Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SSL VPN NetExtender - get sure it is only installed on company hardware

ChojinChojin Enthusiast ✭✭

Hi there,

I got a little bit deeper into ssl vpn and already managed that users can only login via our Radius Server.

But now i was wondering how i can stop users from using login + netextender from their private HArdware?


With the GVC we had given the profiles a PSK so nobody could import this file without someone who is authorized to do that for them.

Is there something similar we can do with SSL VPN?

Category: SSL VPN
Reply

Answers

  • @Chojin,

    We do have end point control on our dedicated secure remote access devices. But I'm afraid, we do not have such granular control on the firewall itself.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • ChojinChojin Enthusiast ✭✭

    @shiprasahu93 : Hey we thought about that too. But this will be some extra work/cost for implementation/maintenance.


    I was thinking about something like using certificates. If someone tries to login via SSL VPN the sonicwall checks the certificate of the SSL Dial User and if it doesnt fit the sonicwall wont allowed the incoming dial in?

  • @Chojin,

    I think you are looking for a client certificate check during the SSL handshake. I think it is available for the firewall management itself but not for SSLVPN. Again, this is available on the SMA devices though.

    The additional auth that we support with SSLVPN is TOTP, which is time-based OTP along with the regular username/password.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.