Call a Specialist Today! 800-886-4880

SonicWALL Mobile Connect
Easy, policy-enforced access for smartphones and tablets

SonicWALL Mobile Connect

Overview:

Simple, policy-enforced secure access to mission-critical applications and data for iOS, OS X, Android, Kindle Fire and Windows 8.1 mobile devices

Organizations have reaped significant productivity gains by giving employees easy, fast access to enterprise email and calendar apps from smartphones and tablets. Now, users are increasingly demanding that IT extend support to include access to mission-critical enterprise applications, data and resources. Granting that access offers important productivity benefits to the organization, but introduces significant security risks as well, especially if workers use personal mobile devices. For example, an unauthorized person might access company resources using a lost or stolen device; an employee’s mobile device might act as a conduit to infect the network with malware; or corporate data might be intercepted over third-party wireless networks or mobile services used by mobile workers. Also, loss of business data stored on devices can occur if rogue personal apps or unauthorized users gain access to that data.

With the SonicWALL™ Mobile Connect™ application, in combination with SonicWALL Secure Remote Access (SRA) or next-generation firewall appliances, you can give your employees safe, easy access to the data and resources they need to be productive from a range of devices, including iOS, OS X, Android™, Kindle Fire and Windows 8.1, while ensuring that the corporate network is protected from mobile security threats.

With the SonicWALL solution, mobile workers simply install and launch the Mobile Connect application on their iOS, OS X or Android mobile device, or simply launch it from their Windows 8.1 device, to establish a secure connection to an SRA or next-generation firewall appliance. The encrypted SSL VPN connection will protect traffic from being intercepted and keep in-flight data secure. Context-aware authentication ensures only authorized users and trusted devices are granted access.

Behind the scenes, IT can easily provision and manage access policies via SonicWALL appliances through a single management interface, including restricting VPN access to a set of trusted mobile apps allowed by the administrator. Plus, the SonicWALL solution integrates easily with most back-end authentication systems, including two-factor authentication, so you can efficiently extend your preferred authentication practices to your mobile workers.

Benefits:

  • Delivers secure SSL VPN connection and granular, policy-enforced access control to resources
  • Easy for iOS, OS X, Android and Kindle users to download and install and already embedded in the Windows 8.1 OS
  • Context aware authentication ensures only authorized users and trusted mobile devices are granted access
  • Offers easy mobile access to authorized resources with preconfigured bookmarks
  • Enables administrators to restrict VPN access to an allowed set of trusted mobile apps, and manage and enforce mobile device registration and authorization policy terms when deployed with a SonicWALL E-Class SRA appliance
  • Centralized policy management reduces administration time from hours to minutes
  • One-click Secure Intranet File Browse and On-Device Data Protection
  • Automatically initiates secure SSL VPN sessions when appropriate
  • Decrypts and scans all SSL VPN traffic to block malware before it enters the network when deployed with a next-generation firewall

Features & Benefits:

Ease of use:

iOS, OS X, Android and Kindle users can easily download and install the Mobile Connect app via the App StoreSM, Google Play or the Amazon App Store; for Windows 8.1 mobile device users, Mobile Connect is embedded in the Windows 8.1 operating system so there is no need to download and install another VPN client app.

Centralized policy management:

IT can provision and manage mobile device access via SonicWALL appliances - including control of all web resources, file shares and client-server resource - through a single management interface. Unlike other VPN solutions, the SonicWALL solution allows you to quickly set role-based policy for mobile and laptop devices and users with a single rule across all objects; as a result, policy management can take only minutes instead of hours.

Verification of both user and device:

A Mobile Connect user is granted access to the corporate network only after the user has been authenticated and mobile device integrity has been verified. End Point Control can determine whether an iOS device has been jailbroken or an Android device has been rooted, as well as whether a certificate is present or the OS version is current, and then reject or quarantine the connection as appropriate.

Easy access to appropriate resources:

iOS, Android, Kindle and Windows 8.1 mobile devices can connect to all allowed network resources, including web-based, client/server, server-based, host-based and back-connect applications. Once a user and device are verified, Mobile Connect offers pre-configured bookmarks for one-click access to corporate applications and resources for which the user and device has privileges.

Malware protection:

When deployed with a SonicWALL next-generation firewall, Mobile Connect establishes a Clean VPN™, an extra layer of protection that decrypts and scans all SSL VPN traffic for malware before it enters the network.

Mobile device registration and authorization policy management:

New with Mobile Connect 3.1 and Secure Mobile Access OS 11.0 for SonicWALL E-Class SRA appliances, prior to granting network access, if a mobile device has not previously registered with the SRA appliance, the user is presented with a device authorization policy for acceptance. The user must accept the terms of the policy to register the device and gain access to allowed corporate resources and data. The terms of the policy are customizable by the administrator.

Per-application VPN:

Mobile Connect 3.1 in combination with Secure Mobile Access OS 11.0 for SonicWALL E-Class SRA appliances, enables administrators to establish and enforce policies to designate which apps on a mobile device can be granted VPN access to the network. This ensures that only authorized mobile business apps utilize VPN access. Mobile Connect 3.1 is the only solution that requires no modification of mobile apps for per app VPN access. Any mobile app or secure container can be supported with no modifications, app wrapping or SDK development.

One-click Secure Intranet File Browse and On-Device Data Protection:

Protect company data at rest on mobile devices. Authenticated users can securely browse and view allowed intranet file shares and files from within the Mobile Connect app. Administrators can establish and enforce mobile application management policy for the Mobile Connect app to control whether files viewed can be opened in other apps (iOS 7 only), copied to the clipboard, printed or cached securely within the Mobile Connect app. For iOS 7 devices, this allows administrators to isolate business data from personal data stored on the device and reduces the risk of data loss. In addition, if the user’s credentials are revoked, content stored in the Mobile Connect app is locked and can no longer be accessed or viewed.

