Disabling the URL rewriting on a SonicWall SSL-VPN bookmark

The SonicWall SSL-VPN 2000 is an impressive and feature-packed appliance. For the most part, I have no complaints (well, it would be nice if it worked on the iPhone or iPad, but this is a bigger issue…), but recently we ran into a rather annoying problem.

The SSL-VPN allows you to configure “bookmarks” that are links to your internal resources. Bookmarks can be Remote Desktop, FTP, VNC, and (among others) http and https. For intranet sites that support basic authentication, it will even push credentials.

All urls accessed through the vpn are rewritten something like: https://sslvpn/go/http://intranetsite/index.html. All URLs referenced within are rewritten as well. This works great until it doesn’t.

Say your intranet page has a link to google.com. The SSL-VPN will happily proxy all traffic through itself, rewriting the link to https://sslvpn/go/http://www.google.com.
Now say you had a link to some cloud-based application that doesn’t tolerate being proxied, and you have a problem.

As far as I can tell, SonicWall provides no option to disable rewriting for a specific bookmark. If you have purchased the Web Application Firewall addon, I believe you can setup exceptions, but I’m not even so sure about that. So… I had to try to figure it out myself.

Well after experimenting and digging, I found a workaround involving javascript redirection, obscuring strings, and overriding functions. While I typically would post my solution, I fear that SonicWall might consider it a security hole and simply patch things up without providing a viable solution. So, if you are pulling your hair out over your SSL-VPN rewriting all your external links – there is hope! Shoot me a comment / email and I’ll see if I can’t help you out.

UPDATE 10/18/2011

One of the people who requested my workaround found that in his case there was a much simpler solution: If you simply need to create a bookmark to an external website, you can just configure the bookmark on the SSL-VPN as an “external website”. My workaround is for the case where you need the SSL-VPN to proxy an internal page, but that page has a link (or redirect) to an external page that gets mangled.

Thanks!
-Jason

16 thoughts on “Disabling the URL rewriting on a SonicWall SSL-VPN bookmark

  1. Hi Jason,

    I am interested in the solution because I am having the same problem. Can you please send me an e-mail?

    Thanks a lot!

  2. Hey Jason,

    I’m working on a site for a company and they are insisting on SonicWall. I am experiencing some weird javascript issues. I would be interested in seeing your workaround if you wouldn’t mind.

    Thanks a ton! This is driving me nuts!

  3. Hi Jason,

    Do you know if your fix would also work with Dell SonicWALL SRA Appliance? Not sure if the same as SSL VPN 2000, but it certainly does the same crazy thing with Javascript on Bookmarks.

    I would appreciate getting a handle on what you did to see if that would work for me here.

    Thanks in advance

  4. Hi Jason,

    Please let me know how to disable this rewriting thing. There is a bug if your JS is compressed with Google Closure Compiler. I have to disable this to make it work.

    Thanks.

  5. This is a totally awsome post….thanks for posting. So what was the fix? I’m running into this problem now.

    Chad

Leave a Reply