Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Single NetExtender profile for both external access and WLAN zone

Is it possible to configure SonicWall/SonicWave so that NetExtender clients can connect using a single server profile while either external or connected to WLAN via SonicWave? 

Connection profile using “” works fine while external but will not find server while on WLAN Zone. Creating a second connection profile using the WLAN interface IP “” does work.

Is there some way to configure the SonicWall to redirect/resolve “”  to the interface IP so htat users dont have to select a particular profile based on their location (WAN vs WLAN) ? 

Category: SSL VPN


  • Options
    TKWITSTKWITS Community Legend ✭✭✭✭✭

    This can be called 'hairpin SSLVPN' and comes down to a few things.

    What does '' resolve to when internal? It should resolve to the correct WAN public IP.

    Do you have SSLVPN enabled on the WLAN zone? It should be.

    Finally ensure there is a rule allowing traffic from the WLAN zone to the WAN zone allowing access to the WAN public IP on the SSLVPN port.

    That's how I've done it.

  • Options

    Thanks for the reply TKWITS does resolve to the correct public IP bound to the WAN interface. 

    SSLVPN is enabled on the WLAN zone. Create a NetExtender profile using the WLAN interface IP address ( and it works fine. 

    Default rule WLAN > WAN = Allow is present

  • Options

    Well, I’m stumped. I must be missing something, but as far as I can tell everything seems to be configured correctly but it just wont work. Is there a specific NAT policy that needs to be created for the hairpin function to work?

    I did open a case with support yesterday. No response so far. 

  • Options
    TKWITSTKWITS Community Legend ✭✭✭✭✭

    You do not use a NetExtender profile that uses the WLAN interface address.

    The default rule is not sufficient.

  • Options

    I think you may have misunderstood my comment. Creating a NetExtender profile that points to the WLAN interface IP was for testing purposes only and that does work. Also, editing the Windows host file to resolve the WLAN interface IP of to works, but is not a solution as it would just reverse the problem when attempting to connect from outside the organization.

    "The default rule is not sufficient' What rule needs to be created to allow the hairpin to function?

Sign In or Register to comment.