COMPREHENSIVE INTERNET SECURITY ™

hhh SonicWALL Global VPN Client 3.1

Administrator'sgGuide

Table of Contents
SonicWALL Global VPN Client ......................................... 5
SonicWALL Global VPN Client Features .............................................. 5
New Features in SonicWALL Global VPN Client 3.1 ............................ 6
Global VPN Client Enterprise/Global Security Client ............................ 7

About this Guide.............................................................. 7
Using the Right Administrator’s Guides................................................. 7
Conventions Used in this Guide ............................................................ 8
Icons Used in this Guide ....................................................................... 8
Copyright Notice.................................................................................... 8
Limited Warranty ................................................................................... 9

Installing the SonicWALL Global VPN Client .................... 9
Using the Setup Wizard....................................................................... 10

Adding VPN Connection Policies ................................... 12
Understanding VPN Connection Policies ............................................ 12
Understanding Digital Certificates ....................................................... 13
Using the New Connection Wizard...................................................... 13
Creating a VPN Connection Policy...................................................... 13
Importing a VPN Configuration File..................................................... 15
Configuring a Dial-Up VPN Connection .............................................. 16

Launching the SonicWALL Global VPN Client ................ 17
Making VPN Connections .............................................. 17
Accessing Redundant VPN Gateways ................................................ 18
Enabling a VPN Connection................................................................ 18
Establishing Multiple Connections....................................................... 19
Entering a Pre-Shared Key ................................................................. 20
Selecting a Certificate ......................................................................... 20
Username and Password Authentication ............................................ 20
Connection Warning............................................................................ 21

Disabling a VPN Connection .......................................... 21
Checking the Status of a VPN Connection ..................... 21
Page 2 SonicWALL Global VPN Client 3.1 Administrator’s Guide

Creating a VPN Policy Shortcut ..................................... 22
Specifying Global VPN Client Launch Options ............... 23
Managing the Global VPN Client System Tray Icon ........ 23
Managing VPN Connection Policy Properties................. 24
General................................................................................................ 24
User Authentication ............................................................................. 25
Peers ................................................................................................... 26
Status .................................................................................................. 28

Managing VPN Connection Policies ............................... 29
Arranging Connection Policies ............................................................ 29
Renaming a Connection Policy ........................................................... 29
Deleting a Connection Policy .............................................................. 29
Selecting All Connection Policies ........................................................ 29

Managing Certificates ................................................... 30
Troubleshooting the SonicWALL Global VPN Client ....... 30
Understanding the Global VPN Client Log .......................................... 31
Configuring the Log ............................................................................. 32
Generating a Help Report ................................................................... 33
Accessing Technical Support .............................................................. 34
Viewing Help Topics............................................................................ 34
Uninstalling the SonicWALL Global VPN Client (Windows 98 SE) ..... 34

Configuring SonicWALL Security Appliances for
Global VPN Clients ........................................................ 34
SonicWALL Global VPN Client Licenses ............................................ 35
Group VPN Connections Supported by Each SonicWALL Model....... 35
Activating Your SonicWALL Global VPN Clients................................. 36
Downloading Global VPN Client Software and Documentation .......... 36

SOFTWARE LICENSE AGREEMENT FOR THE
SONICWALL GLOBAL VPN CLIENT ............................... 37
LICENSE ............................................................................................. 37
EXPORTS LICENSE........................................................................... 38
SUPPORT SERVICES........................................................................ 38
SonicWALL Global VPN Client 3.1 Administrator’s Guide Page 3

..........Running the Global VPN Client from the Command Line Interface ............................rcf File ........Creating and Deploying the Default... 39 LIMITATION OF LIABILITY...........................log to Check for Errors....................... 47 Appendix B ........................ 40 How the Global VPN Client uses the default....rcf File for Global VPN Clients ............ GOVERNMENT RESTRICTED RIGHTS ..... 38 COPYRIGHT ........................1 Administrator’s Guide ...............................Installing the Global VPN Client with a Ghost Application............................SonicWALL Global VPN Client Installation Using the InstallShield Silent Response File ......................................................................................... 49 Command Line Options.............................. 47 Creating the Silent Installation.................... 50 Appendix E.................................................................................rcf File .................................................... 44 Troubleshooting the deafult..................................................................................... 48 Using Setup..............................................rcf File .. 47 Playing Back the Silent Installation ...................................................................................... 48 Appendix C ........................... 49 Command Line Examples ...............................................................................rcf File.................. 40 Deploying the default........................... 39 TERMINATION...........................................................S............................... 38 MISCELLANEOUS...................................................... 39 SonicWALL Global VPN Client Support.....rcf File............................................. 49 Appendix D ... 42 Sample default....................... 40 Creating the default....................... 40 Appendix A .......UPGRADES .................................................................................... 50 Page 4 SonicWALL Global VPN Client 3..Log Viewer Messages ........................................................ 39 CUSTOMER REMEDIES ......................... 39 LIMITED WARRANTY........................................................................................................................................................................................... 38 U.. 39 NO OTHER WARRANTIES ................

Provides enhanced security by blocking all traffic not directed to the VPN tunnel to prevent Internet attacks from entering the corporate network through a VPN connection. and streamlined management tools to minimize support requirements. SonicWALL Global VPN Client Page 5 . DHCP over VPN Support . Multiple Subnet Support . The VPN configuration data is transparently downloaded from the SonicWALL VPN Gateway (SonicWALL Internet Security Appliance) to Global VPN Clients. The Global VPN Client provides an easy-to-use solution for secure. removing the burden from the remote user of provisioning VPN connections. and Netscape Certificate Authorities (CAs) for enhanced user authentication. SonicWALL Global VPN Client Features The SonicWALL Global VPN Client delivers a robust IPSec VPN solution with these features: • • • • • • • • • • • • • Easy to Use . AES requires SonicOS 2.Provides added security with user authentication after the client has been authenticated via a RADIUS server. AES and 3DES Encryption .Allows Global VPN Client connections to more than one subnet in the configuration to increase networking flexibility. Microsoft.Allows automatic redirect in case of a SonicWALL VPN gateway failure. Custom developed by SonicWALL. XAUTH Authentication with RADIUS . Windows ME. removing the burden of provisioning VPN connections from the user.Provides an easy-to-follow Installation Wizard to quickly install the product. an easyto-follow Configuration Wizard with common VPN deployment scenarios.Allows IP address provisioning across a VPN tunnel for the corporate network while allowing WAN DHCP for Internet Access from the ISP.Enables Global VPN Client connections to be initiated from behind any device performing NAT (Network Address Translation). Using SonicWALL’s Client Policy Provisioning technology.0. Windows 2000 Professional (service pack 3 or later). NAT Traversal .Using only the IP address or Fully Qualified Domain Name (FQDN) of the SonicWALL VPN gateway. Windows XP Professional.0 (service pack 6 or later). point-and-click activation of VPN connections. Tunnel All Support . the VPN configuration data is automatically downloaded from the SonicWALL VPN gateway via a secure IPSec tunnel.S. and Windows XP Tablet PC Edition. Windows XP Home Edition. which are widely deployed to allow local networks to use one external IP address for an entire network. Secure VPN Configuration .SonicWALL Global VPN Client The SonicWALL Global VPN Client creates a Virtual Private Network (VPN) connection between your computer and the corporate network to maintain the confidentiality of private data. Government encryption standard AES (Advanced Encryption Standard) for dramatically increased security. encrypted access through the Internet or corporate dial-up facilities for remote users as well as secure wireless networking for SonicWALL Secure Wireless appliance clients using SonicWALL’s WiFiSec technology. Windows NT 4. the Global VPN Client combines with GroupVPN on SonicWALL Internet Security Appliances to dramatically streamline VPN deployment and management.Supports VeriSign.Supports 168-bit key 3DES (Data Encryption Standard) and the new U. Multi-Platform Client Support .Allows Global VPN Client connections to be managed by SonicWALL’s awardwinning Global Management System (GMS).Supports Windows 98 SE. the SonicWALL administrator establishes the VPN connections policies for the Global VPN Clients. VPN Session Reliability . Entrust. GMS Management .Critical Global VPN Client configuration information is locked from the user to prevent tampering. If a SonicWALL VPN gateway is down then the Global VPN Client can go through another SonicWALL VPN gateway. Client Policy Provisioning . The SonicWALL Global VPN Client encapsulates IPSec VPN traffic to pass through NAT devices. Third-Party Certificate Support .

