Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

SSL VPN NetExtender - get sure it is only installed on company hardware

ChojinChojin Enthusiast ✭✭
in SSL VPN

Hi there,

I got a little bit deeper into ssl vpn and already managed that users can only login via our Radius Server.

But now i was wondering how i can stop users from using login + netextender from their private HArdware?


With the GVC we had given the profiles a PSK so nobody could import this file without someone who is authorized to do that for them.

Is there something similar we can do with SSL VPN?

Category: SSL VPN
Reply

Answers

  • shiprasahu93shiprasahu93 Moderator
    @Chojin,

    We do have end point control on our dedicated secure remote access devices. But I'm afraid, we do not have such granular control on the firewall itself.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • ChojinChojin Enthusiast ✭✭

    @shiprasahu93 : Hey we thought about that too. But this will be some extra work/cost for implementation/maintenance.


    I was thinking about something like using certificates. If someone tries to login via SSL VPN the sonicwall checks the certificate of the SSL Dial User and if it doesnt fit the sonicwall wont allowed the incoming dial in?

  • shiprasahu93shiprasahu93 Moderator

    @Chojin,

    I think you are looking for a client certificate check during the SSL handshake. I think it is available for the firewall management itself but not for SSLVPN. Again, this is available on the SMA devices though.

    The additional auth that we support with SSLVPN is TOTP, which is time-based OTP along with the regular username/password.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.