SonicOS Version

How to Download SonicOS Firmware. 5.9.0.0 or newer: Upgrade not required PRO 4060/4100/5060: 4.2.1.6 Enhanced or older: 4.2.1.7 Enhanced.

There are several great tutorials out there on how to setup a SonicWall SSLVPN. Each one is somewhat different as the SonicOS changes and the steps and location of items changes from release to release. So, while they are all similar, this tutorial was done using a SonicWall NSA 3500 running SonicOS Enhanced 5.9.0.0-91o. And since verions 5.8.1.13 is recent in my memory, I have notes for that version here too. You will see just between these two releases (5.8.1.13 and 5.9.0.0) there are a few differences.

Create a SonicWall SSLVPN Setup Tasks

There are 3 basic tasks to create a SonicWall SSLVPN.

• SonicOS 6.2.7.1. SonicOS 6.2.7.1 – It is General Release firmware which was released on 31-Mar-2017 has reached its end of support date on 31-Mar-2020. Status – End of Support. Supported Model – NSA2600, NSA3600, NSA4600, NSA5600, NSA6600. Recommended Upgrade Version – 6.5.1.3. There are still few firmware or SonicOS versions that were.
• About SonicOS 5.9.1.5. SonicOS 5.9.1.5 is a maintenance release for the Dell SonicWALL network security appliances.A number of issues from previous releases are fixed in this release. Resolved Issues. This release provides all the features and contains all the resolved issues that were included in previous releases of SonicOS 5.9.1.x.
• Learn about how to find out the Wireless Passphrase from Firewall running on SonicOS enhanced 5.9.0.0 and above, “SonicWall video solutions” https://fuzeqna.

• Create the SSLVPN. This includes setting up proper routes.
• Create your users and give them proper access to the right devices on your network.
• Install the NetExtender SSLVPN clients

Step 1 – Create the SSLVPN

Login and browse to the SSL VPN / Server Settings page. Populate the form like I did below. Don’t forget to to do the following:

• Be certain that the WAN interface is clicked so that it is green. No reason to have a VPN setup if you can’t connect to it from the WAN. I also turn on LAN so that I can test it internally.
• Choose a port. I always the default 4433.
• If you need to use a signed certificate go to system / certificates and manage that there.
• Tell it the domain that you want to use. The only thing that this matches to is the domain name that they will need to enter on the NetExtender client side.
• If you need to manage this SonicWall over this VPN directly you will want to Enable Web Management and likewise if you use SSH for SonicWall management, turn that on too.
• The Inactivity Timeout will disconnect clients if they are inactive longer than this time period.
• Setup the Radius settings if you use Radius. I am not for my VPN, so I ignored that.
• Setup the URL for downloading the NetExtender clients if you wish to enable the client to download them from a site that you completely control. This has been good for me because sometimes there are specific versions of the NetExtender client that I want my clients using due to bugs or other.

Next, we go into SSL VPN / Client Settings.

This is where things are a bit different between 5.8 and 5.9. In SonicOS 5.8.1.13, one configures the whole DHCP setup completely in this area by setting the interface where the addresses are routed that you want to use–like X0 for example, Then setup the range using the start ip and end ip and then all of the other network stuff that you would normally expect such as WINS if needed, DNS, etc… You would then to to SSL VPN / Client Routes to set that up like we will describe later for 5.9.

SonicOS 5.9.0.0 SSL VPN Client Settings Page

In SonicOS 5.9.0.0, it appears that they are adding a feature to allow you to have more than one profile. Hopefully that comes in a new release. At the moment, you edit the Default Device Profile. On the Settings tab, you currently only can setup the SSLVPN IP Pool that you define in the Network / Address Objects page.

To the right is how I defined my SSLVPN DHCP pool Network Object on my 5.9 SonicOS.

This is different than the 5.8.1.13 SonicOS and therefore, give you more flexibility as it doesn’t have to draw addresses from a current network that you have assigned to an interface.

