The SonicWall SSL-VPN 2000 is an impressive and feature-packed appliance. For the most part, I have no complaints (well, it would be nice if it worked on the iPhone or iPad, but this is a bigger issue…), but recently we ran into a rather annoying problem.
The SSL-VPN allows you to configure “bookmarks” that are links to your internal resources. Bookmarks can be Remote Desktop, FTP, VNC, and (among others) http and https. For intranet sites that support basic authentication, it will even push credentials.
All urls accessed through the vpn are rewritten something like: https://sslvpn/go/http://intranetsite/index.html. All URLs referenced within are rewritten as well. This works great until it doesn’t.
Say your intranet page has a link to google.com. The SSL-VPN will happily proxy all traffic through itself, rewriting the link to https://sslvpn/go/http://www.google.com.
Now say you had a link to some cloud-based application that doesn’t tolerate being proxied, and you have a problem.
As far as I can tell, SonicWall provides no option to disable rewriting for a specific bookmark. If you have purchased the Web Application Firewall addon, I believe you can setup exceptions, but I’m not even so sure about that. So… I had to try to figure it out myself.
Well after experimenting and digging, I found a workaround involving javascript redirection, obscuring strings, and overriding functions. While I typically would post my solution, I fear that SonicWall might consider it a security hole and simply patch things up without providing a viable solution. So, if you are pulling your hair out over your SSL-VPN rewriting all your external links – there is hope! Shoot me a comment / email and I’ll see if I can’t help you out.
UPDATE 10/18/2011
One of the people who requested my workaround found that in his case there was a much simpler solution: If you simply need to create a bookmark to an external website, you can just configure the bookmark on the SSL-VPN as an “external website”. My workaround is for the case where you need the SSL-VPN to proxy an internal page, but that page has a link (or redirect) to an external page that gets mangled.
Thanks!
-Jason
what did you use?
Check your email
Very interested in your work around
I just ran inti this exact issue with SonicWall in front of an ExtJS app and would love to hear your thoughts!
Hi Jason,
I’m stuck at this problem as well…pls share!
Thanks 😉
Hi Jason,
I am interested in the solution because I am having the same problem. Can you please send me an e-mail?
Thanks a lot!
Hey Jason,
I’m working on a site for a company and they are insisting on SonicWall. I am experiencing some weird javascript issues. I would be interested in seeing your workaround if you wouldn’t mind.
Thanks a ton! This is driving me nuts!
please check your email.need to know your work-around.
Hi Jason,
I’m also facing the same problem and interested in your solution.
Thank you
Hi Jason,
Do you know if your fix would also work with Dell SonicWALL SRA Appliance? Not sure if the same as SSL VPN 2000, but it certainly does the same crazy thing with Javascript on Bookmarks.
I would appreciate getting a handle on what you did to see if that would work for me here.
Thanks in advance
It might – I will email you the instructions I have. It has been long enough that I really cannot help much more – I don’t have access to the appliance any longer.
believe it or not this is still an issue 4 years later. been searching all over for a solution, maybe you could help?
I am looking for a solution also for a customer.
That reports the exact issue.
Can you provide me with the workaround?
Hi Jason,
Please let me know how to disable this rewriting thing. There is a bug if your JS is compressed with Google Closure Compiler. I have to disable this to make it work.
Thanks.
This is a totally awsome post….thanks for posting. So what was the fix? I’m running into this problem now.
Chad
Hi, since we haven’t updated firmware in years this is an issue for us as well. Do you still have the fix?
Thank you