So, I’ve always used SGVC for my windows users, and don’t deal with too many Mac users. I tend to prefer IPSEC vs SSL VPN, and not really sure why other than that is the way I’ve always done it.
I’ve played with NetExtender, and Mobile Connect, but really have just used Mobile Connect on Mac computers.
I recently realized that I really need to setup MFA. I have a test lab with a TZ370, that does LDAPS authentication to AD.
I figure that TOTP MFA is better than email OTP, as email is easier to hack.
When I started testing this, I realized that if I have the IPSEC setup with the SGVC, then it does not enforce MFA, and I can just log in using my AD credentials.
So, I logged into the SSL Client portal, setup TOTP using Google Authenticator, and then downloaded the NetExtender client. Great, it works.
I’m wondering if NetExtender is the best/only solution to work?
I’m also having issues getting the NetExtender to save the URL to authenticate - I really don’t want to make my users type in the URL every time, I have to make this user friendly.
Same here, we were using GVC for years but to implement MFA had to buy 25 SSL VPN licenses and start using Netxtender with Microsoft authenticator. We don’t have Mac users.
TOTP works with MobileConnect as well, but SonicWall tells us it should only be used with MacOS clients, so stick with NetXtender if SSLVPN client is what you want.
Saving the URL with both NetXtender and MobileConnect works fine.
Btw make sure you are on latest SonicOS, if fixes some SSLVPN performance issues.
I’m generally okay with purchasing licenses for these things, but try to avoid recurring costs. I currently have 50 SSL VPN licenses, so do not need new licenses. I probably don’t want to purchase a new box for VPN.