NetExtender address pool, all IP addresses in the global NetExtender address pool are used for NetExtender
clients.
Connection Scripts
SMA/SRA appliances provide users with the ability to run batch file scripts when NetExtender connects and
disconnects. The scripts can be used to map or disconnect network drives and printers, launch applications, or
open files or Web sites. NetExtender Connection Scripts can support any valid batch file commands.
Tunnel All Mode
Tunnel All mode routes all traffic to and from the remote user over the Secure Mobile Access NetExtender
tunnel—including traffic destined for the remote user's local network. This is accomplished by adding the
following routes to the remote client's route table:
Table 13. Tunnel All mode: Routes to be added to remote client's route table
IP Address
0.0.0.0
0.0.0.0
128.0.0.0
NetExtender also adds routes for the local networks of all connected Network Connections. These routes are
configured with higher metrics than any existing routes to force traffic destined for the local network over the
Secure Mobile Access tunnel instead. For example, if a remote user is has the IP address 10.0.67.64 on the
10.0.*.* network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the Secure Mobile Access
tunnel.
Tunnel All mode can be configured at the global, group, and user levels.
Proxy Configuration
SMA/SRA appliances support NetExtender sessions using proxy configurations. Currently, only HTTPS proxy is
supported. When launching NetExtender from the Web portal, if your browser is already configured for proxy
access, NetExtender automatically inherits the proxy settings. The proxy settings can also be manually
configured in the NetExtender client preferences. NetExtender can automatically detect proxy settings for
proxy servers that support the Web Proxy Auto Discovery (WPAD) Protocol.
NetExtender provides three options for configuring proxy settings:
•
Automatically detect settings - To use this setting, the proxy server must support Web Proxy Auto
Discovery Protocol (WPAD)) that can push the proxy settings script to the client automatically.
•
Use automatic configuration script - If you know the location of the proxy settings script, you can
select this option and provide the URL of the script.
•
Use proxy server - You can use this option to specify the IP address and port of the proxy server.
Optionally, you can enter an IP address or domain in the BypassProxy field to allow direct connections
to those addresses and bypass the proxy server. If required, you can enter a user name and password for
the proxy server. If the proxy server requires a username and password, but you do not specify them, a
NetExtender pop-up window prompts you to enter them when you first connect.
When NetExtender connects using proxy settings, it establishes an HTTPS connection to the proxy server instead
of connecting to the SMA/SRA server directly. The proxy server then forwards traffic to the SMA/SRA server. All
traffic is encrypted by SSL with the certificate negotiated by NetExtender, of which the proxy server has no
knowledge. The connecting process is identical for proxy and non-proxy users.
Subnet mask
0.0.0.0
128.0.0.0
128.0.0.0
Dell SonicWALL Secure Mobile Access 8.5
43
Administration Guide