SOTI MobiControl instances configured to connect to Exchange Online prior to October 13, 2020 can use basic authentication access until the first half of 2021. SOTI MobiControl customers shall no longer be able to use Compliance Policies to block email access to Exchange Online with basic authentication.
Revised July 10 2016
I have used Dell’s SonicWALL firewalls at several employers. From TZ190’s to NSA 3600’s. I am no expert on SonicOS or SonicWALLs in general, but I have been either the I.T. person who made the decision to use them, or I have had administrative access to them so I could perform maintenance. I’m much more experienced at the Windows server and desktop level.
It’s relatively easy to connect a Windows machine/client, to a SonicWALL firewall using their free Global VPN Client. But it’s always been a headache to connect a Mac OSX computer, to a SonicWALL firewall. Well let me take that back. It’s relatively easy to use equinux’s VPN Tracker to connect to a SonicWALL. Somehow VPN Tracker “just works” with little configuration. But it also costs $60.00 to $70.00 per license/computer. If you work for a large organization, buying VPN Tracker for your Mac VPN Connectivity needs, should be a no-brainer. But for those of you who work for smaller companies who question a lot of expenses, and you have Mac computers, then Lobotomo’s free IPSecuritas VPN Client may be for you. If it works out for you, I do encourage you click their Donate button and give what you can.
It took me quite awhile to finally get IPSecuritas working with the latest SonicWALL firewall I’ve been connecting to, an NSA 3600. The firmware version on the SonicWALL I’m using is SonicOS Enhanced 6.2.2.2-19n. Your settings may differ if you are using a different SonicWALL or a different firmware version – but things should be similar, in the same classes of firewalls. And the IPSecuritas version I’m using is V4.6.1.
I read several guides, and tried countless combinations of settings. I credit the following guides, for getting me started:
All of the above are somewhat old articles, often referencing much older versions of SonicOS firmware or the IPSecuritas client itself.
Most of the above articles attempt to explain their settings by describing the settings/options to select. And the problem is, with older versions of the firmware or IPSecuritas client, some of the settings/options have changed and it’s a bit difficult to understand some of what is described.
I’m going to show you the setup primary via screenshots. With some descriptions only going into detail about options that may differ on your setups.
Keep in mind that what worked for me, may not work for you. Plus, you really need to have administrative access to your SonicWALL, or know the I.T. person who does, who can help you sort this out.
SONICWALL SETUPVPN > SETTINGS MENU
On this page, click the Edit link to the right of WAN GlobalVPN. See below:
VPN > SETTINGS > GENERAL
Change the “Shared Secret” from yourpresharedkey to a key that you choose. See below:
VPN > SETTINGS > PROPOSALS TAB
Ensure your settings are the same as below:
VPN > SETTINGS > ADVANCED TAB
Set your Advanced tab options as per below. However it’s important to note that if your SonicWALL is configured to make people login with a SonicWALL Username/Password, then your “Require authentication of VPN clients by XAUTH” must be checked, and the “Use Group for XAUTH users” is probably “Trusted Users”.
This means that in the “Users” section of SonicWALL, each User under “Local Users” must be configured on the “Groups” tab, to be a member of “Trusted Users”. There may be other configurations necessary in the Local Users section.
VPN > SETTINGS > CLIENT TAB
One important change I made here, was to change “Virtual Adapter settings” from simply “DHCP Lease” to “DHCP Lease or Manual Configuration”. With just “DHCP Lease”, my IPSecuritas would not complete the connection.
I also enabled “Use Default Key for Simple Client Provisioning”
![]() VPN > ADVANCED
I’m not sure if there were any changes on this page. Set as per below:
VPN > DHCP over VPN
Click “Central Gateway” and then click “Configure”. Make sure your options are set the same as below:
IPSECURITAS SETUPGENERAL TAB
Create a new connection (sample here is “Test Connection” and under the General tab, put your IP address in place of “yoursonicwall-IP”. Set other options as below.
However note that if your IP Address range, where you are connecting to, is different than 192.168.1.#, then you should specify the correct subnet.
PHASE 1 TAB
Set your Phase 1 as below:
PHASE 2 TAB
Set your Phase 2 as below:
ID TAB
Set the fields in your ID tab as below. But under Remote Identifier change “yoursonicwallID” to match the “Unique Firewall Identifier” you specified on your SonicWALL under VPN > SETTINGS
On your SonicWALL under VPN > SETTINGS > ADVANCED TAB > CLIENT AUTHENTICATION, if you clicked the Check-Box next to “Require authentication of VPN clients via XAUTH” then be sure to select “XAuth PSK” on the IPSecuritas “ID” tab below. If you didn’t select that checkbox, then you need to match the alternative authentication methods that you used on your SonicWALL – or you will not be able to connect.
