SonicWALL® Mobile Connect™ for OS X 3.1

SonicWALL® Mobile Connect™ for OS X 3.1
SonicWALL® Mobile Connect™ for OS X
3.1
User Guide
©
2015 Dell Inc.
ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a
software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the
applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written
permission of Dell Inc.
The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or
otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT
AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO
LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR
INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS
OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of
the contents of this document and reserves the right to make changes to specifications and product descriptions at any time
without notice. Dell does not make any commitment to update the information contained in this document.
If you have any questions regarding your potential use of this material, contact:
Dell Inc.
Attn: LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656
Refer to our website (software.dell.com) for regional and international office information.
Patents
This product is protected by multiple U.S. Patents. For more information, go to http://software.dell.com/legal/patents.aspx.
Trademarks
Dell, the Dell logo, and SonicWALL™, Aventail™, SonicWALL Mobile Connect™, and all other SonicWALL product and service
names and slogans are trademarks of SonicWALL, LLC, a wholly owned subsidiary of Dell. Other trademarks and trade names
may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any
proprietary interest in the marks and names of others.
Legend
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
Mobile Connect for OS X User Guide
Updated - February 2015
Software Version - 3.1
232-002776-00 Rev A
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Mobile Connect for OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
How Mobile Connect works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Apple product support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Dell SonicWALL appliance support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Required network information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
4
5
5
Installing Mobile Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Using Mobile Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Create a connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Create a connection to a Dell SonicWALL firewall and an SRA appliance . . . . . . . . . . 8
Create a connection to a Dell SonicWALL E-class SRA appliance . . . . . . . . . . . . . . .11
Connect to the Mobile Connect server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Configure Connect Mobile Connect preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
E-class SRA settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Mobile Connect Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
URL control syntax and parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Add profile command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Connect command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Disconnect command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Callback URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Configure client certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Configuring a connection to Dell SonicWALL E-class SRA appliances . . . . . . . . . . . . .20
Configuring a connection to Dell SonicWALL SMB SRA appliances . . . . . . . . . . . . . . . . .21
Configure Connect on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Monitor Mobile Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Troubleshooting Mobile Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
SonicWALL Mobile Connect for OS X 3.1
User Guide
3
1
Introduction
Mobile Connect for OS X
SonicWALL Mobile Connect for OS X is an app for Apple Mac notebooks and desktops running OS X Mavericks
(10.9+) and Yosemite (10.10+) that enables secure, mobile connections to private networks protected by Dell
SonicWALL security appliances.
How Mobile Connect works
Modern business practices increasingly require that users be able to access any network resource (files, internal
websites, and so on), anytime, anywhere. At the same time, ensuring the security of these resources is a
constant struggle. While most users are aware that they must protect PCs from network security risks, this
security awareness does not always extend to Mac devices like the MacBook Air and MacBook Pro. And yet, Macs
are increasingly subject to security attacks. Furthermore, remote Mac users can often use insecure, untrusted,
public Wi-Fi hot spots to connect to the Internet. It is therefore a challenge to provide secure, mobile access
while still guarding against the inherent security risks faced by mobile users.
The SonicWALL Mobile Connect app for OS X provides secure, mobile access to sensitive network resources.
Mobile Connect establishes a Secure Socket Layer Virtual Private Network (SSL VPN) connection to private
networks that are protected by Dell SonicWALL security appliances. All traffic to and from the private network
is securely transmitted over the SSL VPN tunnel.
After installing SonicWALL Mobile Connect from the Mac App Store, to get started with Mobile Connect:
1
Ensure the Dell SonicWALL SRA or firewall appliance being used by Mobile Connect is connected to the
network.
2
Configure Network Information (server name, username, password, and so on).
3
Mobile Connect establishes a SSL VPN tunnel to the Dell SonicWALL security appliance.
4
You can now access resources on the private network. All traffic to and from the private network is
securely transmitted over the SSL VPN tunnel.
