What browser and version do I need to successfully connect to the SSL-VPN appliance?

Microsoft Internet Explorer 5.01 or newer, recommend Internet Explorer 6.0SP1  (Recommended)

What needs to be activated on the browser for me to successfully connect to the SSL-VPN appliance?

1. SSLv2, SSLv3, or TLS – recommend disabling SSLv2 if possible
2.  Enable cookies
3.  Enable pop-ups for the site
4.  Enable Java
5.  Enable Javascript
6.  Enable ActiveX

I can’t launch any of the RDP5 connectors from my web browser -- why?
The RDP5 component is ActiveX-based – you will need to use Microsoft Internet Explorer 5.01 or newer in order to use them. RDP5 is not currently supported on any other browser/version.

What version of Java do I need?
You will need to install Sun’s JRE 1.3.1 or later (available at http://www.java.com) to use some of the features on the SSL-VPN appliance, but SonicWALL recommends using version 1.5 and newer (please note Sun now calls this 5.0).

What operating systems are supported?

1. Microsoft Windows 2000 Professional SP4 and newer
2. Microsoft Windows XP with SP2
3. Apple OSX 10.2 and newer
4. Linux kernel 2..4.x and newer
   

Does the SSL-VPN appliance have a SPI firewall?
No, it only has basic filtering capabilities – it must be combined with SonicWALL security appliance or other third-party firewall/VPN device.

Can I access the SSL-VPN appliance using HTTP?
No, it requires HTTPS. HTTP connections are immediately redirected to HTTPS. You may wish to open both 80 and 443, as many people forget to type https: and instead type http://. If you block 80, they will not get the redirect.

Can I cascade multiple SSL VPN appliances to support more concurrent connections?
No, this is not supported.

Digital Certificates and Certificate Authorities Section

OK, so…SSL certificates are really expensive – do I *have* to purchase one?

No, your can simply ignore the security warnings – they’re simply a warning mechanism to users that the certificate is not trusted or contains mismatched information. Accepting a non-trusted certificate does not have anything to do with the level of encryption negotiated during the SSL handshake.  However, SSLVPN tested digital certificates from www.registerfly.com -- they’re inexpensive, they work fine in the SSL-VPN appliance, and do not require the background check that other Certificate Authorities require during the purchase process.

What format is used for the digital certificates?
X509v3.

What CA’s certificates can I use with the SSL-VPN appliance?
Verisign, Thawte, Baltimore, and RSA – however, any should work if they are X509v3 format.

Does the SSL-VPN appliance support chained certificates?
No, the current version of software does not support chained certificates. You should choose a top-level CA rather than an intermediate CA when purchasing your certificate for your SSL-VPN appliance to avoid any issues with non-trusted intermediate certificates.

Can I use certificates generated from a Microsoft Certificate Server?
Yes, but to avoid a browser warning, you will need to install the Microsoft CA’s root cert into all web browsers that will connect to the device.

I can’t import my new certificate and private key – why?
The certificate and private key must be named ‘server.crt’ and ‘server.key’, and then both placed into a .zip file in order to be successfully imported. If these three steps are not followed the import will fail.

OK, I was able to import them but it now it just says “pending” – why?
Click on ‘Configure’ icon next to the new certificate and enter password you specified when creating the Certificate Signing Request (CSR) to finalize the import of the certificate. Once this is done, you can successfully activate the certificate on the SSL-VPN appliance.

Can I have more than one certificate active – I have multiple virtual hosts?
No, only one can be active – other virtual sites with names that do not match the name embedded on the SSL-VPN appliance’s certificate will show security warnings to any web browser connecting to them.

Does the SSL-VPN appliance support client-side digital certificates?
Yes, this can be specified as a requirement in the portal settings – just remember that any certificates in the trust chain of the client certificates must be installed onto the SSL-VPN appliance.

General Questions Section

When I log in to the SSL-VPN Appliance my browser gives me an error – what should I do?

This error (see below) can be caused by any combination of the following three factors: 

1. The certificate in the SSL-VPN appliance is not trusted by the browser
2. The certificate in the SSL-VPN appliance may be expired.
3. The site requested by the client web browser does not match the site name embedded in the certificate

Web browsers are programmed to issue a warning if the above three conditions are not met precisely. This security mechanism is intended to ensure end-to-end security, but often confuses people into thinking something is broken. If you are using the default self-signed certificate, this error will appear every time a web browser connects to the SSL-VPN appliance. However, it is just a warning and can be safely ignored, as it does not affect the security negotiated during the SSL handshake. If you do not want this error to happen, you will need to purchase and install a trusted SSL certificate onto the SSL-VPN appliance.

When I launch any of the Java components it gives me an error – what should I do?

I got a ‘Critical Error’ message when accessing one of the SSL-VPN components – what do I do?
Reboot the system. If it does not go away, please contact tech support. Details on how to contact Atkku’ s tech support department can be found at the end of this FAQ.

I understand there will be Javascript downloaded on my system -- is this safe?
Yes.

The web cache cleaner did not work when I exited the web browser – why?
In order for the web cache cleaner to run, you must click on the ‘Logout’ button. If you close the web browser via any other means, the web cache cleaner cannot run.

What does the web cache cleaner do, exactly?
The web cache cleaner is an ActiveX-based applet that removes all temporary files generated during the session, removes any history bookmarks, and removes all cookies generated during the session. It will only run on Internet Explorer 5.0.1 or newer.

My Windows XPSP2 system cannot use the RDP5-based connectors – why?
You will need to download and install a patch from Microsoft for this to work correctly. The patch can be found at the following site: 
http://www.microsoft.com/downloads/details.aspx?FamilyID=17d997d2-5034-4bbb-b74d-ad8430a1f7c8&DisplayLang=en