon for the user Click on the NX Settings tab and enter the DNS domain the DNS Domain field e Dell SonicWALL E Class SRA appliances The DNS domain can be configured either globally or for specific IP address pools Global level From the main navigation menu in the E Class SRA Management Console AMC click Network Settings In the Name resolution area click Edit The Configure Name Resolution page appears Enter the DNS domain name in the Search domains field IP address pool level From the main navigation menu in the AMC click Services Under Access services in the Network tunnel service area click Configure The Configure Network Tunnel Service page appears Click the name of the IP address pool you want to edit The Configure IP Address Pool page appears To the right of the Advance
40. upports the following attributes Application Directory name File name Equipment ID iOS version This feature requires 7 5 SRA firmware Required Network Information To use Mobile Connect you will need the following information from your network administrator or IT Support Server name or address This is either the IP address or URL of the SSL VPN server that you will connect to Username and password Typically you will be required to enter your username and password although some connections may not require this Domain name The domain name of the SSL VPN server Mobile Connect may be able to automatically determine this when it first contacts the server or there may be multiple domains that can be selected Prerequisites 7 DNS Domain Settings on Appliances Before Mobile Connect users will be able to access the private network the network administrator must configure the DNS Domain on the Dell SonicWALL appliance When the Mobile Connect user accesses a URL on the private network the configured DNS domain is used to resolve the hostname lookup For public domains that do not match the configured DNS domain the DNS server for the Wi Fi or cellular network is used Note The Mobile Connect user does not need to perform any configuration tasks related to DNS The following information is for SonicWALL network administrators The DNS Domain configuration process varies depending on the
41. while still guarding against the inherent security risks of using mobile devices The SonicWALL Mobile Connect app for iPhone iPod touch and iPad provides secure mobile access to sensitive network resources Mobile Connect establishes a Secure Socket Layer Virtual Private Network SSL VPN connection to private networks that are protected by Dell SonicWALL security appliances All traffic to and from the private network is securely transmitted over the SSL VPN tunnel After installing SonicWALL Mobile Connect from the App Store to get started with Mobile Connect 1 Ensure the Dell SonicWALL SRA or firewall appliance that will be used by Mobile Connect to the network is connected Configure Network Information server name username password etc Mobile Connect establishes a SSL VPN tunnel to the Dell SonicWALL security appliance 4 You can now access resources on the private network All traffic to and from the private network is securely transmitted over the SSL VPN tunnel Prerequisites The following sections describe prerequisites for SonicWALL Mobile Connect e Apple Product Support on page 6 e Dell SonicWALL Appliance Support on page 6 e Required Network Information on page 7 How Mobile Connect Works 5 Apple Product Support SonicWALL Mobile Connect is supported on the following devices iPhone 5s running OS 7 or higher iPhone 5c running OS 7 or higher Phone 5 running iOS 6
Download Pdf Manuals
Related Search