Prerequisites
The following sections describe prerequisites for SonicWALL Mobile Connect:
•
Apple product support on page 4
•
Dell SonicWALL appliance support on page 5
•
Required network information on page 5
Apple product support
SonicWALL Mobile Connect for OS X is supported on all Mac models running OS X Mavericks (10.9) and OS X
Yosemite (10.10), available as a free upgrade. See the following web site for information on how to upgrade to
OS X Yosemite: http://www.apple.com/osx/how-to-upgrade/
SonicWALL Mobile Connect for OS X 3.1
User Guide
4
The following Mac models are compatible with OS X Yosemite:
•
iMac (Mid 2007 or newer)
•
MacBook (Late 2008 Aluminum or Early 2009 or newer)
•
MacBook Pro (Mid/Late 2007 or newer)
•
MacBook Air (Late 2008 or newer)
•
Mac mini (Early 2009 or newer)
•
Mac Pro (Early 2008 or newer)
•
Xserve (Early 2009)
Dell SonicWALL appliance support
SonicWALL Mobile Connect is a free app, but requires a concurrent user license on one of the following Dell
SonicWALL solutions in order to function properly:
•
Dell SonicWALL firewall appliances including the TZ, NSA, E-Class NSA running SonicOS 5.8.1.0 or higher
•
Dell SonicWALL SRA appliances running 5.5 or higher
•
Dell SonicWALL Aventail E-Class Secure Remote Access (SRA) appliances running 10.5.4 or higher
Required network information
To use Mobile Connect, you need the following information from your network administrator or IT Support:
•
Server name or address - This is either the IP address or URL of the SSL VPN server to which you are
connecting.
•
Username and password - Typically, you are required to enter your username and password, although
some connections might not require this.
•
Domain name - The domain name of the SSL VPN server. Mobile Connect might be able to automatically
determine this when it first contacts the server, or there could be multiple domains that can be
selected.
DNS domain settings on appliances
Before Mobile Connect users are able to access the private network, the network administrator must configure
the DNS Domain on the Dell SonicWALL appliance. When the Mobile Connect user accesses a URL on the private
network, the configured DNS domain is used to resolve the hostname lookup. For public domains that do not
match the configured DNS domain, the DNS server for the Wi-Fi or cellular network is used.
NOTE: The Mobile Connect user does not need to perform any configuration tasks related to DNS. The
following information is for SonicWALL network administrators.
The DNS Domain configuration process varies, depending on the type of Dell SonicWALL appliance being used:
•
Dell SonicWALL firewall appliances - On the SSL VPN > Client Settings page, enter the DNS domain
name in the DNS Domain field.
•
Dell SonicWALL SRA appliances - The DNS domain can be configured either globally, at the group level,
or at the individual user level:
•
Global level: On the Network > DNS page, enter the DNS domain name in the DNS Domain field.
•
Group level: On the Users > Local Groups page, click the edit icon for the group. Click on the NX
Settings tab and enter the DNS domain the DNS Domain field.
SonicWALL Mobile Connect for OS X 3.1
User Guide
5
•
•
User level: On the Users > Local Users page, click the edit icon for the user. Click on the NX
Settings tab and enter the DNS domain the DNS Domain field.
Dell SonicWALL E-Class SRA appliances - The DNS domain can be configured either globally or for
specific IP address pools:
•
Global level: From the main navigation menu in the E-Class SRA Management Console (AMC), click
Network Settings. In the Name resolution area, click Edit. The Configure Name Resolution page
appears. Enter the DNS domain name in the Search domains field.
•
IP address pool level: From the main navigation menu in the AMC, click Services. Under Access
services, in the Network tunnel service area, click Configure. The Configure Network Tunnel
Service page appears. Click the name of the IP address pool you want to edit. The Configure IP
Address Pool page appears. To the right of the Advanced heading, click the arrow icon. Select
Customize default settings and enter the DNS domain name in the Search domains field.
SonicWALL Mobile Connect for OS X 3.1
User Guide
6
2
Installing Mobile Connect
SonicWALL Mobile Connect is installed through the Mac App Store.
1
On your Mac click the App Store icon.
2
In the Search field, enter SonicWALL Mobile Connect, and tap Enter.
3
In the search results, select SonicWALL Mobile Connect.
4
Tap Free and then Install. The app installs on your Mac. When installation is complete, the SonicWALL
Mobile Connect icon appears in your Applications folder and in Launchpad.