On the Client routes tab you need to choose from the address objects defined in Network / Address Objects which ones you want to allow the clients to connect to. In SonicOS 5.8.1.13, this is defined in SSL VPN / Client Routes. In the example to the right, you see that I have added a list of routes for the clients to use through the NetExtender client when they connect. Note that these routes are the superset of the routes that you want people to be able to connect to. Later on as we configure users, you can specify specific routes for individual users.

Finally, in SonicOS 5.9.0.0 you need to go to the Client Settings tab to setup your WINS, DNS, etc… for the client to use. In 5.8.1.13, you will have already done this.

Finally, you will want to go into your Firewall settings and be certain that a rule was automatically created on your WAN interface to allow SSLVPN connections. If not, add one as shown below:

Add a firewall rule to allow connections to the SSLVPN

I should also mention that there is also a Portal Settings page where you can setup a portal for your users to browse to, download their client, etc… As this option is cool, but unnecessary to getting it working, I have left that out for a potential tutorial later on someday.

Step 2 – Create the Users

Navigate to Users / Local Users and then click the button to “Add User”. This will give you the screen below:

Populate the fields:

• Name – This is actually the username, this is what they will use to login with using the NetExtender client.
• Password / Confirm Password – Obviously type in the password for the user in both of these fields.
• Check Boxes – You can force them to change their password or make their password expire after each use if desired.
• Email address – Enter their email address.
• Account Lifetime – Set to Never Expire if you do not know how long the user will need this account, or set it to the proper timeframe if known.
• Comment – This is where I typically put the user’s actual name as the name field is for their login. I also put other comments to remind me why this user has access, if it is a vendor, who in the company they are reporting to, etc…

Groups Tab

On the groups tab be sure to give the user access to the SSLVPN Services Group membership as shown in the example below:

There are two more tabs that we won’t display but will discuss:

• VPN Access – This is where you specify the exact routes that you want the client to be able to use when they connect to the NetExtender VPN. This gives you complete control over which machines they can connect directly to. But remember, once you give access to an outside individual to a machine inside your network, they now have access to anything that machine has access to.
• Bookmark – This allows you to define shortcuts for directly connecting to Terminal Services, VNC, Telnet or SSH. We may cover this in a separate post someday.

With that, you should be done configuring your user for SSLVPN access.

Step 3 – Install and Configure the SSLVPN NetExtender Client

This requires that you have registered your SonicWall and have setup your access to their support portal at https://www.mysonicwall.com/Login.aspx. You will then login to their support site and download the NetExtender clients that your users will need: Mac, Windows, Linux, etc…

Logging in to your SSLVPN using the NetExtender Client

Once the NetExtender client is installed and launched, you connect by entering the either the IPADDRESS:Port or if you have setup DNS, the FQDN:port for your sonicwall’s WAN interface. For example: x.y.q.z:4433 or sslvpn.mydomain.com:4433.

The user will enter their username and password defined in step 2 above and the Domain as defined in Step 1 above and then connect.

Once connected, there are 3 tabs in your

NetExtender client:

• Status – Allows you to see how long you have been connected, etc…
• Routes – Shows you the routes that are being routed through the SSLVPN client. This is great for troubleshooting why you can’t get places.
• DNS – shows you the DNS servers and their priority for your client.

That should be it. Choose the Disconnect button when you are done and you will be disconnected.

• Configure Your HP Procurve Switch with SNTP - May 5, 2015
• Configuring HP Procurve 2920 Switches - May 1, 2015
• Troubleshooting Sendmail - November 28, 2014

Overview:

Maximize WAN performance with a smart software solution.

In today’s distributed enterprise, efficient utilization of bandwidth, increased security, and ease of deployment and management are important factors when considering a WAN acceleration solution. Throughput can be exhausted by collaboration applications such as Microsoft SharePoint and Windows File Sharing. At the same time, due to the popularity of Web 2.0 and social media, an exponential increase in Internet traffic is already overburdening WAN bandwidth. This inefficient utilization of available bandwidth results in higher latency, lowering employee productivity. Spending more on increased bandwidth or enhanced services, or purchasing disparate point solutions, does not resolve the problem.

