I'm in the process of replacing a ForeFront TMG 2010 firewall with a SonicWall NSA 3600; the current firewall provides VPN access to our network using SSTP, and it works like a charm with any recent Windows client, without requiring the installation of any additional software.
The SonicWall firewall supports SSL VPNs, but it apparently requires a software called NetExtender to be installed; it can be downloaded directly from the firewall login page, thus it's not really a big deal… but we would really prefer to avoid installing any software and use only the Windows built-in VPN client.
Is it possible to estblish a SSL VPN connection to a SonicWall firewall from a Windows computer using only the built-in VPN client? If yes, how?
N.B. The firewall also supports L2TP ant it works fine with the Windows built-in VPN client (and several other ones); unfortunately, this is not an option: our people often travel to customer sites were Internet access is restricted to HTTP/S, thus a SSL VPN is a must.
Best Answer
For Sonicwall (either NSA-series or TZ-series firewalls using SSL-VPN, or SRA-series SSL-VPN appliances) you need to use NetExtender for Windows 8.0 or previous (or Mac OS X 10.8 or previous). Off hand, I know of no way to use the native VPN in Win 8.0 (or earlier) to connect to the SSL-VPN on Sonicwalls, only to the IPSEC/L2TP client VPN.
For Windows 8.1, there is support built-in for Sonicwall SSL-VPN in the native Win 8.1 VPN client - you just pick "Sonicwall" as the type when setting it up and enter the name (FQDN) or IP address of your Sonicwall gateway and off you go.
Note: digging into the saved settings on Win 8.1, it appears to create an SSTP connection, and I'm not sure how that ties in with the 'SSL-VPN' support on the Sonicwall end. Sonicwall state that Win8.1 "includes" their (newer, NetExtender replacement) "Sonicwall Mobile Connect" VPN client but I'm not sure of the underlying tech mechanism here for Win 8.1 - that's a tech dive I need to do some time to understand what's happening underneath better!
Note: Current versions of OS X, iOS and Android also now use versions of Mobile Connect instead of NetExtender - it's much better than NetExtender.
Scott.