NOTE: If you encounter an error when attempting to download SonicWALL Mobile Connect, see the Mac
App Store Support web site, where you can find troubleshooting procedures and instructions on how to
report the issue to Apple Support if necessary: http://www.apple.com/support/mac/app-store/
SonicWALL Mobile Connect for OS X 3.1
User Guide
7
3
Using Mobile Connect
The following sections describe how to use SonicWALL Mobile Connect:
•
Create a connection on page 8
•
Connect to the Mobile Connect server on page 12
•
Configure Connect Mobile Connect preferences on page 14
•
Configure Connect on Demand on page 22
Create a connection
The process of creating a Mobile Connect connection is slightly different depending on which type of Dell
SonicWALL appliance you are connecting to.
The following sections describe how to create a connection:
•
Create a connection to a Dell SonicWALL firewall and an SRA appliance on page 8
•
Create a connection to a Dell SonicWALL E-class SRA appliance on page 11
Create a connection to a Dell SonicWALL firewall and
an SRA appliance
1
The first time you launch Mobile Connect, you must add a VPN connection before you can connect.
Select Add connection from the Connection popup menu.
SonicWALL Mobile Connect for OS X 3.1
User Guide
8
2
3
You are then presented with the screen to begin your first connection to the Dell SonicWALL firewall or
appliance:
•
Name: Enter a descriptive name for the connection.
•
Server: Enter the URL or IP address of the server.
Select Next. Mobile Connect then attempts to contact the Dell SonicWALL appliance. If the attempt
fails, a warning message is displayed asking if you want to save the connection. Verify that the server
address or URL is spelled correctly, and then tap Save.
SonicWALL Mobile Connect for OS X 3.1
User Guide
9
4
If Mobile Connect successfully contacts the server, you are prompted to optionally enter your Username
and Password. Enter your Username and Password, and then scroll down to the Domain field.
NOTE: If the previous images do not match what is displayed on your device, you are connecting to
a Dell SonicWALL E-Class SRA appliance. Proceed to Create a connection to a Dell SonicWALL E-class
SRA appliance on page 11.
The Domain field is auto-populated with the default domain from the server. To select a different
domain, tap Domain to display a drop-down menu of the available options, select the correct domain.
5
Click Save to create the new connection.
SonicWALL Mobile Connect for OS X 3.1
User Guide
10
Create a connection to a Dell SonicWALL E-class SRA
appliance
1
The first time you launch Mobile Connect, you must add a VPN connection before you can connect.
Select Add Connection from the Connection popup menu.
2
You are then presented with the screen to begin your first connection to the Dell SonicWALL firewall or
SRA appliance:
•
Name: Enter a descriptive name for the connection.
•
Server: Enter the URL or IP address of the server.
SonicWALL Mobile Connect for OS X 3.1
User Guide
11
3
Select Next. Mobile Connect then attempts to contact the Dell SonicWALL appliance. If the attempt
fails, a warning message displays asking if you want to save the connection. Verify that the server
address or URL is spelled correctly, and then tap Save.
If Mobile Connect successfully contacts the server, the connection is saved automatically.
Connect to the Mobile Connect server
After you save a new connection, it is selected under the Connection tab.
To establish a Mobile Connect session, complete the following tasks:
1
Select the connection that you want to initiate from the Connection list. Click Connect.
SonicWALL Mobile Connect for OS X 3.1
User Guide
12
2
Enter your username and password if prompted (depending on whether the appliance you are connecting
to allows for saving user names and passwords), and tap Login.
3
When the connection is successfully established, the Status row changes to Connected and Connect
changes to Disconnect.
4
After connecting, you can access your Intranet network with other apps. The Mobile Connect menu bar
icon appears in the connected state:
5
Press Home on your iPhone, iPod touch, or iPad to display its home screen. You can now navigate to
other apps to access your Intranet network. The status bar at the top of the iPhone, iPod touch or iPad
displays a VPN icon to indicate that the Mobile Connect session is still connected.
The native Mac system VPN Status in the menu bar can also be displayed from the System Preferences
app under Network. The VPN Status icon changes to the connected state, and the connection time can
also be shown.
If the VPN connection is interrupted, the menu bar icons change to indicate that you are no longer
connected or that Mobile Connect is reconnecting the VPN, and you are no longer able to access the
SonicWALL Mobile Connect for OS X 3.1
User Guide
13
Intranet network. This can happen if your device's connection transitions from one Wi-Fi network to
another Wi-Fi network or to another network type.