Assuming you seelcted XAuth PSK above, then specify the same Preshared Key that you specified on your SonicWALL under VPN > SETTINGS > [Edit] WAN GROUPVPN > GENERAL TAB > SHARED SECRET FIELD
In the Username field, specify the same “Name” field you specified on your SonicWALL under USERS > LOCAL USERS
DNS TAB
Under “Domains” replace “yourdomainname” with your local network Domain Name, assuming you have one.
Under Name Server Addresses, specify the IP Address of your internal DNS server, assuming you have one.
If you do not have an internal DNS server, I assume you remove the checkmark next to “Enable”. I’ve always had internal DNS servers so I’m not sure what effect, removing this will have.
OPTIONS TAB
Set your checkboxes to match those below.
Note that most IPSecuritas and SonicWALL help sites I’ve read, say to also select “Disable” next to NAT-T. However for my circumstances, I found that I had to “Enable” NAT-T, in order to subsequently be able to connect to my servers via Windows Explorer and specifying their #.#.#.# IP address, or to use Remote Desktop for that matter.
FINAL NOTES
Remember that every situation is different. You may have some SonicWALL settings that are slightly different, which could mean your IPSecuritas will not connect, if it’s settings don’t match the SonicWALL.
If it doesn’t work, y best advice, read the other older articles I linked to above, in addition to mine, and try and find the culprit!
I wish you the best of luck!
Darren Nye
Sonicwall Mobile Connect Download Mac
Using Mobile Connect
Connections
Firewall and SRA Appliance Connections
1. The first time you launch Mobile Connect, you must add a VPN connection before you can connect. Select Add connection from the Connection popup menu.
2. You will then be presented with the screen to begin your first connection to the Dell SonicWALL firewall or appliance:
– Name: Enter a descriptive name for the connection.
– Server: Enter the URL or IP address of the server.
3. Select Next. Mobile Connect will then attempt to contact the Dell SonicWALL appliance. If the attempt fails, a warning message is displayed asking if you want to save the connection. Verify that the server address or URL is spelled correctly, and then tap Save.
4. If Mobile Connect successfully contacts the server, you will be prompted to optionally enter your Username and Password. Enter your Username and Password, and then scroll down to the Domain field.
The Domain field is auto-populated with the default domain from the server. To select a different domain, tap Domain to display a drop-down menu of the available options, select the correct domain.
Sonicwall Mobile Connect Download
5. Click Save to create the new connection.
E-Class SRA Appliances Connection
1. The first time you launch Mobile Connect, you must add a VPN connection before you can connect. Select AddConnection from the Connection popup menu.
2. You will then be presented with the screen to begin your first connection to the Dell SonicWALL firewall or SRA appliance:
– Name: Enter a descriptive name for the connection.
– Server: Enter the URL or IP address of the server.
3. Select Next. Mobile Connect will then attempt to contact the Dell SonicWALL appliance. If the attempt fails, a warning message will display, asking if you want to save the connection. Verify that the server address or URL is spelled correctly, and then tap Save.
If Mobile Connect successfully contacts the server, the connection is saved automatically.
Connect to Mobile Connect Server
After you save a new connection, it is selected under the Connection tab.
To establish a Mobile Connect session, perform the following tasks:
1. Select the connection that you want to initiate from the Connection list. Click the Connect button.
2. Enter your username and password if prompted (depending on whether the appliance you are connecting to allows for saving usernames and passwords), and tap Login.
3. When the connection is successfully established, the Status row changes to Connected and the Connect button changes to Disconnect.
4. Once connected, you can access your Intranet network with other apps. The Mobile Connect menu bar icon will appear in the connected state:
5. Press the Home button on your iPhone, iPod touch, or iPad to display its home screen. You can now navigate to other apps to access your Intranet network. The status bar at the top of the iPhone, iPod touch or iPad displays a VPN icon to indicate that the Mobile Connect session is still connected.
The native Mac system VPN Status in the menu bar can also be displayed from the System Preferences app under Network. The VPN Status icon changes to the connected state, and the connection time can also be shown.
If the VPN connection is interrupted, the menu bar icons change to indicate that you are no longer connected or that Mobile Connect is reconnecting the VPN, and you will no longer be able to access the Intranet network. This can happen if your device’s connection transitions from one Wi-Fi network to another Wi-Fi network or to another network type.
If the VPN disconnects, return to Mobile Connect to reestablish the connection. Optionally, you can configure the Automatic Reconnect option in the Mobile Connect app Preferences to have Mobile Connect automatically attempt to reestablish interrupted connections.
Settings
Configure Mobile Connect Settings
SonicWALL Mobile Connect provides several preferences for connection and logging options. The Settings tab also provides Support information, which includes a User Guide and device, connection, and server information.
