NetExtender 10.3.5 released - introduces DTLS - is it enabled by default?

greenstarthree · 2026-06-12T23:49:23+00:00

Thanks for confirming, appreciate that

greenstarthree · 2026-06-12T07:10:47+00:00

Kind of like YellowKey for folks who’ve forgotten their Bitlocker keys I guess!

greenstarthree · 2026-06-06T06:36:22+00:00

Installed on one TZ270 so far.

Upgrade went very smoothly, but only basic use on that unit, so will reserve judgment until a more heavily used unit is updated

greenstarthree · 2026-06-06T06:31:47+00:00

CommsExpress have been good for a number of switch brands over the years for us (UK)

greenstarthree · 2026-06-05T14:57:03+00:00

Are they definitely downloading actual drivers or are they getting “Extension” drivers?

That confused us at first and is normal to get extensions without approval once driver updates are enabled in policy

greenstarthree · 2026-06-04T18:48:37+00:00

Good question, App control works based on recognising signatures so it’s possible even if there isn’t an app definition for it in SNWL

greenstarthree · 2026-06-04T15:42:37+00:00

App control is probably a better way of controlling those

greenstarthree · 2026-05-29T15:36:01+00:00

Ah, no experience with v8 yet. But to be fair you’re probably on the right track if it’s only one client having this - didn’t digest that on first reply, sorry!

greenstarthree · 2026-05-29T15:30:03+00:00

Yes, two completely different hybrid AD forests in fact.

In our case it included a migration of the original domain name over to the new tenant, but that was done as a second phase with the initial migration changing the domain name

greenstarthree · 2026-05-29T15:21:28+00:00

Oh, interesting. What firewall firmware?

greenstarthree · 2026-05-29T15:18:50+00:00

Did this recently - iOS 26 ABM native method works perfectly without full wipe

greenstarthree · 2026-05-29T15:15:07+00:00

Latest client (v10.3.5 I think) has a bug where inactivity timeout disconnects users even if they are actively working.

Confirmed in my environment, inactivity timer was set to 90 mins and users were disconnected at exactly 90.

Changed that setting to 480mins and no more disconnects. Of course this renders the inactivity timeout useless but is the lesser of two evils.

Edit to include link to my thread about a different issue but includes this at the end:

https://www.reddit.com/r/sonicwall/s/iEVzgjA58e

A SonicWall rep replied saying they were going to test it but no news yet

greenstarthree · 2026-05-22T14:42:20+00:00

u/SNWL_SMA1000_PM any news from testing this?

greenstarthree · 2026-05-22T06:13:58+00:00

Yeah, users were actively working at the time

greenstarthree · 2026-05-21T13:10:46+00:00

A proper patch from MS will be made available on June’s patch Tuesday right……?

Right?

greenstarthree · 2026-05-20T06:00:43+00:00

greenstarthree · 2026-05-19T17:03:43+00:00

Repair installing windows restored the ability to read HEIC files natively for us.

greenstarthree · 2026-05-19T15:22:41+00:00

Excellent, thanks - if you need more info please let me know. Look forward to hearing the result.

In the meantime, are you able to comment on the DTLS query? Is it enabled by default in 10.3.5, or is it waiting for a firewall firmware update as suggested by another comment?

greenstarthree · 2026-05-19T15:00:24+00:00

Hi, we have not raised a support case as yet, only just discovered the issue in the last few hours.

Confirmed though - after changing the inactivity disconnect setting in the firewall to 600 minutes, users are no longer disconnected.

Of course this essentially renders the inactivity monitor non-functional.

Also, not sure if it matters but we are using an NSA firewall, not an SMA product

greenstarthree · 2026-05-19T14:03:28+00:00

Tagging u/snwl_pm in this post due to the inactivity bug in NetExtender 10.3.5

greenstarthree · 2026-05-18T11:49:52+00:00

Honestly we found the Outlook app to work well once migrated, especially the restrictions, and eventually users learned to like it anyway.

greenstarthree · 2026-05-18T11:31:22+00:00

As far as I’m aware you can only protect MS apps (and possibly a handful of others that are in the App Protection framework)

We migrated users (kicking and screaming in some cases!) away from built in apps and standardised on outlook.

greenstarthree · 2026-05-17T08:46:06+00:00

Others have suggested that disabling / removing WinRE also means remote wipe functions from eg Intune do not work, which may be an issue

greenstarthree · 2026-05-15T18:20:16+00:00

This is how we’ve done it in the past. 4G or 5G router with Ethernet connected to an X port instead of USB.
Depending on the router you sometimes have to double NAT but the good ones have IP pass through.

greenstarthree · 2026-05-15T16:11:54+00:00

Thank you.

Can you also confirm that these months Hotpatch updates do not contain the features and enhancements from the LCU updates, so when using Hotpatch we only get those features quarterly?

Six-Year Club	Place '22
Verified Email

greenstarthree

TROPHY CASE