The SonicWall WAN Acceleration Appliance (WXA) Series enables you to easily and securely enhance WAN application performance at remote and branch offices, thus improving the end user experience that leads to increased productivity. Unlike standalone WAN acceleration products that are deployed either behind the firewall or between the firewall and WAN router, the SonicWall WXA Series is an integrated add-on to the SonicWall Next-Generation Firewall (NGFW). The solution enables comprehensive scanning for intrusions and malware before accelerating the traffic across the VPN or dedicated WAN link, thus maximizing security and performance. The WXA optimizes performance and reduces latency by transmitting only new or changed data across the network after initial file transfer, resulting in dramatically reduced traffic volumes. In addition, the managing firewall enables you to identify and prioritize application traffic while the WXA minimizes traffic between sites.

The SonicWall solution streamlines the placement, deployment, configuration, routing, management and integration of the WXA with other components such as VPNs. Consolidating WAN acceleration with core NGFW technologies including intrusion prevention, anti-malware, and application intelligence, control and visualization at the gateway significantly increases security while lowering the total cost of ownership.

The powerful combination of a SonicWall NGFW and WXA enables you to more efficiently manage your bandwidth and simplify NGFW and WAN acceleration deployment and management without compromising security. SonicWall makes it easy for you to add one or more WXA solutions into your network by providing a variety of platform options including both hardware and virtual appliances as well as software.

Features & Benefits:

• Drastically simplify deployment, routing and integration of multiple WXA appliances across your network through complete provisioning and configuration by a SonicWall NGFW.
• Add a layer of security by scanning all data for threats before sending it to the WAN Acceleration Appliance using SonicWall Reassembly-Free Deep Packet Inspection technology.
• Optimize network efficiency to give users LAN-like application performance over your WAN by decreasing latency and chattiness presented due to inefficient protocols or application communication.
• Extend the long-term value of your existing WAN links and enhance the user experience by dramatically reducing bandwidth consumption through byte and file caching.
• Scale to meet the needs of a growing user population through clustering, which enables several SonicWall WXA solutions to be linked together at each location.
• Reduce total cost of ownership (TCO) by increasing efficiency and overall utilization of your existing WAN bandwidth, thus avoiding costly WAN upgrades.
• Increase performance and reduce latency with data compression across the WAN.
• Improve response time while decreasing the amount of data transferred when downloading or accessing files from a shared drive, using Windows File Sharing (WFS) acceleration.
• Increase browser response time while decreasing bandwidth using HTTP (Web) caching.
• Get better insight into performance gains from WAN acceleration with realtime visualization.
• WAN acceleration client software allows traffic initiated from remote Windows PCs or laptops running NetExtender to be accelerated.

Deployment Scenarios:

SonicWall WXA Series Deployment Scenario

HTTP (Web) Caching Deployment Scenario

Specifications:

¹ Maximum users may vary depending on the number of connections being generated per user.
² CIFS/SMB acceleration is available only when the WXA software image is installed on the supplied Dell hardware.
³ The max number of connections is dependent on the hardware specifications and may vary depending on the hardware configuration. The specifications provided are the minimum requirements to run the WXA Virtual Appliance.
⁴ NetExtender is required in order to use the WXA client software. Please refer to the WXA release notes for supported operating systems.
⁵ The WXA 500 and 6000 software can be downloaded from www.mysonicwall.com and requires specific Dell hardware in order to operate.
⁶ Requires SonicOS 6.2 or higher.

Documentation:

Download the SonicWall WXA Series Data Sheet (.PDF)

Pricing Notes:

• Pricing and product availability subject to change without notice.

Sonicos Enhanced 5.9 Downloads

Sonicos Enhanced 5.9 Download

Sonicos Enhanced 5.9.1.10-1o

Sonicos Enhanced 5.9 Download Free