Auto-launch VPN:

URL control allows apps that require a VPN connection for business (including Safari) to create a VPN profile and automatically initiate or disconnect Mobile Connect on launch (requires compatible server firmware). In addition, for iOS or OS X devices, to simplify use when a secure connection is required, VPN on Demand automatically initiates a secure SSL VPN session when a user requests internal data, applications, web sites or hosts.

Integration with existing authentication solutions:

The SonicWALL solution supports easy integration with most back-end authentication systems, such as LDAP, Active Directory and Radius, so you can efficiently extend your preferred authentication practices to your mobile workers. For increased security, you can enable one-time password generation and easily integrate with two-factor authentication technologies.

Application intelligence and control:

When deployed with a next-generation firewall, IT can easily define and enforce how application and bandwidth assets are used.

Deployment Options:

SonicWALL Mobile Connect Deployment Options

ADownload and install SonicWALL Mobile Connect onto mobile device.

BCreate a connection profile to connect to your corporate network.

C1Connect to a SonicWALL next-generation firewall.
Benefits: Provides DPI scanning for malware as well as application intelligence and control.

C1Connect to a SonicWALL Secure Remote Access appliance via a SonicWALL next-generation firewall.
Benefits: Provides DPI scanning for malware plus end point control to quarantine or reject connections from jailbroken or rooted mobile devices.

C3Connect to a SonicWALL E-Class Secure Remote Access appliance via a SonicWALL next-generation firewall.
Benefits: Provides DPI scanning for malware, end point control to quarantine or reject connections from jailbroken or rooted mobile devices. Also, enables administrators to restrict VPN access to an allowed set of trusted mobile apps, and manage enforced BYOD security policy terms.1

1 This feature is supported on the E-Class SRA appliances only. Please refer to the product release notes for the specific software version required to support this feature.

Specifications:

SonicWALL SRA and next-generation firewall specifications compatibility:

  • TZ, NSA or E-Class NSA appliance running SonicOS 5.8.1.0 or higher
  • SRA appliances running 5.5 or higher
  • E-Class SRA appliances running Aventail 10.5.4 or higher

SonicWALL Mobile Connect specifications compatibility:

  • Devices running iOS version 6.0 or higher
  • Devices running OS X 10.9 or higher
  • Devices running Android 4.0 and higher
  • Kindle Fire devices based on Android 4.0.3 or higher
  • Devices running Windows 8.1
Features based on Operating System
  iOS OS X / Mac Android Kindle Fire Windows 8.1
App Distribution App Store Mac App Store Google Play Amazon Appstore in box
Layer-3 VPN connectivity (SSL VPN) Yes Yes Yes Yes Yes5
Connect on demand Yes3 Yes3 - - Yes
Configurable trusted networks Yes1 Yes1 - - Yes
Network awareness Yes1 Yes1 Yes1 Yes1 -
Credential caching Yes Yes Yes Yes Yes
URL control Yes Yes Yes Yes No
Basic authentication (username/password) Yes Yes Yes Yes Yes
End-user device registration and authorization policy acceptance, management and reporting 1 Yes Yes Yes Yes Yes
Two-Factor Authentication (OTP\RADIUS) Yes Yes Yes Yes Yes
Client certificate authentication Yes3 Yes3 Yes3 Yes3 Yes
Password change Yes Yes Yes Yes Yes
Windows domain SSO for VPN - - - - Yes
Mobile application VPN access control 1 Yes Yes Yes Yes No
Split-tunnel\Tunnel-all routing Yes Yes Yes Yes Yes
IPv6 Support Yes Yes Yes Yes Yes
SSLv3.0\TLS 1.0, 1.1, 1.2 Yes3 Yes3 Yes3 Yes3 Yes3
Compression of data over VPN Yes3 Yes3 Yes3 Yes3 Yes1
ESP Model (UDP transport) Yes1 Yes1 Yes1 Yes1 -
Network conflict resolution Yes1 Yes1 Yes1 Yes1 Yes
End Point Control 3 Jailbreak, Certificate, OS version, DeviceID Yes Root, Certificate, OS version, DeviceID, Anti-Virus software Root, Certificate, OS version, DeviceID, Anti-Virus software Limited
File Reader / Bookmarks Yes2 - Yes2 Yes2 -
RDP Bookmarks Dell Wyse Pocket Cloud Pro, 2X RDP - Dell Wyse Pocket Cloud Pro, 2X RDP, Remote RDP Lite/ Enterprise 2X RDP -
Citrix Receiver Bookmarks Yes2 - Yes2 Yes2 -
VNC Bookmarks Remoter VNC - Dell Wyse Pocket Cloud Pro, 2X RDP, Remote RDP Lite/ Enterprise - -
Web Bookmarks Safari, Chrome - Any browser— configured in Android system settings Silk Browser -
Terminal Bookmarks iSSH - ConnectBot - -
MDM Management of VPN Connection Profiles Yes - - - Yes

Notes:
1 This feature is supported on the E-Class SRA appliances only. Please refer to the product release notes for the specific software version required to support this feature.
2 This feature is supported on the SMB SRA appliances only.
3 This feature is supported on the SMB SRA and E-Class SRA appliances only. Please refer to the product release notes for the specific software version required to support this feature.
4 This feature is supported on the SMB SRA, E-Class SRA and Next-Generation Firewall appliances. Please refer to the product release notes for the software specific version required to support this feature.
5 For the E-Class SRA appliances please refer to the product release notes for the specific software version required to support this feature.

Documentation:

Download the SonicWALL Mobile Connect Datasheet (.PDF)