How do I install NetExtender? This document details the steps to installing the Dell SonicWall NetExtender for VPN access to campus systems from off-campus or over a wireless network on-campus.
SonicWALL’s SSL VPN features provide secure remote access to the network using the NetExtender client. NetExtender is an SSL VPN client for Windows, Mac, or Linux users that is downloaded transparently and that allows you to run any application securely on the company’s network. It uses Point-to-Point Protocol (PPP). Mar 22, 2020 Netextender For Mac Os X Thanks, Bob H. The release notes for SonicWall Mobile Connect macOS 5.0.0 show that your firewall should be supported: 'SonicWall firewall appliances including the TZ, NSA, E - Class NSA, and SuperMassive running SonicOS 5.8.1.0 or higher' I'd encourage you to open a ticket with SonicWall support and see if they can. SonicWALL’s SSL VPN NetExtender feature is a transparent software application for Windows, Mac, and Linux users that enables remote users to securely connect to the remote network. With NetExtender, remote users can securely run any application on the remote network.
- SonicWALL SSL-VPN NetExtender 6.0.176.1 is available as a free download on our software library. SonicWALL SSL-VPN NetExtender belongs to Internet & Network Tools. The latest version of the software can be installed on PCs running Windows XP/Vista/7/8/10, 32-bit. The following versions: 6.0, 5.5 and 5.0 are the most frequently downloaded ones.
- We use NetExtender but can't find a download link for the application on a Mac. Sonicwall recommends Mobile Connect which can be downloaded from the app store. I've downloaded it and tried to connect, but it says the server cannot be found. I know the server is correct as others have been able to connect on a Windows device with the same.
Some systems, such as Banner, UDrive, and SDrive require this VPN connection. In addition to installing this software, a user must also be authorized by either a system adminstrator or a network administrator to connect via VPN. Windows OS NOTE: These directions are for PCs running Windows. For Mac OS X users, please see the. Open the FIT VPN site:. Login with Tracks username and password. Select the Blue N icon to begin installing NetExtender. It will ask for you permission to install the add-on in FireFox so allow it.
After installing the add-on, it will ask you to restart the browser. Click on the restart button.
Select the Blue N icon again. A new window should pop up along with another one asking you permission to install the driver.
Select install this driver software anyway. Once complete, a notification in the bottom right corner of the screen should appear showing the computer is connected in NetExtender. Mac OS X Note that Mac users must do this in Safari.
The only recent security-only patch (vs. Whole new, newer OS) for Mac OS (vs iOS) has been for Safari, So it sounds like RoguePacket is probably right. And: If an end-user upgrade caused this problem, then it speaks to the need for policy & enforcement for Apple devices, no less than every & anything else that is company property or company-supported. Absent demonstrated business-case need, Apple users do NOT have local admin rights (required for such an upgrade) on company devices. In the few cases where companies have asked to have end-user Apple computers supported, we spell out specific parameters that the users must adhere to. Worst case, a user has had to pay out of their own pocket for a downgrade which means: Back up user data, wipe & install older OS.
Download Sonicwall Netextender For Mac
The TZ 205 is running firmware version 5.1.7. The latest available is 5.1.8, and in the Release Notes I see: 'Authentication of user fails, but at the same time, the firewall logs shows the same user successfully authenticated. Occurs when SSLVPN user tries to connect to UTM devices using Net Extender and Local User/LDAP User.'
I'm using local users and I think when they say Net Extender it applies to the MacOS Mobile Connect app too, ya? I'll update the firmware and report back.
I see some user comments in the App Store about similar issues after upgrading Mobile Connect to vers. Hi @BugCommunity: I tried another step too, updating the SSL VPN cipher method from RC4 to AES256 by connecting to the appliance via SSH, but problem still not fixed. My users have not yet upgraded to Sierra or High Sierra. They're running 10.11.x El Capitan. I thought about asking one of them to upgrade their MacOS to High Sierra, but I'm hesitant as not sure if the action will break anything else and not sure if it will fix our issue.
Do you have an users on High Sierra with same problem? Also, do you know of a way for users to get the older version of SW Mobile Connect? Note I have not yet setup L2TP per @dbeato suggestion above, after which I think they'd be able to use the native MacOS VPN client to connect, ya? But this step seems like overkill and addl. That should not be required. Bob Herman wrote: Hi @BugCommunity: I tried another step too, updating the SSL VPN cipher method from RC4 to AES256 by connecting to the appliance via SSH, but problem still not fixed.