Ghost Installation for Large Scale Installations . with optional arguments. when successful VPN connections are established.Enables the Global VPN Client’s virtual adapter to get its default address after installation and then create a ghost image.1.1.To improve compatibility with NAT-T-IKE-03. it receives a virtual IP address that also grants it access to other trusted VPN sites. Program Auto-Start on VPN Connection . When a Global VPN Client successfully authenticates with the central site.The Global VPN Client is now integrated with the Microsoft Cryptographic Application Program (MS CryptoAPI or MSCAPI). disabled. Page 6 SonicWALL Global VPN Client 3. without manual intervention.556 release: • • • • • • • Tunnel State Display Enhancement . and connected. NT Domain Logon Script Support . Hub and Spoke VPN Access .The Global VPN Client now alerts users when tunnels are connected or disconnected by displaying a small pop-up window. In addition to the states of enabled.Allows users to use a single VPN connection policy to access the networks of multiple SonicWALL Secure Wireless appliances.Provides the ability to route clear traffic to directly connected network interfaces that are configured with the Route All policy.Global VPN Clients access can be customized and restricted to specific subnet access (Requires SonicOS Enhanced). DNS Redirect . Smart Card and USB Token Authentication . NAT-T-IKE-03 Draft Support . This feature allows the VPN user to have access to mapped network drives and other network services. provisioning.Allows Global VPN Client connections using Microsoft Dial-Up Networking or third-party dial-up applications either as an automatic backup to a broadband connection or as the primary connection. Dual Processor Support . Automatic Configuration of Redundant Gateways from DNS . This feature allows the Global VPN Client to automatically make a connection to a SonicWALL VPN gateway that is temporarily disabled. New Features in SonicWALL Global VPN Client 3. Integration with Dial-Up Adapter .Enables the Global VPN Client to operate on dual-processor computers.• • • • • • • • • • Automatic Reconnect When Error Occurs . The SonicWALL VPN gateway passes the logon script as part of the Global VPN Client configuration.Allows the Global VPN Client to keep retrying a connection if it encounters a problem connecting to a peer. which is generally used in the WLAN zone.Allows IP addressing from SonicWALL VPN Gateway’s DHCP Server to Global VPN Client for configuring a different subnet for all remote Global VPN Clients than the subnet of the LAN.1 Administrator’s Guide . Group Policy Management . as specified in the Connection Properties dialog box.Enables the SonicWALL administrator to configure and distribute the corporate VPN connections with the Global VPN Client software to streamline VPN client deployment.When an IPSec gateway domain name resolves to multiple IP addresses.1 The following new features are supported on the SonicWALL Global VPN Client 3.Automatically launches a program. UDP encapsulation now uses port 4500 instead of port 500. and connecting. the Global VPN Client (version 2. the Global VPN Client now indicates when tunnels are authenticating.The Global VPN Client now provides additional information about the state of VPN tunnels. Tunnel All Support Enhancement .Allows Global VPN Clients to perform Windows NT/2000 domain authentication after establishing a secure IPSec tunnel. Single VPN Connection to any SonicWALL Secure Wireless Appliance for Roaming .DNS queries to DNS suffix associated with Virtual Adapter are not sent on the physical adapter.0. Tunnel Status Pop-Up Window . Default VPN Connections File . Makes hub-and-spoke VPN access simpler. which enables the Global VPN Client to support user authentication using digital certificates on Smart cards and USB tokens.0 or higher) uses the IP addresses in the list as failover gateways.

Global Security Client protection includes the SonicWALL Distributed Security Client and the SonicWALL Global VPN Client Enterprise combined with centrally managed security policies via the SonicWALL Internet Security Appliance and SonicWALL’s industry-leading Distributed Enforcement Architecture (DEA). configuring. About this Guide Page 7 . About this Guide The SonicWALL Global VPN Client Administrator’s Guide provides complete documentation on installing. configuration flexibility and software deployment to deliver comprehensive desktop security to mobile workers and corporate networks.6 or higher.1 or higher SonicWALL PRO Series (PRO 2040/3060/4060/5060) running SonicOS Standard or Enhanced 2.1 or higher. using and managing the Global VPN Client and Global Security Client. central management. you need to use the SonicWALL Global Security Client Administrator’s Guide and SonicWALL Global VPN Client Administrator’s Guide for complete instructions on installing. use the SonicWALL Global Security Client Administrator’s Guide. see the Administrator’s Guide for the firmware or SonicOS version running on your SonicWALL security appliance. The SonicWALL Distributed Security Client enforces firewall protection at the desktop from centrally managed security policies. SonicWALL Internet Security Appliances running firmware version 6. the SonicWALL Global VPN Client Enterprise. Distributed Security Client and DEA Client provide client security and secure IPSec VPN access to the corporate network. making a real-time decision to allow or deny network access through a SonicWALL Gateway. Windows XP Home (SP1).1 Enterprise. which is included as part of the SonicWALL Global Security Client. SonicWALL Global Security Client and Global VPN Client Because the SonicWALL Global VPN Client is integrated into the SonicWALL Global Security Client. SonicWALL Global Security Client. and managing the SonicWALL Global VPN Client 3. The SonicWALL Global VPN Client as part of the SonicWALL Global Security Client operates on Windows 2000 (SP3). This guide also provides instructions for SonicWALL Global VPN Client 3. and Windows XP Professional (SP1) operating systems for clients.Global VPN Client Enterprise/Global Security Client SonicWALL Global Security Client combines gateway enforcement. The Global VPN Client as part of the SonicWALL Global Security Client is supported by the following SonicWALL security appliances and firmware versions: • • • SonicWALL TZ 170 running SonicOS Standard or Enhanced 2. For configuring your SonicWALL security appliance to support Global VPN Clients using SonicWALL’s GroupVPN.1. For configuring your SonicWALL security appliance to support the SonicWALL Global Security Clients. and SonicWALL Pocket Global VPN Client each have their own Administrator Guides. The DEA Client monitors the desktop against the security policy. configuring. Using the Right Administrator’s Guides The SonicWALL Global VPN Client. Global VPN Client Enterprise provides the same functionality as the Global VPN Client with the added feature of license sharing. On the remote client desktop.

SonicWALL Pocket Global VPN Client
Use the SonicWALL Pocket Global VPN Client Administrator’s Guide for complete instructions on
installing, configuring and managing the Pocket Global VPN Client.
For configuring your SonicWALL security appliance to support Pocket Global VPN Clients using
SonicWALL’s GroupVPN, see the Administrator’s Guide for the firmware or SonicOS version running on
your SonicWALL wireless security appliance.

SonicWALL Global VPN Client
If you’re using SonicWALL Global VPN Client 3.1 on Windows 98 SE, use only the SonicWALL Global
VPN Client 3.1 Administrator’s Guide.
Tip! Always check http://www.sonicwall.com/support/VPN_documentation.html or the latest version of
this manual and other upgrade manuals as well.

Conventions Used in this Guide
Conventions used in this guide are as follows:
Convention

Use

Bold

Highlights items you can select on the Global VPN Client
interface or the SonicWALL Management Interface.

Italic

Highlights a value to enter into a field. For example, “type
192.168.168.168 in the IP Address field.”

>

Indicates a multiple step menu choice. For example, “select
File>Open” means “select the File menu, then select the
Open item from the File menu.

Icons Used in this Guide
Alert! Important information about features that can affect performance, security features, or cause
potential problems with your SonicWALL.

Tip! Useful information about security features and configurations on your SonicWALL.

Note! Related information to the topic.

Copyright Notice
©

2005 SonicWALL, Inc. All rights reserved.

Under the copyright laws, this manual or the software described within, can not be copied, in whole or
part, without the written consent of the manufacturer, except in the normal use of the software to make a
backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were
affixed to the original. This exception does not allow copies to be made for others, whether or not sold,
but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person.
Under the law, copying includes translating into another language or format.
SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned
herein can be trademarks and/or registered trademarks of their respective companies.
Specifications and descriptions subject to change without notice. August 2005.
Page 8 SonicWALL Global VPN Client 3.1 Administrator’s Guide

Limited Warranty
SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case
commencing not more than ninety (90) days after the original shipment by SonicWALL), and continuing
for a period of twelve (12) months, that the product will be free from defects in materials and workmanship
under normal use. This Limited Warranty is not transferable and applies only to the original end user of
the product. SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy under
this limited warranty will be shipment of a replacement product. At SonicWALL's discretion the
replacement product may be of equal or greater functionality and may be of either new or like-new quality.
SonicWALL's obligations under this warranty are contingent upon the return of the defective product
according to the terms of SonicWALL's then-current Support Services policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged by
accident, abuse, misuse or misapplication, or has been modified without the written permission of
SonicWALL.
DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR
IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT
LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A
COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE
MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY
CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY
PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW
LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS
WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS
WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply
even if the express warranty set forth above fails of its essential purpose.
DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A
REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. IN NO EVENT
SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER,
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS
INTERRUPTION, LOSS OF INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THE
USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,
INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY
OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE
EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort
(including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall
apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR
JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR
INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

Installing the SonicWALL Global VPN Client
The SonicWALL Global VPN Client uses an easy-to-use wizard to guide you through the installation
process. The Global VPN Client supports Windows 98 SE, Windows ME, Windows NT 4.0 (service pack
6 or later), Windows 2000 Professional (service pack 3 or later), Windows XP Professional, Windows XP
Home Edition, and Windows XP Tablet PC Edition.
Alert! Installing the Global VPN Client on Windows NT, Windows 2000, and Windows XP requires
Administrator rights.
The SonicWALL Global VPN Client requires a SonicWALL Internet Security Appliance running firmware
version 6.4.2.0 (or higher), SonicOS 1.0.0.0 (or higher), SonicOS Standard 2.0.0.0 (or higher), or
SonicOS Enhanced 2.0.0.0 (or higher).
Installing the SonicWALL Global VPN Client Page 9

Tip! For information on the number of SonicWALL Global VPN Client connections supported by your
SonicWALL and Global VPN Client licensing for your SonicWALL, see “SonicWALL Global VPN Client
Licenses” on page 35.
You can upgrade the SonicWALL Global VPN Client from an earlier version to 3.1 without uninstalling the
earlier version.
Alert! If you are upgrading SonicWALL Global VPN Client from an earlier version to 3.1 and want to use
the Retain MAC Address uninstall feature of the SonicWALL Virtual Adapter, you must uninstall the
earlier version before installing Global VPN Client 3.1.

