Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Noob looking to get started...

NickPNickP Newbie ✭
in Secure Mobile Access Appliances

I just go the SRA demo, and am trying to get it up and running....

I have used Sonicwall for many years, but am new to SRA, so would appreciate some help in the right direction.

I'm trying to setup a demo that will authenticate my AD user and then implement AOV.

I have installed a wildcard SSL certificate, under "Server Certificate". I can log into https://aov.mydomain.com with no SSL issues.

Under Portals/Domains I have added my AD domain, and test is OK. I am able to log into the web portal using my AD username & password.

Under Clients/Settings, I have set client address pool to DHCP. Under Clients/Routes I have put in the route of the subnet where the SRA is located.

I am able to go to https://aov.mydomain.com and login with my AD userID & password. When I click NetExtender, it prompts to launch Sonicwall SMA Connect Agent.

When the NetExtender launches, I get Initializing connection parameters... failed!

When I tell it to reconnect, I get: SSL error happened, your OS may not support connecting to the server.

When I google that error, it says that my SSL cert needs to be 2040 bit (it is) and SHA256 (it is.)


Does anyone have a guide I can use on setting this up?

Category: Secure Mobile Access Appliances
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Are you on the latest firmware release? What do the appliance logs says about the connection? What OS and version are connecting from? What NetExtender version?

  • NickPNickP Newbie ✭

    SRA: 10.2.0.3

    Win 10: 20H2

    NetExtender: 10.2.300 / 10.2.302

    Error Log: SSL error happened, your OS may not support connecting to the server. Please make sure the server has valid certificate setup.

    Like I said, my cert is 2048 bits, using SHA256 encryption. My certificate is a wildcard - could that be the problem?

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Using a wildcard cert is not a problem. A few things to try would be:

    Change back to a device generated cert and attempt to connect. NetExtender will complain about the cert, but you can accept it temporarily.

    Disable client auto-update in the client settings and attempt to connect with a different NetExtender version (at least 8.6.266).

    Hope that helps.

  • MBTS_PeterMBTS_Peter Newbie ✭

    I ran into this while in a similar situation (all up to date on firmware, NetExtender version, SSl Cert all correct.). Turns out I had upped the TLS settings making it more secure but also caused my issue. I ended up turning back on TLS 1.2 to resolve.


    System->Administration->Global SSL/TLS Settings. I had set it to Modern Compatibility causing the issue. Changing to Intermediate Compatibility resolved the issue.

Sign In or Register to comment.