If the VPN disconnects, return to Mobile Connect to reestablish the connection. Optionally, you can
configure the Automatic Reconnect option in the Mobile Connect app Preferences to have Mobile
Connect automatically attempt to reestablish interrupted connections.
Configure Connect Mobile Connect
preferences
SonicWALL Mobile Connect provides several preferences for connection and logging options. The Settings tab
also provides Support information that includes a User Guide and device, connection, and server information.
The following options are controlled from the Preferences screen:
•
Connect on Launch - Sets Mobile Connect to automatically initiate a connection to the last-used profile
when the app is launched.
•
Automatic Reconnect - Sets Mobile Connect to automatically attempt to reconnect if the connection is
lost. The SSL VPN connection can be disrupted when your device’s connection transitions to a different
network, such as another Wi-Fi network. This setting lets applications rely on a sustained VPN
connection. There is no limit on the amount of time it takes to reconnect.
•
URL Control - Allows other mobile applications to pass action requests using special URLs to Mobile
Connect. These action requests can create VPN connection entries and connect or disconnect VPN
connections. For example, another application can launch Mobile Connect, access internal resources as
needed, and then disconnect by using the mobileconnect:// or sonicwallmobileconnect:// URL scheme.
Some common examples of URL Control are:
SonicWALL Mobile Connect for OS X 3.1
User Guide
14
Add profile:
mobileconnect://addprofile[/]?name=ConnectionName&server=ServerAddress[&Parameter1=Value&Pa
rameter2=Value...]
Connect:
mobileconnect://connect[/]?[name=ConnectionName|server=ServerAddress][&Parameter1=Value&Para
meter2=Value...]
Disconnect: mobileconnect://disconnect[/]
Additional information about URL Control is provided in URL control syntax and parameters on page 16.
•
Debug Logging - Enables full debug log messages of Mobile Connect activity. Leave this section disabled
unless instructed to enable it by Dell SonicWALL Support staff.
E-class SRA settings
Two additional options can be modified for connections to Dell SonicWALL E-Class SRA appliances. To view these
options, click the Edit icon
screen displays.
next to the selected connection on the Connection tab. The Edit Connection
The following options can be configured:
•
Remember Credentials - Enables saving of user authentication credentials for the VPN connection. This
is disabled by default and can be controlled by the E-Series SRA server setting.
•
Forget this Login Group - Mobile Connect remembers the Login Group that you specified when
configuring the connection. To change to a different Login Group, tap Forget Selections. The next time
you connect to the server, you are prompted to select a new Login Group.
NOTE: If these options are not displayed, then you are connecting to either a Dell SonicWALL
firewall or SRA appliance.
SonicWALL Mobile Connect for OS X 3.1
User Guide
15
Mobile Connect Help
The Help menu provides the following support information:
•
User Guide - Displays the SonicWALL Mobile Connect User Guide in the default web browser application
(for example, Safari).
•
Email Logs - Creates an email to send the Mobile Connect log files to Dell SonicWALL Support staff. The
email is opened in the default mail application (for example, Mail).
•
Export Logs - Opens a Finder window to a temporary folder containing a copy of the Mobile Connect log
files.
•
Clear Logs - Deletes all log files that have been saved on the device.
URL control syntax and parameters
This section provides the full set of URL parameters for the URL Control feature. URL Control currently supports
the addprofile, connect, and disconnect commands. Callback URLs are also supported.
Add profile command
The addprofile command requires either the name or server parameter, and accommodates both. All other
parameters are optional. When the URL is opened in Mobile Connect, all of the parameters included in the URL
are saved in the connection entry associated with that name and server.
Syntax:
mobileconnect://addprofile[/]?name=ConnectionName&server=ServerAddress
[&Parameter1=Value&Parameter2=Value...]
The following are examples of the addprofile command:
mobileconnect://addprofile/?name=Example&server=vpn.example.com
sonicwallmobileconnect://addprofile/?name=Example&server=vpn.example.com
mobileconnect://addprofile?name=Example%202&server=vpn.example.com
mobileconnect://addprofile?name=vpn.example.com
mobileconnect://addprofile?server=vpn2.example.com
mobileconnect://addprofile?name=SRA%20Connection&server=sslvpn.example.com
&username=test&password=password&domain=LocalDomain&connect=1
mobileconnect://addprofile?name=EX%20Connection&server=workplace.example.com
&username=test&password=password&realm=Corp&connect=1
NOTE: All appropriate characters in values of parameters used in URLs are required to be URL encoded.