Using the Setup Wizard
The following steps explain how to install the SonicWALL Global VPN Client program using the Setup
Wizard. You use the Setup Wizard for a new Global VPN Client installation or upgrading a previous
version of the SonicWALL Global VPN Client. If you’re upgrading your Global VPN Client software, the
Setup Wizard doesn’t display all the same pages as a new installation.
Alert! Remove any installed 3rd Party VPN client program before installing the SonicWALL Global VPN
Client.
Alert! You must use a Zip program to unzip the SonicWALL Global VPN Client program files before
installing it.
1. Unzip the SonicWALL Global VPN Client program.
2. Double-click setup.exe. The Setup Wizard launches.

3. Click Next to continue installation of the VPN Client.

Page 10 SonicWALL Global VPN Client 3.1 Administrator’s Guide

Click Next. Select I accept the terms of the license agreement. 7. Close all applications and disable any disk protection and personal firewall software running on your computer. Click Next to accept the default location and continue installation or click Browse to specify a different location. 5. Click Install. 6. After the Setup Wizard installs the Global VPN Client. the Setup Complete page is displayed.4. The Setup Wizard installs the Global VPN Client files on your computer. Click Next. Installing the SonicWALL Global VPN Client Page 11 .

9.8. which you install using the Import Connection dialog box. Note! Creating a Default. when the program is installed. if desired. If the SonicWALL VPN Gateway administrator included the default.rcf file and distributing it with the Global VPN Client software allows the SonicWALL VPN Gateway administrator to streamline VPN client deployment and allow users to quickly establish VPN connections. see your SonicWALL Administrator’s Guide. VPN connection policies can be created using three methods: • Download the VPN policy from the SonicWALL VPN Gateway to the Global VPN Client using the New Connection Wizard. Alert! Your SonicWALL must be configured with GroupVPN to facilitate the automatic provisioning of Global VPN Clients. the VPN policy created by the SonicWALL VPN Gateway administrator is automatically created. For more information on creating the Default. if desired.1 Administrator’s Guide . The VPN connection policy includes all the parameters necessary to establish secure IPSec tunnels to the gateway. one or more preconfigured VPN connections are automatically created.rcf File for Global VPN Clients” on page 40. The VPN policy is sent to you as a file.rcf file. whether they are provisioned from multiple gateways or imported from one or more files. Click Finish. 10. each connection policy explicitly states allowed behavior in the presence of any connection policy conflicts. This wizard walks you through the process of locating the source of your configuration information and automatically downloads the VPN configuration information over a secure IPSec VPN tunnel. • Install the default. Adding VPN Connection Policies Adding a new VPN connection policy is easy because SonicWALL’s Client Policy Provisioning automatically provides all the necessary configuration information to make a secure connection to the local or remote network. When the Global VPN Client software is installed. You may have VPN connections that don’t allow other VPN connections or Internet and network connections while the VPN policy is enabled. • Import a VPN policy file into the SonicWALL Global VPN Client.rcf file as part of the Global VPN Client software installation or add it after installing the Global VPN Client. A connection policy includes Phase 1 and Phase 2 Security Associations (SA) parameters including: • • • • • • Encryption and authentication proposals Phase 1 identity payload type Phase 2 proxy IDs (traffic selectors) Client Phase 1 credential Allowed behavior of connection in presence of other active connections Client caching behavior Page 12 SonicWALL Global VPN Client 3. see “Appendix A .Creating and Deploying the Default. The burden of configuring the VPN connection parameters is removed from the Global VPN Client user. Understanding VPN Connection Policies The Global VPN Client allows multiple connection policies to be configured at the same time.rcf file as part of the Global VPN Client software. Select Start program automatically when users log in to automatically launch the VPN Global Client when you log onto the computer. Select Launch program now to automatically launch the Global VPN Client after finishing the installation. Because connection policies may be provisioned from multiple gateways. For instructions on configuring your SonicWALL with GroupVPN.

make sure you have the IP address or FQDN (gateway. If the New Connection Wizard does not display. click the New Connection Wizard icon on the far left side of the toolbar to launch the New Connection Wizard. it appears as the Peer entry of <Default Gateway> in the SonicWALL Global VPN Client window.com) of the VPN gateway and the Global VPN Client automatically downloads the VPN connection policy from the remote SonicWALL VPN gateway. the New Connection Wizard automatically launches. The most common use of this scenario is when you are at home or on the road and want access to the corporate network. Using the New Connection Wizard The New Connection Wizard provides easy configuration for the following VPN connection scenarios: • Remote Access .com) of the remote SonicWALL VPN gateway and an active Internet connection before using the New Connection Wizard. Click Next. Alert! If you are configuring the Global VPN Client for Remote Access. your VPN gateway administrator must provide you with the required certificates.You choose this scenario if you want secure access to a remote VPN gateway from any wired or wireless network. Choose Start>Programs>SonicWALL Global VPN Client. You can use this single Office Gateway VPN connection policy to roam securely across SonicWALL Secure Wireless appliance networks.yourcompany. Alert! If digital certificates are required as part of your VPN connection policy. make sure your wireless card is configured with the correct SSID information to access the SonicWALL Secure Wireless appliance before using the New Connection Wizard. Creating a VPN Connection Policy The following instructions explain how to use the New Connection Wizard to automatically download VPN connection policies for the Global VPN Client from a local or remote SonicWALL VPN gateway. see “Managing Certificates” on page 30. Alert! If you are configuring the Global VPN Client for Office Gateway. Note! For instructions on importing a certificate into the Global VPN Client. You then need to import the certificate in the Global VPN Client using the Certificate Manager. 2. your gateway administrator must provide you with the required information to import the certificate. 1. You enter the IP address or FQDN (gateway. • Office Gateway . Adding VPN Connection Policies Page 13 . When you create an Office Gateway VPN connection.You choose this scenario if you want secure access to a local SonicWALL Secure Wireless appliance network.yourcompany. The first time you open the SonicWALL Global VPN Client.Understanding Digital Certificates If digital certificates are required as part of your VPN connection policy.

Select Remote Access or Office Gateway and then click Next.3.1 Administrator’s Guide . you can click on View Scenario to view a diagram of each type of VPN connection. In the Choose Scenario page. Page 14 SonicWALL Global VPN Client 3. Clicking on the Remote Access View Scenario links displays the diagram for this type of VPN connection. Clicking on the Office Gateway View Scenario link displays the diagram for this type of VPN connection. 4.

Because the file can be encrypted. if you want to create a shortcut icon on your desktop for this VPN connection.rcf. enter the new name in the Name field. Type the IP address or FQDN of the gateway in the IP Address or Domain Name field. If you selected Office Gateway in the Choose Scenario page. If you want a different name for your connection. 6. Adding VPN Connection Policies Page 15 . If you received a VPN connection policy file from your administrator. 8. In the Completing the New Connection Wizard page select any of the following options: Select Enable this connection when the program is launched. Select Create a shortcut to this connection on the desktop. The new VPN connection policy appears in the SonicWALL Global VPN Client window. This VPN configuration file has the filename extension . The VPN policy file is in the XML format to provide more efficient encoding of policy information. Click Next. if you want to automatically establish this VPN connection when you launch the SonicWALL Global VPN Client. If you selected Remote Access in the Choose Scenario page. you can install it using the Import Connection dialog box. In the General tab of the Properties dialog box. The information you type in the IP Address or Domain Name field appears in the Connection Name field. The Completing the New Connection Wizard page is displayed. Importing a VPN Configuration File A VPN connection policy can be created as a file and sent to you by the SonicWALL VPN gateway administrator. pre-shared keys can also be exported in the file. The encryption method is specified in the PKCS#5 Password-Based Cryptography Standard from RSA Laboratories and uses Triple-DES encryption and SHA-1 message digest algorithms. 7. type the new name for your VPN connection policy in the Connection Name field. the Completing the New Connection Wizard page is displayed.5. Note! You can change the default name by right-clicking the Office Gateway entry and selecting Properties from the menu. Click Finish. the Remote Access page is displayed.

. If you’re using Microsoft Dial-Up Networking. Create a VPN connection policy using the New Connection Wizard or use an existing VPN connection policy. if you want to remain connected to the Internet after disabling the Global VPN Client connection. 7. Use the default Automatic option in the Interface Selection menu. You can also use a dial-up connection as an automatic backup for your VPN connection in the event your broadband Internet connection is disabled. to locate the program.1 Administrator’s Guide . select Use a third-party dial-up application. 4. 6. The Dial-Up Settings dialog box is displayed. you must have the password to import the configuration file into the Global VPN Client. The Properties dialog box is displayed. 3. 1. If you’re using a third-party dial-up application. select Dial-Up Only from the Interface Selection menu.. Select Do not hang up the modem when disabling this connection. The Peer Information dialog box is displayed. Configuring a Dial-Up VPN Connection You can use a dial-up Internet connection to establish your VPN connection. enter the password in the If the file is encrypted. if you want the Global VPN Client to automatically determine whether to use the LAN or Dial-Up interface based on availability. and then enter the path for the program in the Application field or click browse . 1. Click Dial-Up Settings. 2. the Global VPN Client uses the dial-up connection. Click the Peers tab.Alert! If your . Click Edit. specify the password field.. 5. Page 16 SonicWALL Global VPN Client 3. 3. the Global VPN Client uses this interface first. check Use Microsoft dial-up networking and select the dial-up networking profile from the Phonebook Entry list. button to locate the file. If the file is encrypted. You can create a Remote Access VPN connection policy using the Make New Connection wizard or use an existing VPN connection policy. 9. 8. 2. If the LAN interface is active. Select File>Import Connection. Type the file path for the configuration file in the Specify the name of the configuration file to import field or click the browse . Alert! Make sure you create your dial-up connection profile using Microsoft Dial-up Networking or your third-party dial-up application before configuring your dial-up VPN connection policy. and then configure the VPN connection policy to use a Microsoft Dial-Up Networking phone book entry or a third-party dial-up application. Click OK. Right-click the VPN connection policy and select Properties from the menu. The following instructions explain how to add VPN connection policy by importing a connection policy file provided by your gateway administrator.. 4. If you want this VPN connection policy to use a dial-up connection. Choose Start>Programs>SonicWALL Global VPN Client. The Import Connection dialog box is displayed. If the LAN interface is not available. Click OK three times to return to the SonicWALL Global VPN Client window.rcf file is encrypted.

