Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SMA 8200v how to configure secure network detection using secure hosts

per the 12.4 admin guide: Device VPN supports secure network detection using secure host detection. For example, a secure network is detected only when the client can connect and verify the SSL certificate of the internal/secure host as configured by administrator.

I cannot determine where to configure the secure hosts. My connection log snwlconnect.log confirms that I have secure network detection on but no secure hosts defined ( secureNetworkDetection:[Enabled:[True] Secure Hosts:[] )

Category: Secure Mobile Access Appliances


  • NicholasNicholas SonicWall Employee

    Secure network detection simply disables the tunnel when you are locally on a network the client is getting in a route. So any network you allow in access control rules would be a "Secure network" its meant to allow local access to resources while your on the network you would normally access remotely

  • Nicholas,

    helpful, but the answer was to define secure hosts using a CEM. Rhetorical - is there a list of all the CEMs?

    Enable Secure Network Detection for Device VPN using Configuration Extensions

    Device VPN supports secure network detection by connecting to configured secure hosts. Use the Configuration Extension to configure the secure network hosts, along with optional hash and hash algorithm. Secure Network Detection can also be configured on per community basis using a modified version of the Configuration Extension that consists of {CommunityID}_SECURE_NETWORK_DETECTION.

    * Example Use *


    SECURE_NETWORK_DETECTION = Host1;Host2 (Host1 or Host2 having valid certificate is evaluated)

    SECURE_NETWORK_DETECTION = Host1=<Hash>;Host2=<Hash> (Host1 or Host2 having matching sha_256 hash is evaluated)

    SECURE_NETWORK_DETECTION = Host1=<Hash>,<HashAlg>;Host2=<Hash>,<HashAlg> (Host1 or Host2 having matching <HashAlg> hash is evaluated)

    {CommunityID}_SECURE_NETWORK_DETECTION = <Hash>,<HashAlg>;Host2=<Hash>,<HashAlg>

  • @Doug_Daniel , you can access the hidden CEM UI by going to https://<host>:<port>/ I would highly recommend you do not make any changes here without talking to technical support first (as per policy).

  • agreed. It was a support call that led me to the CEM and advised on it's use.

Sign In or Register to comment.