For instance, to match a space, enter %20.
SonicWALL Mobile Connect for OS X 3.1
User Guide
16
Add profile command parameters
Table 1. Profile command parameters
Command parameter
Description
name
The unique name of the VPN connection entry that is created and appears in the
Mobile Connect Connections list. Mobile Connect accepts the name only if it is unique.
Letters are case sensitive.
server
The domain name or IP address of the Dell SonicWall appliance in which you wish to
connect. For example: vpn.example.com
username
Optional: The username used in the VPN connection.
password
Optional: The password used in the VPN connection.
realm
Optional: The realm used in the VPN connection profile. Applies to EX series
connections only.
domain
Optional: The domain used in the VPN connection profile. Applies to SRA and UTM
connections only.
sessionid
Optional: The session ID or Team ID used for authentication.
connect
Optional: If presented and the value is non-null, the connection is initiated if the
profile was successfully added.
callbackurl
Optional: The callback URL is be opened by Mobile Connect after the add profile
command has been processed. See Callback URL on page 19 for full details of the
callback URL syntax and options.
Connect command
The connect command is used to easily establish VPN connections. Connection information can be embedded
in the URLs and they can be provided to users for easy setup and configuration. In addition, a callback URL can
be provided that Mobile Connect opens after the connection attempt is completed, making it possible for other
applications to initiate VPN connections in a seamless manner.
Syntax:
mobileconnect://connect[/]?[name=ConnectionName|server=ServerAddress]
[&Parameter1=Value&Parameter2=Value...]
The following are examples of the mobileconnect command:
mobileconnect://connect/?name=Example
sonicwallmobileconnect://connect/?name=Example mobileconnect://connect?name=Example
mobileconnect://connect?server=vpn.example.com
mobileconnect://connect?name=Example%202&server=vpn.example.com
mobileconnect:// connect?name=SRA%20Connection&server=sslvpn.example.com
&username=test&password=password&domain=LocalDomain
mobileconnect:// connect?name=EX%20Connection&server=workplace.example.com
&username=test&password=password&realm=Corp
SonicWALL Mobile Connect for OS X 3.1
User Guide
17
Connect command parameters
Table 2. Connect command parameters
Command parameter
Description
name
The unique name of the VPN connection entry that is created and appears in the
Mobile Connect Connections list. Mobile Connect accepts the name only if it is unique.
Letters are case sensitive.
server
The domain name or IP address of the Dell SonicWall appliance in which you wish to
connect. For example: vpn.example.com
username
Optional: The username used in the VPN connection.
password
Optional: The password used in the VPN connection.
realm
Optional: The realm used in the VPN connection profile. Applies to EX series
connections only.
domain
Optional: The domain used in the VPN connection profile. Applies to SRA and UTM
connections only.
sessionid
Optional: The session ID or Team ID used for authentication.
connect
Optional: If presented and the value is non-null, the connection is initiated if the
profile was successfully added.
callbackurl
Optional: The callback URL is be opened by Mobile Connect after the connect profile
command has been processed. See Callback URL on page 19 for full details of the
callback URL syntax and options.
Disconnect command
The disconnect command is used to disconnect an active connection. In addition, a callback URL can be
provided that Mobile Connect opens after the connection is disconnected that makes it possible to return to the
calling app. If there is no active VPN connection, the command is ignored.
Syntax:
mobileconnect://disconnect[/]
mobileconnect://disconnect[/]?[callbackurl=<callbackurl>]
The following are examples of the disconnect command:
mobileconnect://disconnect
mobileconnect://disconnect/ sonicwallmobileconnect://disconnect
mobileconnect://
disconnect?callbackurl=customapp%3A%2F%2Fhost%3Fstatus%3D%24STATUS%24%
26login_group%3D%24LOGIN_GROUP%26error_code%3D%24ERROR_CODE%24
sonicwallmobileconnect://
disconnect?callbackurl=customapp%3A%2F%2Fhost%3Fstatus%3D%24STATUS%24%
26login_group%3D%24LOGIN_GROUP%26error_code%3D%24ERROR_CODE%24
SonicWALL Mobile Connect for OS X 3.1
User Guide
18
Disconnect command parameters
Table 3. Disconnect command parameters
Command parameter
Description
callbackurl
Optional: The callback URL is be opened by Mobile Connect after the disconnect
profile command has been processed. See Callback URL on page 19 for full details of
the callback URL syntax and options.