The SonicWALL administrator sets the parameters for what is allowed and not allowed with the VPN connection policy. Tip! You can create a shortcut to automatically launch the SonicWALL Global VPN Client window and make the VPN connection from the desktop. If you don’t want this notification message to display every time you close the Global VPN Client window. press Alt+F4 or choose File>Close. check Don’t show me this message again and then click OK. taskbar. A message dialog box appears notifying you that the Global VPN Client program and any enabled connections will remain active after the window is closed. See “Appendix C Running the Global VPN Client from the Command Line Interface” on page 49 for more information. For example.Launching the SonicWALL Global VPN Client To launch the SonicWALL Global VPN Client. the SonicWALL VPN Gateway administrator may not allow multiple VPN connections or the ability to access the Internet or local network while the VPN connection is enabled. Making VPN Connections Making a VPN connection from the Global VPN Client is easy because the configuration information is managed by the SonicWALL VPN gateway. Alert! Exiting the SonicWALL Global VPN Client from the system tray icon menu disables any active VPN connections. choose Start>Programs>SonicWALL Global VPN Client. Tip! You can change the default launch setting for SonicWALL Global VPN Client. or Start menu. Tip! You can launch the SonicWALL Global VPN Client from the command line. See “Creating a VPN Policy Shortcut” on page 22 for more information. the SonicWALL Global VPN Client window closes but your established VPN connections remain active. If you click Close. see “Specifying Global VPN Client Launch Options” on page 23 for more information. You can open the SonicWALL Global VPN Client window by double-clicking the SonicWALL Global VPN Client icon in the system tray or right-clicking the icon. Launching the SonicWALL Global VPN Client Page 17 . and selecting Open SonicWALL Global VPN Client. The default setting for the SonicWALL Global VPN Client window is Hide the window (reopen it from the tray icon). for security reasons.

115.yourcompany.1. Your Pre-Shared Key is typically configured as part of your Global VPN Client provisioning. A green checkmark is displayed on the VPN connection policy icon.0 (or higher) adds automatic support for redundant VPN gateways if the IPSec gateway’s domain name resolves to multiple IP address. This field can be any combination of Alphanumeric characters with a minimum length of 4 characters and a maximum of 128 characters. Connecting changes to Authenticating when the Enter Username/Password dialog box is displayed. Enabling a VPN Connection Enabling a VPN connection with the SonicWALL Global VPN Client is a transparent two phase process. Page 18 SonicWALL Global VPN Client 3. The Global VPN Client version 2. See “Peers” on page 26 for more information. which establishes the VPN connection for sending and receiving data. you can use the Log Viewer to view the error messages to troubleshoot the problem.8 and 67. A Pre-Shared Key (also called a Shared Secret) is a predefined field that the two endpoints of a VPN tunnel use to set up an IKE (Internet Key Exchange) Security Association. the Group VPN policy attributes (such as pre-shared keys and the attributes on the Peer Information window) must be the same for every gateway.com resolves to 67. Global VPN Client switches to the next peer. See “Understanding the Global VPN Client Log” on page 31 for more information. a pop-up notification is displayed from the Global VPN Client system tray icon. If it is not. Provisioning changes to Connected once the VPN connection is fully established.9. If all the resolved IP addresses fail to respond. Note! When configuring redundant VPN gateways. 3. It displays the Connection Name. Note! If the Global VPN Client doesn’t establish the VPN connection. 4. Phase 1 enables the connection. you are prompted to enter it before you log on to the remote network. Accessing Redundant VPN Gateways The Global VPN Client supports redundant VPN gateways by manually adding the peer in the Peers page of the VPN connection Properties dialog box. Authenticating changes to Connecting when the user enters the username and password. If an error occurs during the VPN connection. Error appears in the Status column and an error mark (red x) appears on the VPN connection policy icon. allowing multiple IP addresses to be used as failover gateways. you use the Certificate Manager to configure the Global VPN Client to use digital certificates.7.115.118. Connecting changes to Provisioning.0. See “Peers” on page 26 for more information. Disabled changes to Connecting. which completes the ISAKMP (Internet Security Association and Key Management Protocol) negotiation.118. Once the VPN connection is established. If your VPN connection policy uses 3rd party certificates. When you enable a VPN connection policy. Preshared Secret is the most common form of the IPSec Keying modes. if gateway.115. 2. A VPN policy that doesn’t successfully complete all phase 2 connections displays a yellow warning symbol on the policy icon. if another peer is specified in the Peers page of the VPN connection Properties dialog box.The Global VPN Client support two IPSec Keying modes: IKE using Preshared Secret and IKE using 3rd Party Certificates. For example. the Global VPN Client cycles through these resolved IP addresses until it finds a gateway that responds.1 Administrator’s Guide . 5. the following information is displayed in the Status column of the SonicWALL Global VPN Client window: 1. 67.118. Connected to IP address and the Virtual IP Address. Phase 2 is IKE (Internet Key Exchange) negotiation.

Making VPN Connections Page 19 . and click the Enable button on the toolbar Select the VPN connection policy. Select the VPN connection policy and press Ctrl+B. the VPN connection is automatically established when you launch the SonicWALL Global VPN Client. Establishing Multiple Connections You can have more than one connection enabled at a time but it depends on the connection policy parameters established at the VPN gateway.To establish a VPN connection using a VPN connection policy you created in the Global VPN Client. choose one of the following methods to enable a VPN connection: Double-click the VPN connection policy. Enable a VPN connection policy using one of the following methods: • • If you selected Enable this connection when the program is launched in the New Connection Wizard. Enter Username and Password. and then choose File>Enable. 1. and Connection Warning dialog boxes may be displayed. follow these instructions. right-click the icon and then select Enable>connection policy name. The currently enabled VPN connection policy must be disabled before enabling the new VPN connection. the Cannot Enable Connection. Depending on how the VPN connection policy is configured. If you attempt to enable a subsequent VPN connection with a currently enabled VPN connection policy that does not allow multiple VPN connections. Enter Pre-Shared Secret. the Cannot Enable Connection message appears informing you the VPN connection cannot be made because the currently active VPN policy does not allow multiple active VPN connection. 2. If your VPN connection isn’t automatically established when you launch the Global VPN Client. Select the VPN connection policy. Right-click the VPN connection policy icon and select Enable from the menu. The Global VPN Client enables the VPN connection without opening the SonicWALL Global VPN Client window. • If the Global VPN Client icon is displayed in the system tray. which are explained in the following sections.

Selecting a Certificate If the SonicWALL VPN Gateway requires a Digital Certificate to establish your identity for the VPN connection. If you have a certificate that has not been imported into the Global VPN Client using Certificate Manager. Click OK. if no default Pre-Shared Key is used. The Pre-Shared Key you enter appears unmasked in the Pre-shared Key field.Entering a Pre-Shared Key Depending on the attributes for the VPN connection policy. click Import Certificate. check Don’t hide the preshared key. 2. This dialog box lists all the available certificates installed on your Global VPN Client. If the default Pre-Shared Key is not included as part of the connection policy download or file. Type your Pre-Shared Key in the Pre-shared Key field. 3. Note! See “Managing Certificates” on page 30 for more information on using the Certificate Manager. the Select Certificate dialog box appears. 1. the Enter Pre-Shared Key dialog box appears to prompt you for the Pre-Shared key before establishing the VPN connection. Username and Password Authentication The VPN gateway typically specifies the use of XAUTH for determining GroupVPN policy membership by requiring a username and password either for authentication against the gateway’s internal user database or via an external RADIUS service. If you want to make sure you’re entering the correct Pre-Shared Key. Select the certificate from the menu. you must have a Pre-Shared Key provided by the gateway administrator in order to make your VPN connection. Page 20 SonicWALL Global VPN Client 3.1 Administrator’s Guide . The Pre-Shared Key is masked for security purposes. then click OK.

The default Details view lists your VPN connection policies and their respective status: Disabled. then press Ctrl+B. Any network traffic destined for local network interfaces and the Internet is blocked. Click OK to continue with establishing your VPN connection. warning you that only network traffic destined for the remote network at the other end of the VPN tunnel is allowed. check Remember Username and Password to cache your username and password to automatically log in for future VPN connections. don’t show this dialog box again. Disabling a VPN Connection Page 21 . or Error. Select the connection policy. Click Yes to continue with establishing your VPN connection. A VPN policy that doesn’t successfully complete all phase 2 connections displays a yellow warning on the policy icon. Type your username and password. the Connection Warning message appears. and choose Disable>connection policy. You can disable a VPN connection using any of the following methods: • • • • Right-click the SonicWALL Global VPN Client icon on the system tray. If permitted by the gatewa y. and click the Disable button on the toolbar in the SonicWALL Global VPN Client window. Right-click the VPN connection policy in the SonicWALL Global VPN Client window. Disabling a VPN Connection Disabling a VPN connection terminates the VPN tunnel.If the SonicWALL VPN gateway is provisioned to prompt you for the username and password to enter the remote network. Enabled. and select Disable. Connection Warning If the VPN connection policy allows only traffic to the gateway. Select the connection policy. Checking the Status of a VPN Connection The SonicWALL Global VPN Client includes a variety of indicators to determine the status of your VPN connections. • • A successfully connected VPN policy is indicated by a green check mark on the policy icon. You can disable the Connection Warning message from displaying every time you enable the VPN connection by checking If yes. Connected. the Enter Username and Password dialog box appears.

Tip! For more information on the Status page. then click the Status button on the toolbar. you can place a VPN connection policy on the desktop. taskbar. You can also place the connection policy at any other location on your system. or Start menu. Select the VPN connection policy you want to create a shortcut for in the SonicWALL Global VPN Client window. • Select the VPN connection policy. then press Ctrl+T. • Right-click the VPN connection policy in the SonicWALL Global VPN Client window and select Status. To create a shortcut: 1. see “Status” on page 28. To display the Status tab for any VPN connection. • Selecting the VPN connection policy. then press Ctrl+T. You can also display the Status page by: • Right-clicking on the VPN connection policy.1 Administrator’s Guide . In the Start Menu. 2. then selecting Status from the pop-up menu. • Select the VPN connection policy. Tip! You can also create a Desktop shortcut for the SonicWALL Global VPN Client program for easy access to all your VPN policies. use one of the following methods: • Double-click the active VPN connection policy. • Selecting the VPN connection policy. You can also right-click the VPN connection policy and then choose Create Shortcut>shortcut option. Creating a VPN Policy Shortcut To streamline enabling a VPN connection. You can select from On the Desktop. On the Task Bar. The SonicWALL Global VPN Client icon in the system tray displays a visual indicator of data passing between the Global VPN Client and the gateway. then click the Status button on the toolbar. Page 22 SonicWALL Global VPN Client 3.• • • A VPN policy that cannot be successfully connected displays an error mark (red x) on the policy icon. or Select a Location. The Status page in the Properties dialog box displays more detailed information about the status of an active VPN connection. Choose File>Create Shortcut and select the shortcut option you want.

Hide the window (re-open it from the tray icon) .Displays a menu of VPN connection policies.The default setting that hides the SonicWALL Global VPN Client window when you close it. Choose View>Options to display the Options dialog box. Show the notification when I hide the connections window . When closing the connections window .Minimizes the window to taskbar and restores it from the taskbar. The three options include Minimize the window (restore it from the task bar) . Enable . • • Open SonicWALL Global VPN Client .Specifying Global VPN Client Launch Options You can specify how the SonicWALL Global VPN Client launches and what notification windows appear using the controls in the General tab of the Options dialog box. the program icon appears in the system tray on the taskbar. This icon provides program and VPN connection status indicators as well as a menu for common SonicWALL Global VPN Client commands. The message tells you that the Global VPN Client program continues to run after you close (hide) the window. Activates Connection Warning message notifying you that the VPN connection will block local Internet and network traffic. Warn me before enabling a connection that will block my Internet traffic.Launches the SonicWALL Global VPN Client when you log into your computer.Allows the Global VPN Client to remember the last window state (open or closed) the next time the program is started. You can open the Global VPN Client from the program icon in the system tray. The General page includes the following settings to control the launch of the Global VPN Client: • • • • Start this program when I log in . a user can launch the Global VPN Client from the system tray without opening a window on the desktop.Checking this box activates the SonicWALL Global VPN Client Hide Notification window whenever you close the Global VPN Client window while the program is still running. For example. Right clicking on the SonicWALL Global VPN Client icon in the system tray displays a menu of options for managing the program. Specifying Global VPN Client Launch Options Page 23 . Remember the last window state (closed or open) the next time the program is started .Specifies how the Global VPN Client window behaves after closing.Opens the program window. Enabling this setting also displays the Show the notification when I hide the connections window checkbox. Managing the Global VPN Client System Tray Icon When you launch the SonicWALL Global VPN Client window.

Open Log Viewer .Allows you to disable active VPN connections. See page 31 for more information on the Log Viewer.Opens the Log Viewer to view informational and error messages. The text appears when your mouse pointer moves over the VPN connection policy. Peers and Status tabs. Page 24 SonicWALL Global VPN Client 3. choose one of the following methods: • • • Select the connection policy and choose File>Properties. General The General page in the Connection Properties dialog box includes the following settings: • • Name . To open the Connection Properties dialog box. See page 30 for more information on the Certificate Manager.Opens the Certificate Manager. Right click the connection policy and select Properties. • Open Certificate Manager . The Connection Properties dialog box includes the General.Displays a pop-up text about the connection policy. Moving the mouse pointer over the SonicWALL Global VPN Client icon in the system tray displays the number of enabled VPN connections.Exits the SonicWALL Global VPN Client window and disables any active VPN connections. Managing VPN Connection Policy Properties The Connection Properties dialog box includes the controls for configuring a specific VPN connection profile. • Exit . Select the connection policy and click the Properties button on the SonicWALL Global VPN Client window toolbar.Displays the name of your VPN connection policy.• • Disable . The Global VPN Client icon in the system tray also acts as a visual indicator of data passing between the Global VPN Client and the SonicWALL gateway. Description .1 Administrator’s Guide . User Authentication.

Establishes the VPN connection policy as the default VPN connection when you launch the SonicWALL Global VPN Client. Automatically reconnect when waking from sleep or hibernation . If the connection error is due to an incorrect configuration. the settings in this page are not active and the message The peer does not allow saving of username and password appears at the bottom of the page. Execute logon script when connected .Allows a program to be automatically executed. These settings are controlled at the SonicWALL VPN gateway. the Connection Warning message appears. This setting is enabled by default. Automatically reconnect when an error occurs . If the SonicWALL VPN gateway does not support the saving (caching) of a username and password. Check the Log Viewer to determine the problem and then edit the connection. Use virtual IP address . all network traffic not routed to the SonicWALL VPN gateway is blocked. • Remember my username and password . then the connection must be manually corrected. if the Global VPN Client encounters a problem connecting to the peer. This option is enabled by default. Default traffic tunneled to peer . displays an error message dialog box.If enabled.• Attributes . When you enable the VPN connection with this feature active. Other traffic allowed .Allows the VPN Client to get its IP address via DHCP through the VPN tunnel from the gateway. Immediately establish security when connection is enabled . without manual intervention. it keeps retrying to make the connection. with optional arguments.Automatically re-enables the VPN connection policy after the computer wakes from a sleep or hibernation state. such as the DNS or IP address of the peer gateway. If an error occurs with this option disabled during an attempted connection.Enables the saving of your username and password for connecting to the SonicWALL VPN gateway. Run the following command when connection is established . This feature allows a Global VPN Client to make a connection to a VPN connection that is temporarily disabled. This setting is disabled by default. • • • • • • Enable this connection when the program is launched . the Global VPN Client logs the error.Negotiates the first phase of IKE as soon as the connection is enabled instead of waiting for network traffic transmission to begin. your computer can access the local network or Internet connection while the VPN connection is active.Allows the Global VPN Client to perform domain authentication after logging into the SonicWALL VPN Gateway and establishing a secure tunnel. User Authentication The User Authentication page allows you to specify a username and password when user authentication is required by the gateway. and stops the connection attempt. when successful VPN connections are established. Managing VPN Connection Policy Properties Page 25 .Defines the status of Tunnel All support.If activated.With this feature enabled.

Note! When configuring redundant VPN gateways. select the peer entry and click Remove. select the peer name and click Edit. • • • To add a peer. click Add. This setting is enabled by default. To delete a peer entry. make your changes. The Global VPN Client exchanges “heart beat” packets to detect if the peer gateway is alive. Use the default gateway as the peer IP address .1 Administrator’s Guide . then click OK.Enter the username provided by your gateway administrator.Specifies the peer VPN gateway IP address or DNS name. Peer Information Dialog Box The Peer Information dialog box allows you to add or edit peer information. then click OK. • • • IP Address or DNS Name . Page 26 SonicWALL Global VPN Client 3.Automatically initiates VPN connection again if the VPN gateway does not respond for three consecutive heart beats. An attempt is made to establish a VPN connection to the given VPN gateway peers in the order they appear in the list. In the Peer Information dialog box.Specifies the default gateway as the peer IP address. enter the IP address or DNS Name in the IP Address or DNS Name box. the Group VPN policy attributes (such as pre-shared keys and the attributes on the Peer Information window) must be the same for every gateway.• • Username . Peers The Peers page allows you to specify an ordered list of VPN gateway peers that this connection policy can use (multiple entries allow a VPN connection to be established through multiple VPN gateways).Enter the password provided by your gateway administrator. Password . In the Peer Information dialog box. To edit a peer entry. Detect when this peer stops responding (Dead Peer Detection) .

the Global VPN Client uses the Dial-Up interface. Type the IP address in the Next Hop IP Address field to specify the IP address of a different route than the default route. Check the Do not hang up the modem when disabling this connection to keep the dial-up network connection active after disabling the VPN connection. Specify the conditions under which DPD packets will be sent . Use a third-party dial-up application . • Interface Selection . which allows you to select the dial-up profile to use making a dial-up VPN connection. 25. or 30 seconds. Use Microsoft dial-up networking . Managing VPN Connection Policy Properties Page 27 .Displays the Dead Peer Detection Settings dialog box. Automatic .Forces the use of UDP encapsulation of IPSec packets even when there is no NAPT/ NAT device in between the peers. • NAT Traversal .Displays the Dial-Up Settings dialog box.Displays LAN Settings dialog box for specifying the setting used when this connection is enabled over the LAN.Automatically determines the availability of each interface beginning with the LAN interface. Dial-Up Only . button to locate the program. Disabled .Automatically determines whether NAT traversal is forced on or disabled. Select the Dial-up networking profile from the Phonebook Entry list.. If the LAN interface is not available.Defaults to the LAN interface only.Choose either Only when no traffic is received from the peer or whether or not traffic is received from the peer.Choose one of the following three menu options: Automatic .Specifies the number of IKE negotiation retries. Leaving the setting as zeros instructs the Global VPN Client to use the default route. Assume peer is dead after . 20. or 5 Failed Checks.choose from 5.Specifies a timeout value for the VPN connection attempt. 4.Defines the interface used by this VPN connection policy.Defaults to the Dial-Up interface only. 10.Disables use of UDP encapsulation of IPSec packets between the peers. • • Response Timeout (in seconds) .Select this option to use a third party dial-up program. LAN Only . • LAN Settings .Uses the Microsoft dial-up networking profile you specify for making the VPN connection. Forced On .. • Dial-Up Settings . Type the path in the Application field or use the browse . Check for dead peer every .• DPD Settings . 15.choose from 3. Maximum Send Attempts .

Bytes . • Connection Status . • Activity Packets .Displays number of packets sent and received through VPN tunnel.Renews DHCP lease information.1 Administrator’s Guide .Resets the status information. Page 28 SonicWALL Global VPN Client 3. Subnet Mask . • Virtual IP Configuration IP Address .The subnet of the peer.Indicates whether VPN connection policy is enabled or disabled. which specifies the negotiated phase 1 and phase 2 parameters as well as the status of all individual phase 2 SAs.The IP address assigned via DHCP through the VPN tunnel from the VPN gateway. Peer IP Address .Status The Status page shows the current status of the connection.Displays the Connection Status Details dialog box.Displays number of bytes sent and received through VPN tunnel. Reset .Displays the IP address of the VPN connection peer.Displays connection time. Duration . Details . Renew .

You can arrange your VPN connection policies in the SonicWALL Global VPN Client window by choosing View>Arrange Icons by. then type in the new name.Sorts Name. Selecting All Connection Policies Choosing View>Select All or pressing Ctrl+A selects all the connection policies in the SonicWALL Global VPN Client window. You can also right-click the policy name and choose Delete. then delete it. You can also right-click the connection policy and choose Rename from the menu. If unchecked. you may want to arrange them for quicker access.Managing VPN Connection Policies The SonicWALL Global VPN Client supports as many VPN connection policies as you need.Sorts connection policies by name. policy arrangements are sorted in descending order. The default arrangement is by Name in Ascending order. Peer . Managing VPN Connection Policies Page 29 . or Status arrangements in ascending order. Renaming a Connection Policy To rename a connection policy. You cannot delete an active VPN connection. select the policy. To help you manage these connection policies. the Global VPN Client provides the following connection policy management tools. Arranging Connection Policies Over time. Gateway. Deleting a Connection Policy To delete a connection policy. Ascending . press Del or choose File>Delete. select the policy and click on the Rename button on the toolbar or choose File>Rename. Status .Sorts connection policies by connection status. Disable the VPN connection. You can arrange VPN connection profiles by: Name .Sorts connection policies by gateway IP address. as the number of VPN connection policies can increase in the SonicWALL Global VPN Client window.

The left pane of the Certificate Manager window lists the active Local and CA certificates currently used by your VPN policies. • Choose View>Status Bar to hide the status bar. click the Certificate Manager button on the SonicWALL Global VPN Client window toolbar.Managing Certificates The Certificate Manager allows you to manage digital certificates used by the SonicWALL Global VPN Client for VPN connections. • Choose View>Toolbar to hide the toolbar. or choose File>Delete Certificate to delete the selected certificate. • Click the Delete button on the toolbar. To open the Certificate Manager. see the SonicWALL Administrator’s Guide. press Del. choose View>Certificate Manager. This section explains using Log Viewer. CA Certificates list the digital certificates used to validate the user certificates. or press Ctrl+M. accessing SonicWALL’s Support site. Tip! For more information on using certificates for your VPN on the SonicWALL. Page 30 SonicWALL Global VPN Client 3. Troubleshooting the SonicWALL Global VPN Client The SonicWALL Global VPN Client provides tools for troubleshooting your VPN connections. you must import the CA and Local Certificates into the Certificate Manager. and uninstalling the Global VPN Client. using SonicWALL Global VPN Client help system.1 Administrator’s Guide . • • Click on the certificate in the left pane to display the certificate information in the right pane. If your VPN gateway uses digital certificates. Click the Import button on the toolbar. press Ctrl+I. or choose File>Import Certificate from the to display the Import Certificate window to import a certificate file. generating a Help Report. User Certificates list the local digital certificates used to establish the VPN Security Association.

or press Ctrl+L. To copy log contents for pasting into another application. To select all messages. click the Clear button on the toolbar. or Warning). click the Auto Scroll button on the toolbar.The type of message (Information. To clear current log information.txt file. To specify the message display level from All Messages to Filtered Messages. The Help Report information is inserted at the beginning of the log file. or choose View>Start Auto Scroll or View>Stop Auto Scroll. Tip! See “Appendix E. You can save a current log to a . then click the Copy button on the toolbar. click the Log Viewer button on the Global VPN Client window toolbar. Type . Peer . Message . or choose Edit>Clear. Error. Timestamp .Log Viewer Messages” on page 50 for complete listing of Log Viewer messages. press Crtl+X. Troubleshooting the SonicWALL Global VPN Client Page 31 .The IP address or FQDN of the peer. The Log Viewer provides the following features to help you manage log messages: • • • • • • • To save a current log to a . the Global VPN Client automatically adds a Help Report containing useful information regarding the condition of the SonicWALL Global VPN Client as well as the system it’s running on for troubleshooting. click the Filtered Messages button on the toolbar.Date and time the message was generated. press Ctrl+A or choose Edit>Select All. click the Capture button on the toolbar. the Global VPN Client automatically adds a report containing useful information regarding the condition of the SonicWALL Global VPN Client as well as the system it’s running on. click the Save button on the toolbar. or choose File>Save. or choose View>Stop Capturing Messages or View>Start Capturing Messages. You can also choose View>Show All Message or View>Show Filtered Messages. press Ctrl+M. press Ctrl+S. To start or stop automatic scrolling of messages to the latest message. When you save a Log Viewer file. or choose Edit>Copy. To enable or disable message capturing.txt file. When you save the current log to a file.Text of the message describing the event. See “Generating a Help Report” on page 33 for more information. select the messages you want to copy. press Ctrl+C. To open the Log Viewer window. press Ctrl+T. or choose View>Log Viewer.Understanding the Global VPN Client Log The SonicWALL Global VPN Client Log window displays messages about Global VPN Client activities.

Set size limit on auto-log file . Configuring the Log The Logging page in the Options dialog box specifies the settings for configuring the GLobal VPN Client Log behavior. Log dead peer detection packets ..000 lines. button allows you to specify the location of your auto-log file.Enables the logging of ISAKMP header information.Displays the entire log file up to 71. Log NAT keep-alive packets . Page 32 SonicWALL Global VPN Client 3. Log files are saved as text files (. Clicking on the .1 Administrator’s Guide . Configuring Auto-Logging Clicking on Settings displays the Auto-Logging window for specifying settings for auto-logging of messages to a file. Maximum number of log messages to keep . Overwrite existing file when auto-logging starts .txt)..Overwrites existing auto-log file after maximum file size is reached. choose View>Ignore Redundant Messages or press Ctrl+I.• • • To remove redundant messages from displaying.Specifies the maximum number of log messages kept in the log file.Activates a maximum size limit for the log file. Enter the name of the auto-log file . Enable automatic logging of messages to file . choose View>Toolbar. To hide the toolbar in the Log Viewer window.Enables the logging of dead peer detection packets. choose View>Status Bar. To hide the status bar in the Log Viewer window. Log ISAKMP header information . View Auto-Log File .Specifies the file to save the logging messages.Enables automatic logging of messages to a file as specified in the Auto-Logging window.Enables the logging of NAT keep-alive packets.Clicking on Settings displays the Auto-Logging window. Settings .

Prompts you when the log file reaches maximum size to choose either Stop auto-logging or Overwrite auto-log file. click View. Generate Report creates a report containing useful information for getting help in solving any problems you may be experiencing. Generating a Help Report Choosing Help>Generate Report in the SonicWALL Global VPN Client window displays the SonicWALL Global VPN Client Report dialog box. To save the report to a text file.overwrites existing auto-log file after maximum file size is reached. Troubleshooting the SonicWALL Global VPN Client Page 33 . Ask me what to do . click Save As. click Don’t Send. To send the report via e-mail. To close the report window without taking any action. Stop auto-logging .Instructs Auto-logging what to do when log file size is reached.Specifies the maximum file size in KB or MB. Information in this report includes: • Version information • Drivers • System information • IP addresses • route table • Current log messages. click Send.Maximum auto-log file size . Overwrite auto-log file . When auto-log size limit is reached . The report contains information regarding the condition of the SonicWALL Global VPN Client as well as the system it’s running on. To view the report in the default text editor window.Stops auto-logging when maximum file size is reached.

If you leave this setting unchecked. To uninstall the SonicWALL Global VPN Client: Alert! You must exit the SonicWALL Global VPN Client before uninstalling the program.displays help in a table of contents view. select Yes.allows you to search the help system using keywords. the VPN connection profiles are saved and appear again when you install the SonicWALL Global VPN Client at another time. Uninstalling the SonicWALL Global VPN Client (Windows 98 SE) You can easily uninstall the SonicWALL Global VPN Client and choose to save or delete your VPN connection policies as part of the uninstall process. Viewing Help Topics Selecting Help>Help Topics displays SonicWALL Global VPN Client help system window. you configure GroupVPN to automatically provision SonicWALL Global VPN Clients by downloading the policy.sonicwall. The GroupVPN policy is only available for SonicWALL Global VPN Clients. In the Confirm File Deletion dialog box. SonicWALL GroupVPN supports two IPSec keying modes: IKE using shared secret and IKE using 3rd Party Certificates.Accessing Technical Support Selecting Help>Technical Support accesses the SonicWALL Support site at http://www. 6. Double-click Add/Remove Programs.1 Administrator’s Guide . 3. 1. After the Global VPN Client is removed. Page 34 SonicWALL Global VPN Client 3. Launch the Windows Control Panel 2. Configuring SonicWALL Security Appliances for Global VPN Clients SonicWALL’s GroupVPN policy provides the automatic provisioning of SonicWALL Global VPN Client from the SonicWALL security appliance. you must uninstall the earlier version before installing Global VPN Client 3. The SonicWALL Global VPN Client Setup Wizard appears. I want to restart my computer now. and then click Finish. Choose Delete all individual user profiles if you want to delete all you existing VPN connection profiles. Select SonicWALL Global VPN Client and then click Change/Remove. click OK to confirm the removal of the SonicWALL Global VPN Client. 7. 5. or exporting the policy file for manual installation in the SonicWALL Global VPN Client. Index . Once you create the GroupVPN policy. Alert! If you are upgrading SonicWALL Global VPN Client from an earlier version to 3. Click Next.1.displays help in an alphabetical topic view. You can access help topics using the following options: • • • Contents . Search . Choose Retain MAC Address if you want to retain the same SonicWALL VPN Adapter MAC address the next time you install the Global VPN Client. 4.1 and want to use the Retain MAC Address uninstall feature of the SonicWALL Virtual Adapter.com/support/ The SonicWALL Support site offer a full range of support services including extensive online resources and information on SonicWALL’s enhanced support programs.

GX 650 Includes 10. PRO 1260 Requires Global VPN Client License.sonicwall. PRO 200 PRO 230 Includes 10 Global VPN Client License.Note! For information on configuring GroupVPN on the SonicWALL to support SonicWALL Global VPN Client.html SonicWALL Global VPN Client Licenses Global VPN Client Licensing is based on the number of simultaneous Global VPN Client connections to a SonicWALL. Requires WAN Global VPN Client Licenses. TZ 50 TZ 150 Requires Global VPN Client Licenses. Once the number of simultaneous Global VPN Client drops below the license limit. TZ 170 TZ 170 SP TZ 170 SP Wireless Includes unrestricted WLAN Global VPN Client Licenses (Enhanced). For more information on purchasing the Global VPN Client visit http://www. Requires WAN Global VPN Client Licenses.sonicwall. You can purchase Global VPN Client software and Global VPN Client Licenses from SonicWALL. your reseller.000 Global VPN Client licenses. Requires WAN Global VPN Client Licenses. the SonicWALL does not allow any additional Global VPN Client connections. new Global VPN connections can be established.000 Global VPN Client licenses. Configuring SonicWALL Security Appliances for Global VPN Clients Page 35 . Additional Licenses may be added.com/support/documentation.com/products/vpnglobal. Table 1: Global VPN Client License Support by SonicWALL Model SonicWALL Model Global VPN Clients TELE3 TELE3 TZ TELE3 TZX TELE3 SP SOHO3 Requires Global VPN Client License. Additional Licenses may be added. PRO 100 Includes 1 Global VPN Client License. SOHO TZW Includes unrestricted WLAN Global VPN Client Licenses. All SonicWALL product documentation is available at http://www. Additional Licenses may be added.com. Group VPN Connections Supported by Each SonicWALL Model Tabe 1 describes the Global VPN Client License support of each SonicWALL model. PRO 300 PRO 330 Includes 200 Global VPN Client License. or online at mysonicwall. GX 250 Includes 5. TZ 50 Wireless TZ 150 Wireless TZ 170 Wireless Includes unrestricted WLAN Global VPN Client Licenses. If the number of simultaneous Global VPN Client connections is exceeded. refer to the Administrator’s Guide for your SonicWALL.html.

5. PRO 5060 Includes unrestricted WLAN Global VPN Client Licenses (Enhanced).com To activate your Global VPN Client license. Includes 1. For future reference.500 WAN Global VPN Client Licenses. Select Software Download. Type in your activation key in the Activation Key field. create an account and then follow the registration instructions at http://www. In the My Products page. Includes 2. 3.com account. Select Global VPN Client from the Applicable Services menu. 4. click the name of your SonicWALL on which the Global VPN Client license is activated. or if you have not registered your product to your account. Select the registered SonicWALL Internet Security Appliance. Log in to your mysonicwall. 3. Includes 10 WAN Global VPN Client Licenses. PRO 4100 Includes unrestricted WLAN Global VPN Client Licenses (Enhanced). Activating Your SonicWALL Global VPN Clients In order to activate and download your SonicWALL Global VPN Client software.1 Administrator’s Guide . Your license activation is now complete. PRO 4060 Includes unrestricted WLAN Global VPN Client Licenses (Enhanced). Select Activate. a confirmation message will be displayed. PRO 3060 Includes unrestricted WLAN Global VPN Client Licenses (Enhanced). click on Agree to activate it. Upon successful activation. If you do not have a mysonicwall. Includes 25 WAN Global VPN Client Licenses. Page 36 SonicWALL Global VPN Client 3.000 WAN Global VPN Client Licenses.com account and your SonicWALL product must be registered to your account. Download the SonicWALL Global VPN Client software and documentation. 1.com account: 2. you must have a valid mysonicwall. record the Serial Number of the SonicWALL product.mysonicwall. 2. Includes 1. 6. Click Submit. Downloading Global VPN Client Software and Documentation 1. If this service is not already activated.Table 1: Global VPN Client License Support by SonicWALL Model PRO 2040 Includes unrestricted WLAN Global VPN Client Licenses (Enhanced).000 WAN Global VPN Client Licenses.

you must adhere to the software license agreement of the SonicWALL OEM partner. and interest in and to the SOFTWARE PRODUCT. However.SOFTWARE LICENSE AGREEMENT FOR THE SONICWALL GLOBAL VPN CLIENT This Software License Agreement (SLA) is a legal agreement between you and SonicWALL. By opening the sealed package(s). You may however return the unopened SOFTWARE PRODUCT to your place of purchase for a full refund. you agree to be bound by the terms of this SLA. You may not rent. The SOFTWARE PRODUCT is trade secret or confidential information of SonicWALL or its licensors. The SOFTWARE PRODUCT is licensed. This SLA does not convey to you an interest in or to the SOFTWARE PRODUCT.If the SOFTWARE PRODUCT is modified and enhanced for a SonicWALL OEM partner. lease. any transfer must include all prior versions of the SOFTWARE PRODUCT. as well as by other intellectual property laws and treaties. de-compile. including all associated intellectual property rights. Title to the SOFTWARE PRODUCT licensed to you and all copies thereof are retained by SonicWALL or third parties from whom SonicWALL has obtained a licensing right. or any prior version for the same operating system. You shall take appropriate action to protect the confidentiality of the SOFTWARE PRODUCT. and you obtain prior written consent from SonicWALL. are and shall remain with SonicWALL. SOFTWARE LICENSE AGREEMENT FOR THE SONICWALL GLOBAL VPN CLIENT Page 37 . on a single computer. You may also store or install a copy of the SOFTWARE PRODUCT on a storage device. and online or electronic documentation (SOFTWARE PRODUCT). or disassemble the SOFTWARE PRODUCT. but only a limited right of use revocable in accordance with the terms of this SLA. LICENSE SonicWALL grants you a non-exclusive license to use the SOFTWARE PRODUCT for SonicWALL Internet Security Appliances. you must acquire and dedicate a license for each separate computer on which the SOFTWARE PRODUCT is installed or run from the storage device. The SOFTWARE PRODUCT is licensed as a single product. You may install and use one copy of the SOFTWARE PRODUCT. in whole or in part. the SOFTWARE PRODUCT. any upgrades. or otherwise using the SOFTWARE PRODUCT. install or use the SOFTWARE PRODUCT. A license for the SOFTWARE PRODUCT may not be shared or used concurrently on different computers. do not open the sealed package(s). and this SLA). or lend the SOFTWARE PRODUCT. installing. title. Inc. you transfer all of the SOFTWARE PRODUCT (including all component parts. If you do not agree to the terms of this SLA. You may permanently transfer all of your rights under this SLA. such as a network server. the media and printed materials. or otherwise transfer for value. The provisions of this section will survive the termination of this SLA. provided you retain no copies. used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network. which includes computer software and any and all associated media. Its component parts may not be separated for use on more than one computer. printed materials. OEM . the recipient agrees to the terms of this SLA. not sold. You shall not reverse-engineer. • • • • • • • • • The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties. (SonicWALL) for the SonicWALL software product identified above. You acknowledge and agree that all right. If the SOFTWARE PRODUCT is an upgrade. You may not resell.

