Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

auto configure ssl vpn client profile with script or gpo

ErnestRErnestR Newbie ✭
in SSL VPN

Looking to automate the installation of the netextender ssl vpn client profile. It doesn't look like too much trouble to install the client with a gpo, but having it populate the profile too is what I'm hoping someone has figured out. We do some scripting in connectwise automate if that is a tool you've used for this.

Category: SSL VPN
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited February 2023

    @ErnestR I'am not familiar of any out of the box solution, but it might be scripted with NECLI, please check here for details:

    https://www.sonicwall.com/support/technical-documentation/docs/sma_100-10-2-user_guide/Content/sma-usr-using-vo-netext-user-config-display-cli.htm/

    You might query the profiles first and if there is no fitting profile present you could create it. Or maybe the MSI Installer options are a way to go.

    Also worth looking into:

    https://community.sonicwall.com/technology-and-support/discussion/4111/company-rebrand-redeploy-netextender-profile


    It's meant for SMA, but is valid for Firewalls as well.

    --Michael@BWC

  • ErnestRErnestR Newbie ✭

    cd 'C:\Program Files (x86)\SonicWall\SSL-VPN\NetExtender'

    .\NECLI.exe connect -s vpn.myvpn.xxx:433 -u %username -d domain.local


    Where the vpn IP and domain information would be specific to your environment.

    Save this as a powershell script gpo in the computer settings - windows settings - security - start up scripts

    Link the gpo to desired OU

  • erick_pachecoerick_pacheco Newbie ✭

    https://community.sonicwall.com/technology-and-support/discussion/comment/17648#Comment_17648

    This worked for me but I am using it in an automation script. How do I get it to automatically confirm "Y" after the connection is established? I don't know how to provide this value to the window opened by NECLI.exe. It is the window that asks to accept that we trust the security stuff.

    My code:

    $netextender_path = "C:\Program Files (x86)\SonicWall\SSL-VPN\NetExtender\NECLI.exe"

    $connection_process = Start-Process -FilePath $netextender_path -ArgumentList "connect", "-s", $server, "-d", $domain, "-u", $username, "-p", $password -PassThru

    The code above is what launches the window in the screenshot below. I want to be able to automatically provide the value of "Y" to the window and then once the process has returned an exit code - "0" zero for success, I want to run other commands - like joining the an AD domain or installing software. Make sense?

    image.png

    I'd really appreciate the help. Thank you!

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @erick_pacheco is something like echo "Y" | necli <connection parameters working?

    The easiest way woul be probably to use a valid certificate which does not cause a certificate error.

    —Michael@BWC

Sign In or Register to comment.