SSL-VPN 2.1 Firmware Feature Demo: SSL-VPN 2.1 Firmware Feature Demo SSL-VPN Development Team 29 January 2007


SSL-VPN 2.1 Firmware New Features: SSL-VPN 2.1 Firmware New Features NetExtender Enhancements RDP ActiveX Enhancements FileShares Java Applet Active Directory Groups LDAP Multiple OU Support RADIUS Enhancements SSHv2 Applet Enhancements Variable Bookmark andamp; Policy ViewPoint andamp; GMS Phase II Support Reverse Proxy: Windows Sharepoint 2.0 Diagnostics Utilities


NetExtender Enhancements: NetExtender Enhancements 29 January 2007


NetExtender Enhancements: NetExtender Enhancements DTS 42153 - NetExtender Performance improvements DTS 39985 - NetExtender does not work through a proxy server DTS 39875 - Wrong subnet masked when using NetExtender (1-141144242) DTS 41111 - If admin disconnects NetExtender client it still shows as connected in the client DTS 41789 - NetExtender client IP addresses ranges can be set so ending address is lower than start DTS 42113 - NetExtender launches after editing bookmark when auto Launch NetExtender after login is enabled DTS 44596 - Development: NetExtender Windows Vista support DTS 42702 - Break in network connection can lockout NetExtender user if one IP address range DTS 41765 - Enhancement: Relation of idle time and timeout between portal, NetExtender, and other services is confusing DTS 40454 - Enhancement: Popup to inform customer that NetExtender continues to run even if the portal is logged out DTS 43787 - SSL | NetExtender Stand alone client | Removal of option to save passwords DTS 44673 - Multiple same Active user sessions, when connect n disconnect NetExtender number of times DTS 44846 - Enhancement NetExtender: Usernames to not be remembered by default with option to remember them DTS 43134 - Admin denial of caching of login credentials in NetExtender. DTS 43204 - Force uninstall of NetExtender after logout DTS 42136 - Tunnel all feature does not propagate from groups to locally created users DTS 46596 - Improve wording on disconnect message DTS 46992 - Start menu items are not removed when server configured for forced uninstall of NetExtender


NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements Proxy Support Support HTTPS proxy Auto sync with the browser proxy settings when launch from web portal (support IE and Firefox 1.5+) NT domain logon script MSI installer (NetExtender.msi) Vista Support Fixes Server controls Remember Username andamp; password Automatically exit andamp; uninstall after disconnected Reworded Disconnect Message Option to enable auto-reconnect feature


NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements Client Username/Password Caching options


NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements NT logon script support


NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements Proxy Settings


NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements Nx Client Settings


NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements Reworded Disconnect Message Auto-reconnect Option


NetExtender Server-side Enhancements: NetExtender Server-side Enhancements Performance andamp; stability improvements pppd_small reduces memory overhead Nx policy fixes and rearchitecture Global/Group/User Level NetExtender Client Controls Exit Client After Disconnect Uninstall Client After Exit Create Client Connection Profile User Name andamp; Password Caching Tunnel-All Mode NetExtender idle timeout/Portal Session synchronization


NetExtender Server-side Enhancements: NetExtender Server-side Enhancements Global/Group/User Level NetExtender Client Controls


NetExtender Server-side Enhancements: NetExtender Server-side Enhancements Global/Group/User Level NetExtender Client Controls


NetExtender Server-side Enhancements: NetExtender Server-side Enhancements NetExtender idle timeout/Portal Session synchronization


RDP ActiveX Enhancements: RDP ActiveX Enhancements 29 January 2007


RDP ActiveX Enhancements: RDP ActiveX Enhancements RDP6 support Encrypt sensitive parameters Proxy support Support HTTPS proxy Automatically use IE proxy settings


File Shares Java Applet: File Shares Java Applet 29 January 2007


File Shares Java Applet : File Shares Java Applet Designed to look andamp; feel like MS Windows for maximum usability and an enhanced user experience Navigate remote networks, workgroups, and machines Copy or move files and folders securely by dragging and dropping between your computer and the remote network Delete / rename files and folders and create new folders all with the new ultra-friendly UI View properties of any accessible file or folder Launch remote files automatically on your local machine Bookmark any file or folder for easy access directly from the Virtual Office user portal Cached history speeds remote browsing and enhances navigation


File Shares Java Applet - Setup and Accessing: File Shares Java Applet - Setup and Accessing Change Portal layout to use applet as default: Create bookmark to use applet: Switch to applet from HTML version: Sets File Shares to launch Java applet instead of HTML Bookmark access to applet Switch from browsing in HTML mode to applet on the fly


Great New Look: Great New Look


Slide21: Type any path into the remote window to access that resource Right clicking will bring up location sensitive menus Actively dimming toolbars help with the most common tasks Easily access file shares via HTML List the contents of any accessible remote share on the network


