Dell SonicWALL Secure Mobile Access 8.5Administration Guide 4817 What does the ‘Tunnel All Mode’ option do?Answer: Activating this feature causes the SMA/SRA appliance to push down two default routes that tellthe active NetExtender client to send all traffic through the SMA/SRA appliance. This feature is useful inenvironments where the SMA/SRA appliance is deployed in tandem with a Dell SonicWALL securityappliance running all UTM services, as it allows you to scan all incoming and outgoing NetExtender usertraffic for viruses, spyware, intrusion attempts, and content filtering.8 Is there any way to see what routes the SMA/SRA appliance is sending NetExtender?Answer: Yes, right-click on the NetExtender icon in the taskbar and select route information. You canalso get status and connection information from this same menu.9 After I install the NetExtender is it uninstalled when I leave my session?Answer: By default, when NetExtender is installed for the first time it stays resident on the system,although this can be controlled by selecting the Uninstall On Browser Exit > Yes option from theNetExtender icon in the taskbar while it is running. If this option is checked, NetExtender removes itselfwhen it is closed. It can also be uninstalled from the “Add/Remove Program Files” in Control Panel.NetExtender remains on the system by default to speed up subsequent login times.10 How do I get new versions of NetExtender?Answer: New versions of NetExtender are included in each Dell SonicWALL Secure Mobile Accessfirmware release and have version control information contained within. If the SMA/SRA appliance hasbeen upgraded with new software, and a connection is made from a system using a previous, olderversion of NetExtender, it is automatically upgraded to the new version.There is one exception to the automatic upgrading feature: it is not supported for the MSI version ofNetExtender. If NetExtender was installed with the MSI package, it must be upgraded with a new MSIpackage. The MSI package is designed for the administrator to deploy NetExtender through ActiveDirectory, allowing full version control through Active Directory.11 How is NetExtender different from a traditional IPSec VPN client, such as Dell SonicWALL’s Global VPNClient (GVC)?Answer: NetExtender is designed as an extremely lightweight client that is installed through a Webbrowser connection, and utilizes the security transforms of the browser to create a secure, encryptedtunnel between the client and the SMA/SRA appliance.12 Is NetExtender encrypted?Answer: Yes, it uses whatever cipher the NetExtender client and SMA/SRA appliance negotiate duringthe SSL connection.13 Is there a way to secure clear text traffic between the SMA/SRA appliance and the server?Answer: Yes, you can configure the Microsoft Terminal Server to use encrypted RDP-based sessions, anduse HTTPS reverse proxy.14 What is the PPP adapter that is installed when I use the NetExtender?Answer: This is the transport method NetExtender uses. It also uses compression (MPPC). You can electto have it removed during disconnection by selecting this from the NetExtender menu.15 What are the advantages of using the NetExtender instead of a Proxy Application?Answer: NetExtender allows full connectivity over an encrypted, compressed PPP connection allowingthe user to directly to connect to internal network resources. For example, a remote user could launchNetExtender to directly connect to file shares on a corporate network.16 Does performance change when using NetExtender instead of proxy?Answer: Yes. NetExtender connections put minimal load on the SMA/SRA appliances, whereas manyproxy-based connections might put substantial strain on the SMA/SRA appliance. Note that HTTP proxyconnections use compression to reduce the load and increase performance. Content received by SecureMobile Access from the local Web server is compressed using gzip before sending it over the Internet tothe remote client. Compressing content sent from the SMA/SRA saves bandwidth and results in higherthroughput. Furthermore, only compressed content is cached, saving nearly 40-50 percent of the