Callback URL
While invoking Mobile Connect using a URL, a third-party application can include a callback URL that is called by
Mobile Connect after it completes the requested action. The callback URL value could also contain special
tokens that are evaluated and dynamically replaced by Mobile Connect to provide additional status and
connection information back to the app that is opened by the callback URL. Tokens are evaluated in place, in
the same order in which the tokens were specified.
To ensure that it functions properly, the base callback URL format should be RFC 1808 compliant and should be
able to be launched independently of Mobile Connect. For example it should launch through a web page or iOS
web clip.
URL: <scheme>://<net_loc>/<path>;<params>?<query>#<fragment>
NOTE: The value of callbackurl must also be properly URL encoded to ensure that Mobile Connect can
process the callback URL correctly.
Dynamic tokens supported by the callback URL
Table 4. Dynamic tokens supported
Dynamic token
Description
$ERROR_MESSAGE$$
The string value of the error message from the failed connection attempt.
$LOGIN_GROUP$
The string value of the authentication login group or realm. Applies to EX series
connections only.
$COMMUNITY$
The string value of authentication community. Applies to EX series connections only.
$ZONE$
The string value of EPC zone. Applies to EX series connections only.
$TUNNEL_IP$
The string value of the Mobile Connect IPv4 client address.
$TUNNEL_MODE$
One of split, split-nonlocal, redirectall, or redirectall-nonlocal depending on the
tunnel mode. Applies to SRA and UTM connections only.
$ESP_ENABLED
Yes or no depending on if ESP is enabled. Applies to SRA and UTM connections only.
NOTE: Any number of tokens from the previous table can be specified.
The following are examples using the callback URL:
Callback URL
customapp://host?status=$STATUS$&login_group=$LOGIN_GROUP& error_code=$ERROR_CODE$
Full URL with URL encoded callback URL value
mobileconnect://connect?sessionid=<teamid>&callbackurl=customapp%3A%2F%
2Fhost%3Fstatus%3D%24STATUS%24%26login_group%3D%24LOGIN_GROUP%
26error_code%3D%24ERROR_CODE%24
Callback URL
myapp://callback?status=$STATUS$&login_group=$LOGIN_GROUP& error_code=$ERROR_CODE$
SonicWALL Mobile Connect for OS X 3.1
User Guide
19
Full URL with URL encoded callback URL value
mobileconnect://connect?sessionid=<teamid>&callbackurl= myapp%3A%2F%
2Fcallback%3Fstatus%3D%24STATUS%24%26login_group%3D%24LOGIN_GROUP%
26error_code%3D%24ERROR_CODE%24
Callback URL
http://server/example%20file.html
Full URL with URL encoded callback URL value
mobileconnect://connect?callbackurl=http%3A%2F%2Fserver%2Fexample%2520file.html
Configure client certificates
NOTE: Client certificate support is only available for connections to Dell SonicWALL E-Class SRA appliances
and SMB SRA appliances.
Configuring a connection to Dell SonicWALL E-class
SRA appliances
If a client certificate is required during authentication, the user is automatically prompted to select a client
certificate present in the user's keychain in OS X.
Select the client certificate from the list of certificates and then click Next.
By default a VPN configuration prompts the user to select the client certificate during authentication. If a user
successfully authenticates with a client certificate, the VPN configuration profile is automatically updated to
use the client certificate for each subsequent connection attempt. To reset the client certificate selection, edit
the connection and tap Forget Selections.
NOTE: If no client certificates are installed, an error message is shown indicating that no matching client
certificates are present on your device. The Keychain Access app (in Applications/ Utilities) can be used to
view client certificates. Click the My Certificates category to easily see available client certificates.
SonicWALL Mobile Connect for OS X 3.1
User Guide
20
Configuring a connection to Dell SonicWALL
SMB SRA appliances
On SMB SRA appliances, client certificate authentication is available as a second factor authentication method
in addition to standard user name and password authentication. If a client certificate is required during
authentication, the user is automatically prompted to select a client certificate that is present in the user's
keychain in OS X.
Select the client certificate from the list of certificates and then click Next.