Active Directory Groups: Active Directory Groups 29 January 2007


Active Directory Groups: Active Directory Groups Allows granular access control based on pre-existing AD groups Configuration options: One or more AD groups, one SSL-VPN group Useful for restricting which users are able to log in Multiple AD groups, multiple SSL-VPN groups Allow access to different resources based on group membership (e.g. engineering has access to different resources than sales)


Active Directory Groups: Active Directory Groups


LDAP - Multiple Organizational Units: LDAP - Multiple Organizational Units 29 January 2007


LDAP - Multiple OUs: LDAP - Multiple OUs Multiple organizational units can now be assigned to a single SSL-VPN domain/group Sub-OUs are automatically included as well


LDAP - Multiple OUs - Examples: LDAP - Multiple OUs - Examples


SSL-VPN: RADIUS Enhancements: SSL-VPN: RADIUS Enhancements 29 January 2007


SSL-VPN : RADIUS Group Support via RADIUS Filter-ID attribute: SSL-VPN : RADIUS Group Support via RADIUS Filter-ID attribute The RADIUS Groups feature works like a filter. If an SSLVPN group has one or more RADIUS groups associated with it, only users from those RADIUS groups will be able to log in as members of that SSL-VPN group. SSL-VPN groups that don’t have any RADIUS groups selected will accept any users from the RADIUS Domain


UI Changes: UI Changes


Slide31: Note: RADIUS groups name under SSL-VPN group should map to the name of the Filter-ID attribute. Ex: if Filter-ID attribute name is 'RDP5 users', you must create a RADIUS group under SSL-VPN group with the name 'RDP5 Users'


RADIUS - CHAP, MSCHAP, MSCHAPv2 Authentication: RADIUS - CHAP, MSCHAP, MSCHAPv2 Authentication Allows the user to get authenticated with RADIUS server using CHAP, MSCHAP or MSCHAPv2 protocols. These protocols uses a challenge-response mechanism to authenticate connections without sending any passwords.


SSHv2 Applet Enhancements: SSHv2 Applet Enhancements 29 January 2007


SSHv2 Applet Enhancements: SSHv2 Applet Enhancements The SSHv2 applet was introduced in the 2.0 release. Since then a number of small ease-of-use features have been added. A status bar has been added to the bottom of the applet so that it can report whether the connection is dead or alive.


Slide35: There is a checkbox to automatically accept the server host key so that it is less tedious each time you connect to a trusted server. Lastly, there is a checkbox to bypass the username. This is useful for SSH to devices such as a SonicWALL firewall where username/password is handled in the console after connection.


Variable Bookmark and Policies: Variable Bookmark and Policies 27 January 2007


Variable Bookmark & Policy: Variable Bookmark andamp; Policy Admin users may create one bookmark: //server/%USERNAME%/ and ‘%USERNAME%’ is replaced with the current user’s name. Allows for admin to create one bookmark to apply to all users for the appliance. Bookmarks valid only in HTTP, HTTPS, CIFS and File Share Java Applet. Policy created in the same way and only valid for Server Path policies which apply to CIFS and File Share Java Applet.


Bookmark example: Bookmark example Global/Group bookmark created: ‘sslvpnuser’ bookmark:


Policy example: Policy example Policy applies only to File Shares Example below allows users only access to their home directory


ViewPoint / GMS (Phase II): ViewPoint / GMS (Phase II) 29 January 2007


ViewPoint Licensing: ViewPoint Licensing Accessing the ViewPoint feature requires entry of a manual license key. The upcoming release of ViewPoint v4.1 will support SSL-VPN appliances. The external beta program for v4.1 is tentatively scheduled to start in the second half of Q1 2007. Note: ViewPoint is SonicWALL reporting software


ViewPoint Licensing: ViewPoint Licensing


ViewPoint / GMS (Phase II): ViewPoint / GMS (Phase II) Users may add, edit, and delete ViewPoint servers under Log andgt; ViewPoint in the UI Enabling the ViewPoint checkbox allows for reporting data and statistics to be sent to the configured ViewPoint/GMS servers ViewPoint servers may be configured as either hostnames or IPs


ViewPoint Configuration UI: ViewPoint Configuration UI Configured ViewPoint Servers Edit Server Delete Server


Reverse Proxy Enhancement: Windows Sharepoint Services 2.0: Reverse Proxy Enhancement: Windows Sharepoint Services 2.0 29 January 2007


Reverse Proxy Improvements: Reverse Proxy Improvements Windows Sharepoint Services 2.0 (common features) Announcements, Discussion boards, Libraries, Lists, Survey, Web pages and parts. Site Administration, Customization. Outlook utilities – Calendars, Contacts, Events, Notes, Tasks. Top level Administration Users and Permissions Management and Statistics Site Collection Galleries Site Collection Administration Help Caveat: There is limited support for Sharepoint-compatible application integration. Integrates with Microsoft Outlook, though.


Slide47: Sharepoint Services 2.0 snapshots


Diagnostic Tools: Diagnostic Tools 29 January 2007


Diagnostic Tools: Diagnostic Tools Diagnostic tools (System andgt; Diagnostics) DNS lookup Traceroute