Options
Silently upgrade NetExtender
I've been scrapping my head, as I'm trying to upgrade NetExtender on our workstations silently. Tried .msi based cmd line: msiexec.exe /i "c:\Build\SonicWALL\netextender-x64-10.2.331.msi" SERVER=sonicwall.oldworldind.com:4433 DOMAIN=oldworldind.com EDITABLE=TRUE NETLOGON=TRUE /qn /norestart ALLUSERS=2 but it won't upgrade, unless first NetExtender is uninstalled from the computer, computer restarts and then it will upgrade NetExtender. Therefore, unless it's a fresh install, above doesn't apply. Any help?
Category: SSL VPN
Tagged:
0
Answers
IIRC the only way to get NetExtender to do silent upgrades is to install from the users web portal (from where a .exe is downloaded and run). After that, when a firmware update is done to the firewall, the new firmware contains updated NetExtender code which will get downloaded by clients automatically.
Any other method of installation requires a fresh install.
Sorry to rez this thread, but thought it best instead of creating a new one!
I reached out to SonicWall support about the quickest way (silently, hopefully) to get each end-user's NetExtender client upgraded to the latest version due to a new vulnerability.
I spoke with SonicWall support about this method. They sent me to this article (https://www.sonicwall.com/support/knowledge-base/autoupdate-using-netextender/230727055031530/) and stated that the change would "knock everyone off that is currently connected to the VPN", but that is not made clear in the article - it doesn't seem I am making any changes to the firewall itself?
The other thing not made clear, is what steps exactly the end-user is taking to complete the update. The support article is asking the administrator to download the client from the firewall's management page, from what I can gather. Naturally, the end-user will not have access to the firewall's admin. page, so this step must not be for them.
So my questions are, what steps does the end user need to take to make this update happen? And is it true that everyone will be disconnected from the VPN?
Thanks!
Users will only be disconnected from an active session when changes are made to either the SSLVPN Server Settings or Client Settings. They will not be disconnected if you simply download the ZIP file from the admin interface.
Thanks TKWITS!
Some quick quick follow-up questions:
Thanks again!
Unfortunately you'll find that firewall firmware doesn't always include the latest NetExtender versions. Back when Win10 was introduced we had to abandon installs from the firewall because NX versions prior to 8.266 wouldn't work with Win10, and no firmware version out at the time had it. So we were stuck with manually installing using the MSI version, and the arduous task of manual updates.
Maybe with Gen7 and Win11 you can get away with firewall installs and auto-update again.
You're welcome.
Hi, since I read this. I have a question. We are thinking about introducing the NetExtender (SMA) and using always on VPN.
I have read that always on VPN is only supported with msi version.
So when msi version is the raw application without config how do i get to realize the always on config/setup?
I've never done an 'always on' config so I cant help you there (i didnt think this was possible unless you are referring to connecting pre-login). With the MSI version you can specify the server parameters during installation, so the user only needs to enter their credentials.