We are about to push out a new VPN solution for our organization. One of the beautiful things we saw in SonicWALL's SSL-VPN was the thin, browser-based solution of NetExtender.
Does anybody have experience with this? My specific concern is that, at least in Windows 7 during testing, it prompts for admin credentials to install the ActiveX NetExtender plugin, which is standard for installing anything in a Windows domain environment. But doesn't this mean I actually have to go in and install the client on all domain laptops that will be using the VPN in the field? They wouldn't actually be able to simply visit the site and run the client, as advertised? By the way, we're using the SonicWALL NSA 3500 device.
We do have ManageEngine's Desktop Central, which can push out software installations, but it usually has to be in the form of a .MSI package.
Is there any solution to this, besides hitting up all my organization's computers?
Best Answer
NetExtender is neither thin nor browser-based. It cannot be deployed without administrator privileges and it cannot be deployed via GPO, because it requires installation of an unsigned network driver:
Personally, I find it a bit disturbing that a security vendor would see fit to sell a product that requires training users to ignore bright red security warnings.
You may be able to get around this by disabling driver signing, but I have not tested this approach. Allowing unsigned drivers on a domain-wide basis really isn't an appropriate fix for a single vendor's broken product.
Comparing hype vs. reality:
What SonicWall says on their marketing web site about installing NetExtender:
What SonicWall says on their support web site about installing NetExtender (abridged):
In my opinion, "transparently" is not the right word for this procedure.