The following options are controlled from the Preferences screen:
• Connect on Launch - Sets Mobile Connect to automatically initiate a connection to the last-used profile when the app is launched.
• Automatic Reconnect - Sets Mobile Connect to automatically attempt to reconnect if the connection is lost. The SSL VPN connection can be disrupted when your device’s connection transitions to a different network, such as another Wi-Fi network. This setting lets applications rely on a sustained VPN connection. There is no limit on the amount of time it takes to reconnect.
• URL Control - Allows other mobile applications to pass action requests using special URLs to Mobile Connect. These action requests can create VPN connection entries and connect or disconnect VPN connections. For example, another application can launch Mobile Connect, access internal resources as needed, and then disconnect by using the mobileconnect:// or sonicwallmobileconnect:// URL scheme. Some common examples of URL Control are:
Add profile: mobileconnect://addprofile[/]?name=ConnectionName&server=ServerAddress[&Parameter1=Value&Parameter2=Value..]
Connect: mobileconnect://connect[/]?[name=ConnectionName|server=ServerAddress][&Parameter1=Value&Parameter2=Value..]
Disconnect: mobileconnect://disconnect[/]
See the SonicWALL Mobile Connect User Guide for full URL Control parameter details.
Debug Logging - Enables full debug log messages of Mobile Connect activity. Leave this section disabled unless instructed to enable it by Dell SonicWALL Support staff.
E-Class SRA Settings
Two additional options can be modified for connections to Dell SonicWALL E-Class SRA appliances. To view these options, click the Edit icon next to the selected connection on the Connection tab. The Edit Connection screen displays.
The following options can be configured:
• Remember Credentials - Enables saving of user authentication credentials for the VPN connection. This is disabled by default and can be controlled by the E-Series SRA server setting.
• Forget this Login Group - Mobile Connect remembers the Login Group that you specified when configuring the connection. To change to a different Login Group, tap Forget Selections. The next time you connect to the server, you will be prompted to select a new Login Group.
Note If these options are not displayed, then you are connecting to either a Dell SonicWALL firewall or SRA appliance.
Sonicwall Mobile Connect Mac Download Dmg
Mobile Connect Help
The Help menu provides the following support information:
• UserGuide–DisplaystheSonicWALLMobileConnectUserGuide in the default web browser application (for example, Safari).
• Email Logs–Createsanemail tosend theMobileConnectlogfiles toDell SonicWALL Supportstaff.The email will be opened in the default mail application (for example, Mail).
• Export Logs–Opens a Finder windowto a temporary folder containing a copy of the Mobile Connect log files.
• Clear Logs – Deletes all log files that have been saved on the device
Configure Client Certificates
Sonicwall Mobile Connect Mac Download
Client certificate support is only available for connections to Dell SonicWALL E-Class SRA appliances.
Configuring a Connection to Dell SonicWALL E-Class SRA Appliances
If a client certificate is required during authentication, the user will be automatically prompted to select a client certificate present in the user’s keychain in OS X.
Select the client certificate from the list of certificates and then click Next.
By default a VPN configuration prompts the user to select the client certificate during authentication. If a user successfully authenticates with a client certificate, the VPN configuration profile will be automatically updated to use the client certificate for each subsequent connection attempt. To reset the client certificate selection, edit the connection and tap the Forget Selections button.
Note If no client certificates are installed, an error message is shown indicating that no matching client certificates are present on your device. The Keychain Access app (in Applications/Utilities) can be used to view client certificates. Click the My Certificates category to easily see available client certificates.
Configure Connect on Demand
Connect on Demand is only available for connections to Dell SonicWALL E-Class SRA and SMB SRA appliances.
The Connect on Demand feature provided by Mobile Connect provides the ability to automatically establish a VPN connection when you attempt to access a domain on the private network. This provides a seamless VPN connectivity experience without the need to manually launch Mobile Connect.
Sonicwall Mobile Connect Mac Setup
The enable Connect on Demand for your E-Series SRA connection, open the Network Settings in System Preferences and select the VPN connection from the list or network connections and make sure that the Connect on demand checkbox is enabled.
AVPNconfigurationmustmeetthefollowingrequirementstosupportConnectonDemand:
Dell SonicWALL E-Class SRA Appliance Requirements
• TheVPNtunnel mustnotbeconfiguredforRedirect-Allmode.
Sonicwall For Mac Download
• Therealmmust beconfiguredtouseclientcertificatesforauthentication.Chained authentication(whereasecondauthenticationserverisused)doesnotsupportConnecton Demand.
• Thevalid client certificate fortherealm mustbepresent.
• Theuser must successfullyconnecttotheapplianceatleastonce.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |