SSL VPN
Hi Team,
We are using same domain group for SSL VPN and GVC. Our requirement is like ssl vpn users should access internet through my firewall but GVC users not. So as per requirement i have select tunnel all mode in ssl vpn and give access of wan remote access to that domain group. In GVC we have kept VPN type as a split tunnel only.
Configuration tested successfully for ssl vpn users but after doing this GVC users unable to access there local internet when they connected to VPN.
When we remove access of wan remote access from group then internet stop working for GVC users.
Best Answers
-
CORRECT ANSWER
Saravanan
Moderator
@NINAD94 - Regarding the additional issues, I researched locally and found no such issues reported.
To me, it looks like a Netextender client software issue. Could you please let us know the Netextender version? If its not latest, could you please try with the latest version and update back?
Also, one more heads up to your very first question. If in case removing the WAN Remote Access Networks address object doesn't help, please follow the other method that we have as described in this KB article. This KB is meant for GVC but the same logic is followed by SSLVPN too. One change on this KB for SSLVPN scenario is to disable the "Tunnel All" mode in the SSLVPN Client Settings profile.
Please let us know if any questions or clarifications.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
5 -
CORRECT ANSWERSaravanan
Moderator
@NINAD94 - Hapless, at this point of time the software design doesn't allow us to hide the disconnect option and it remains visible to Netextender users. You can take this out as a feature enhancement request with our Sales team.
Pardon me for missing this out on my previous comment.
Have a good one!!!
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
5
Answers
Hi @NINAD94,
Welcome back.
Could you please remove the WAN Remote Access object from the VPN access of the user or group and then test this? I meant, without using WAN Remote Access Networks object in the VPN access of the user account, your requirement with GVC and SSLVPN should work. The tunnel all route will be pushed with the SSLVPN configuration. So, even without the WAN Remote Access object in place and with tunnel all mode enabled, the SSLVPN user should go online via the firewall. The GVC users as per the WAN group VPN policy, they adhere to split tunnels.
Hope this helps. Keep us posted with the outcome.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Okay @Saravanan I will check by removing Wan remote access object in VPN access of the user account.
Also I want to achieve below two points in sonicwall ssl-vpn.
1. Client get automatically connect when we disconnect and reconnect wifi. i.e client should get automatically connect when machine have internet access. I have tried by doing below setting in netextender. But when we disconnect wifi and reconnect it client not get connect automatically. we are getting session expired error.
2. User not able to manually disconnect the VPN once connected to ssl vpn. once vpn established user will not able to see disconnect button on netextnder.
Just let me know whether we can achieve the above two points or not..??
@Saravanan what about the 2nd point that i have mentioned. Can we hide disconnect tab once user get connected to ssl VPN.
Also we are using latest version of netextnder client