My users have not yet upgraded to Sierra or High Sierra. They're running 10.11.x El Capitan. I thought about asking one of them to upgrade their MacOS to High Sierra, but I'm hesitant as not sure if the action will break anything else and not sure if it will fix our issue.
Do you have an users on High Sierra with same problem? Also, do you know of a way for users to get the older version of SW Mobile Connect? Note I have not yet setup L2TP per @dbeato suggestion above, after which I think they'd be able to use the native MacOS VPN client to connect, ya? But this step seems like overkill and addl. That should not be required. L2TP Shouldn't be required, but it is a workable workaround. I setup L2TP/IPSEC following but the users still cannot connect.
When they use the native MAC VPN client, it responds 'The L2TP-VPN server did not respond.' The SSL VPN listens on port 4433 but when using the L2TP/IPSEC VPN I think only server IP without port is correct, ya?
In any event, they've tried both with and without the port specified but still no go. Also, am I correct that the SW uses the Global VPN Client licenses for the L2TP/IPSEC VPN connections, as opposed to the SSL VPN Nodes/Users licenses? In any event, the SW has both license types available but users cannot connect. Any thoughts?
Netextender For Mac Os X
Thanks, Bob H. The release notes for SonicWall Mobile Connect macOS 5.0.0 show that your firewall should be supported: 'SonicWall firewall appliances including the TZ, NSA, E - Class NSA, and SuperMassive running SonicOS 5.8.1.0 or higher' I'd encourage you to open a ticket with SonicWall support and see if they can help you sort through things. We don't have an TZ-series devices, but I can report that SonicWall Mobile Connect v.5 is working on our Macs on macOS High Sierra 10.13, but we are using SRA-series devices for our SSL-VPN setup. Hi @audiojim: No support contract on this device so SW will not help. Numerous reviews in the MAC App Store show people are having issues. In another forum, a user suggested: 'The issue stems from when NetExtender needs to run maintenance and the computer has SIP(System Integrity Protection) enabled 1.) Shutdown your laptop 2.) Hold Command+R and power on your laptop, this will take you into OSX Recovery. Download 5kplayer 4.9 0.0 free for mac. 3.) Click on Utilities and Select Terminal, please note that you might get a prompt to ask for your language first but just select English 4.) Within Terminal enter in 'csrutil disable' and hit enter, you will get a message that says SIP has been disabled 5.) Reboot and those maintenance tasks should run without a hitch.'
Haven't tried this yet with a user as want to do some research on potential collarteral damage after disabling SIP. Any comments on that? Bob, I tried your 'csrutil disable' step and it didn't work for me. Currently having this problem with only one TZ500W. I'm able to connect to older TZ's, an older NSA, and all of the rest of the TZ300/400/500 that I tried. Client called with the problem and I was able to connect with MacOS 10.12.x with Sonicwall Mobile Connector 4.x.
Sonicwall Mobile Connect Mac Setup
Update to MacOS 10.12.6 (? - latest Sierra) and to SMC 5.0.x and it worked. It wasn't until I updated to MacOS High Sierra that it failed. Updated to the latest 6.2.x code on the TZ500W and another TZ500 - the October 25th with the Kracker exploit fix ( 6.2.9.2-25n) and no change. I opened a ticket with SW support for this.
NetExtender Concepts
Topics:
Stand-Alone Client
Once the NetExtender stand-alone client has been installed, Windows users can launch NetExtender from their PC’s Start > Programs menu and configure NetExtender to launch when Windows boots. Mac users can launch NetExtender from their system Applications folder, or drag the icon to the dock for quick access. On Linux systems, the installer creates a desktop shortcut in /usr/share/NetExtender. This can be dragged to the shortcut bar in environments like Gnome and KDE.
Client Routes
Tunnel All Mode
Tunnel All mode routes all traffic to and from the remote user over the SSL VPN NetExtender tunnel—including traffic destined for the remote user’s local network. This is accomplished by adding the routes in Routes to Be Added to Remote Client’s Route Table to the remote client’s route table:
NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any existing routes to force traffic destined for the local network over the SSL VPN tunnel instead. For example, if a remote user is has the IP address 10.0.67.64 on the 10.0.*.* network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the SSL VPN tunnel.
Tunnel All mode is configured on the SSL VPN > Client Routes page.