As part of the SSL VPN 5.0 release, SonicWALL introduced a mobile version of the NetExtender client. This Layer-3 app for Google Android can be used for gaining secure network layer access to email, file shares, and web-based resources on your corporate network. This was app introduced on the Google Android marketplace, and has received a lot of interest as well as thousands of downloads.
The NetExtender client on Android is compatible with the latest SRA Virtual Appliances, the SRA Virtual Appliance, launched during RSA 2011, is our latest addition to the SMB SSL VPN product line. It is capable of running on servers running the ESX and ESX(i) versions of VMware’s operating systems. The NetExtender Android app is similar in its look and feel to the client that we have on the Windows and MAC platforms.
The NetExtender App on Google Android can be used to gain network layer access via a wide variety of devices. These include the UTM/Firewall Appliances (Gen5 and higher UTMs, such as the TZ 210 and NSA E-Class Appliances), SRA Virtual Appliances and SRA 1200 and SRA 4200 appliances.
The NetExtender Android client supports the following features:
• One-time passwords
• Two-factor authentication
• HTTP/HTTPS proxy
• Connection profiles
The NetExtender Android installer is available from Android Market as NetExtender Technology Preview. It is also available on MySonicWALL.com in the standard apk package format.
The following features are not supported or not applicable on NetExtender Android in SonicWALL SSL VPN 5.0:
• Automatic connection of NetExtender before Windows login
• Automatic proxy support and Internet Explorer proxy synchronization
• Connection scripts
• IPv6 support
• Client certificate support
• Exit client after disconnect
Connecting With NetExtender
To launch NetExtender on your Android smartphone and connect to the network through the SonicWALL SRA or SSL-VPN appliance, perform the following steps:
On your Android smartphone, start NetExtender by tapping the application icon. The NetExtender Connection Options screen displays. Enter the information into the Server, User, Password, and Domain fields.
Tap Connect to accept the default option (Save user name & password) or select a Save... or Always ask... option from the drop-down list. Note: The available profile options depend on how NetExtender is configured on the SonicWALL appliance.
The smartphone displays the Login - Initializing engine screen. After a successful connection, the entered values are saved as a profile that you can select when starting NetExtender. NetExtender saves the information in a secure file on the smartphone.
If One Time Password (OTP) is enabled on the SonicWALL SRA or SSL-VPN appliance, the One Time Password prompt is displayed. Enter the temporary password that was emailed to your configured account, and tap OK.
If your smartphone is synchronised to your email account, you can pull down the email notification from the top bar, or switch to your home page and access your email from there. After viewing the temporary password in your email or copying it to your clipboard, tap the NetExtender application icon to return directly to this screen. To use the clipboard, press the password in your email and select Select Text. Press the selected text again and select Copy. Then, in the OTP screen, press the field and select Paste. Some Android smartphones require you to hold the OK button for clipboard access.
If Two Factor Authentication is enabled on the SonicWALL SRA or SSL-VPN appliance, you may be prompted to update your Personal Identification Number (PIN) or create a new one. If no PIN has been configured, or if the administrator has reset the account, the following screen asks if the system should generate a new PIN. To allow the system to generate it, tap Yes. To type in a PIN yourself, tap No and skip to Step 7.
If you chose to allow the system to generate the PIN, the display prompts you to accept the generated PIN. Tap Yes to accept it, or tap No to have the system generate a different PIN. You are prompted each time until you tap Yes.
If you chose to generate the PIN yourself, type a PIN into the PIN field and again in the second field to confirm it. Typically, PINs are required to be 4 to 8 digits. Tap OK.
After entering the PIN or creating a new PIN, the Two Factor Authentication process requires you to enter the token code shown on your token device. Wait for the token code to change on the device, and then type the code into the field on your smartphone and tap OK.
If a proxy server is configured in the smartphone (via Preferences), the Proxy Authentication screen is displayed next. Enter the username and password for the proxy and tap OK.
NetExtender will connect at this point, unless there is a problem or error. You will see the NetExtender traffic indicator ( ) appear in the notification bar at the top of the display, unless it is disabled in Preferences. The up and down arrows appear white when data is passing through the VPN tunnel. When no data is currently passing, the arrows appear gray. Control traffic does not affect the arrow colors. The up arrow indicates that data is being sent from the smartphone to the network, and the down arrow indicates that data is being received from the network by the smartphone.
If the NetExtender service running on the smartphone has a problem or has stopped running, the following screen is displayed.
Tap Exit to quit the application. You may need to restart the service, possibly by turning the phone off and on again, or you may need to re-install NetExtender.