By default, a VPN configuration is set with the client certificate setting to Choose during login. To modify the
client certificate setting when disconnected, edit the connection and select the appropriate client certificate
option:
To support Connect on Demand, a VPN connection should not request any user interaction to seamlessly
connect. A VPN configuration on the Dell SonicWALL SMB SRA appliance must meet the following requirements:
•
The user's effective client certificate enforcement policy, configured at the domain or user level, must
be enabled to use client certificates for authentication.
•
The user's effective user name and password caching policy (configured at the global, group, or user
level) must be set to Allow saving of username and password.
•
The valid client certificate for the user must be present on the iOS device.
SonicWALL Mobile Connect for OS X 3.1
User Guide
21
•
The iOS VPN connection profile must have the user name and password configured, and the appropriate
client certificate must be selected.
NOTE: If no client certificates are installed, an error message is shown indicating that no matching client
certificates are present on your device. The Keychain Access app (in Applications/ Utilities) can be used to
view client certificates. Click the My Certificates category to view available client certificates.
Configure Connect on Demand
NOTE: Connect on Demand is only available for connections to Dell SonicWALL E-Class SRA and SMB SRA
appliances.
The Connect on Demand feature provided by Mobile Connect provides the ability to automatically establish a
VPN connection when you attempt to access a domain on the private network. This provides a seamless VPN
connectivity experience without the need to manually launch Mobile Connect.
The enable Connect on Demand for your E-Series SRA connection, open the Network Settings in System
Preferences and select the VPN connection from the list or network connections and make sure that Connect on
demand is enabled.
A VPN configuration must meet the following requirements to support Connect on Demand:
Dell SonicWALL E-Class SRA Appliance Requirements
•
The VPN tunnel must not be configured for Redirect-All mode.
•
The realm must be configured to use client certificates for authentication. Chained authentication
(where a second authentication server is used) does not support Connect on Demand.
•
The valid client certificate for the realm must be present.
•
The user must successfully connect to the appliance at least once.
SonicWALL Mobile Connect for OS X 3.1
User Guide
22
4
Monitor Mobile Connect
Monitor Mobile Connect status, operations, and general information regarding the Monitor and About tabs.
The Monitor tab displays additional details about the connection, statistics on traffic transmitted, DNS
information, and routes that have been installed.
The About tab of Mobile Connect displays the version number and legal text.
SonicWALL Mobile Connect for OS X 3.1
User Guide
23
5
Troubleshooting Mobile Connect
If you are unable to connect to the Dell SonicWALL server, complete the following steps to troubleshoot the
connection.
1
Double-check that you have entered the server name properly in the connection configuration.
2
Go to the Safari browser on your Mac and attempt to navigate to the SRA appliance web portal.
3
If you are unable to load the web portal, the problem is with the Dell SonicWALL appliance. Contact your
network administrator if the problem persists.
4
If the web portal loads successfully on the Safari browser and you still cannot establish a Mobile Connect
connection, notify Dell SonicWALL Support, as follows:
a
Under Preferences, enable the Debug Logging option.
b
Attempt a connection to the server again to ensure that full debugging messages are logged for
the attempt.
c
Then, under the Help menu tap Email Logs. An email launches in your mail client with the Mobile
Connect log attached. Address the email to [email protected] Add any additional
comments to the email and tap Send. Dell SonicWALL Support staff will contact you after
reviewing your case.
SonicWALL Mobile Connect for OS X 3.1
User Guide
24
About Dell
Dell listens to customers and delivers worldwide innovative technology, business solutions and services they
trust and value. For more information, visit www.software.dell.com.
Contacting Dell
Technical support:
Online support
Product questions and sales:
(800) 306-9329
Email:
[email protected]
Technical support resources
Technical support is available to customers who have purchased Dell software with a valid maintenance
contract and to customers who have trial versions. To access the Support Portal, go to
https://support.software.dell.com/.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. In addition, the portal provides direct access to product support engineers through an
online Service Request system.
The site enables you to:
•
Create, update, and manage Service Requests (cases)
•
View Knowledge Base articles
•
Obtain product notifications
•
Download software. For trial software, go to Trial Downloads.
•
View how-to videos
•
Engage in community discussions
•
Chat with a support engineer
SonicWALL Mobile Connect for OS X 3.1
User Guide
25
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement