Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


SMA 500v VPN - NECLI - automated connection by script - login/name + certificate

KRu_vys_CZKRu_vys_CZ Newbie ✭


i have issue here to create cmd/bat file for automated connection.

The main goal is, our contractor use some robot on his server which use this bat file and autamtically connect vpn to our organization and use 2 factors login/password + certificate.

I tried to connect by CMD line to our org. from out, and it was sucessfull.

I used this syntax:


NECLI connect -s 1xx.xx.xx.xx -d Domain -u User -p Password


There is a problem with the site's security certificate.

Warning: The name on the security certificate is invalid or does not match the name of the site.

Do you want to proceed? (Y:Yes, N:No, A:Always trust, V:View Certificate)y

Connected successfully.


But i need login/pw + certificate.

Do you have idea how it is work?

Which certificate, where generate it, where import certificate to SMA 500V? And how to do it in CMD windows line?

My setup is:

Model: SMA 500v

Firmware Version:

NetExtender Service Version is: 9.0.277

NetExtender Agent Version is: 1.0.53

Category: SSL VPN

Best Answers


  • Options
    KRu_vys_CZKRu_vys_CZ Newbie ✭

    For this:


    I am not sure why are your try to silently deploy NESetupU.exe, typically for massive deployment, you should silently deploy NetExtender.msi installer through DC(domain controller) to all members. If you try to install through NESetupU.exe, you need to install it on each PC manually.


    --> We are not trying to mass deploy netextender. We need install 1x necli on some server in diferent developing company, and need to create script for some robot, who automatically connect to our company and do automatic update of diferrent software on some our server, and disconnect. That is all.

  • Options
    RedNetRedNet Enthusiast ✭✭
    edited June 2020

    The Cert prompt here is the cert for the TLS/SSL connection of netextender. So whatever cert you have configured on the SonicWALL for SSL VPN client to server encryption (similar to how you would have an SSL cert installed on a HTTPS webserver so the client browser and website can encrypt the session).

    On the sonicwall go to Manage/SSL VPN/Server Settings - see "Certificate selection" dropdown

    If you are using the default "Self Signed" cert then just download that cert and install that on your computer/server which is making the netextender connection.

    Or you could launch the full netextender client once and connect it, should prompt to trust the cert and you can choose "always trust" and that should then apply to your necli so it wont ask on connection I would imagine.

    Or you could just get a Cert from a provider and use that on the sonicwall for sslvpn instead of the built in self signed one.

Sign In or Register to comment.