you must treat the SOFTWARE PRODUCT like any other copyrighted material except that you may install the SOFTWARE PRODUCT on a single computer provided you keep the original solely for backup or archival purposes. SUPPORT SERVICES SonicWALL may provide you with support services related to the SOFTWARE PRODUCT (“Support Services”). trade embargoes or restrictions. Licensee will not export or re-export. Page 38 SonicWALL Global VPN Client 3. A SOFTWARE PRODUCT labeled as an upgrade replaces and/or supplements the product that formed the basis for your eligibility for the upgrade. Government.227 19(c) (2) of the Federal Acquisition Regulations (“FAR”). U. and regulations of the U. and any copies of the SOFTWARE PRODUCT are owned by SonicWALL or its suppliers/licensors. COPYRIGHT All title and copyrights in and to the SOFTWARE PRODUCT (including but not limited to any images.S. With respect to technical information you provide to SonicWALL as part of the Support Services. Department of Treasury List of Specially Designated Nationals. music. and will. animations. Therefore. or to any other prohibited destination or person pursuant to U. and/or in other SonicWALL-provided materials. duplication. The SOFTWARE PRODUCT is protected by copyrights laws and international treaty provisions. You may not copy the printed materials accompanying the SOFTWARE PRODUCT.S. Department of Commerce. If the Software is supplied to the Department of Defense (“DOD”). video. Any supplemental software code provided to you as part of the Support Services shall be considered part of the SOFTWARE PRODUCT and subject to terms and conditions of this SLA.S. Libya. Syria or any other country subject to applicable U. the Software is subject to “Restricted Rights”. audio. as that term is defined in the DOD Supplement to the Federal Acquisition Regulations (“DFAR”) in paragraph 252. Use of Support Services is governed by the SonicWALL policies and programs described in the user manual. including. the Government's rights in the Software will be as defined in paragraph 52.S. or foreign agency or authority.S. you must be properly licensed to use a product identified by SonicWALL as being eligible for the upgrade in order to use the SOFTWARE PRODUCT. or to any party on the U. the U. in “online” documentation. export or re-export to Cuba. and “applets” incorporated into the SOFTWARE PRODUCT). demonstrate such compliance with all applicable export laws. text. Use. UPGRADES If the SOFTWARE PRODUCT is labeled as an upgrade.EXPORTS LICENSE Licensee will comply with. North Korea.S. Sudan. restrictions. the following provisions apply.S. Iraq. regulations or other provisions.1 Administrator’s Guide . restriction or regulation. the accompanying printed materials. You may use the resulting upgraded product only in accordance with the terms of this SLA. or allow the export or re-export of any product.S. at SonicWALL's request. Export Administration Table of Denial Orders or the U. photographs. If the Software is supplied to any unit or agency of the United States Government other than DOD. SonicWALL may use such information for its business purposes. Iran. the SOFTWARE PRODUCT may be used and transferred only as part of that single product package and may not be separated for use on more than one computer. If the SOFTWARE PRODUCT is an upgrade of a component of a package of software programs that you licensed as a single product. SonicWALL shall not utilize such technical information in a form that identifies its source.227 7013(c) (1). GOVERNMENT RESTRICTED RIGHTS If you are acquiring the Software including accompanying documentation on behalf of the U.S. including for product support and development. law. Department of Treasury and any other any U. technology or information it obtains or learns pursuant to this Agreement (or any direct product thereof) in violation of any such law. reproduction or disclosure by the Government is subject to such restrictions or successor provisions. without limitation.

installing or otherwise using the SOFTWARE PRODUCT. TERMINATION This SLA is effective upon your opening of the sealed package(s). incidental. indirect. or misapplication. fitness for a particular purpose. at SonicWALL's option. You may have others. The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. Any implied warranties on the SOFTWARE PRODUCT are limited to ninety (90) days. even if SOFTWARE LICENSE AGREEMENT FOR THE SONICWALL GLOBAL VPN CLIENT Page 39 . business interruption. neither these remedies nor any product Support Services offered by SonicWALL are available without proof of purchase from an authorized SonicWALL international reseller or distributor. and b) any Support Services provided by SonicWALL shall be substantially as described in applicable written materials provided to you by SonicWALL. without limitation. implied warranties of merchantability. title. whichever is longer. loss of business information. This Limited Warranty gives you specific legal rights. Outside of the United States. you agree to return or destroy the SOFTWARE PRODUCT (including all related documents and components items as defined above) and any and all copies of same. Should any term of this SLA be declared void or unenforceable by any court of competent jurisdiction. This SLA shall be governed by and construed under the laws of the State of California as if entirely performed within the State and without regard for conflicts of laws. or consequential) whatsoever (including. LIMITED WARRANTY SonicWALL warrants that a) the SOFTWARE PRODUCT will perform substantially in accordance with the accompanying written materials for a period of ninety (90) days from the date of receipt. NO OTHER WARRANTIES To the maximum extent permitted by applicable law. and shall continue until terminated. either a) return of the price paid. abuse. SonicWALL may terminate this SLA if you fail to comply with the terms and conditions of this SLA. so the above limitation may not apply to you. or any other pecuniary loss) arising out of the use of or inability to use the SOFTWARE PRODUCT or the provision of or failure to provide Support Services. SonicWALL and its suppliers/licensors disclaim all other warranties and conditions. LIMITATION OF LIABILITY To the maximum extent permitted by applicable law. with regard to the SOFTWARE PRODUCT. and non-infringement. Without prejudice to any other rights. including. CUSTOMER REMEDIES SonicWALL's and its suppliers' entire liability and your exclusive remedy shall be. in no event shall SonicWALL or its suppliers/ licensors be liable for any damages (including without limitation special. It may be amended only in writing executed by both parties. and the provision of or failure to provide Support Services. either express or implied. In such event. This Limited Warranty is void if failure of the SOFTWARE PRODUCT has resulted from accident. Any replacement SOFTWARE PRODUCT shall be warranted for the remainder of the original warranty period or thirty (30) days.MISCELLANEOUS This SLA represents the entire agreement concerning the subject matter hereof between the parties and supersedes all prior agreements and representations between them. which vary from state/jurisdiction to state/ jurisdiction. but not limited to. Some states and jurisdictions do not allow limitations on duration of an implied warranty. damages for loss of business profits. or b) repair or replacement of the SOFTWARE PRODUCT that does not meet SonicWALL's Limited Warranty and which is returned to SonicWALL with a copy of your receipt. such declaration shall have no effect on the remaining terms hereof.

rcf file appear in the SonicWALL Global VPN Client window.mysonicwall. please visit: http://www.S. The VPN connections created from the default. if you have entered into a SonicWALL Support Services Agreement. Deploying the default.rcf file. $10.when you need it. please visit: http://www.html Appendix A . The SonicWALL VPN Gateway administrator can distribute the default. The Global VPN Client user simply enables the VPN connection and after XAUTH authentication with a username and password. SonicWALL Global VPN Client support is included as part of the support program of your SonicWALL Internet Security Appliance. In any case. the policy download is automatically completed.rcf file with the Global VPN Client software to automatically create preconfigured VPN connections for streamlined deployment.com For Web-based technical support. Page 40 SonicWALL Global VPN Client 3.rcf File There are three ways to deploy the default.rcf file in the C:\Documents and Settings\<user>\Application Data\SonicWALL\SonicWALL Global VPN Client\ directory.SonicWALL has been advised of the possibility of such damages.Creating and Deploying the Default.sonicwall. SonicWALL's entire liability regarding Support Services shall be governed by the terms of that agreement.rcf file allows the SonicWALL VPN Gateway administrator to create and distribute preconfigured VPN connections for SonicWALL Global VPN Clients. the above limitation may not apply to you.rcf file contains all the VPN connection configuration information for the SonicWALL Global VPN Client. The Global VPN Client reads the default.rcf file for your SonicWALL Global VPN Clients.00. SonicWALL's entire liability under any provision of this SLA shall be limited to the greater of the amount actually paid by you for the SOFTWARE PRODUCT or U.rcf file in the C:\Documents and Settings\<user>\Application Data\SonicWALL\SonicWALL Global VPN Client\ directory. if it exists and creates the SonicWALL Global VPN Client. SonicWALL Global VPN Client Support SonicWALL’s comprehensive support services protect your network security investment and offer the support you need . Because some states and jurisdiction do not allow the exclusion or limitation of liability. the program always looks for the SonicWALL Global VPN Client. How the Global VPN Client uses the default.com/support/contact.rcf File for Global VPN Clients The default.rcf File When the Global VPN Client starts up.com account at: http://www.rcf file in the C:\Program Files\SonicWALL\SonicWALL Global VPN Client\ directory. If this file does not exist the Global VPN Client looks for the default.1 Administrator’s Guide .com/support/ You can purchase/activate SonicWALL Support Services through your mySonicWALL. provided. The encrypted SonicWALL Global VPN Client. For more information on SonicWALL Support Services. however.sonicwall.

rcf File with the Global VPN Client Software After you create the default. When the user launches the Global VPN Client. When the user launches the Global VPN Client.rcf File If the Global VPN Client is installed with VPN connections.rcf file to the default Global VPN Client installation directory C:\Program Files\SonicWALL\SonicWALL Global VPN Client\.rcf file based on the settings defined in the default. you can include it with the SonicWALL Global VPN Client software.rcf file. Alert! Removing an existing SonicWALL Global VPN Client.rcf file is created in the C:\Documents and Settings\<user>\Application Data\SonicWALL\SonicWALL Global VPN Client\ directory based on the default.rcf file for one Global VPN Client to replace an existing SonicWALL Global VPN Client. These VPN connections can be added again from the Global VPN Client into the new SonicWALL Global VPN Client.rcf file.rcf file created from the settings defined in the default.rcf file settings. the SonicWALL Global VPN Client. the user can remove the SonicWALL Global VPN Client. the SonicWALL Global VPN Client. the user can add the default.rcf file is created in the C:\Documents and Settings\<user>\Application Data\SonicWALL\SonicWALL Global VPN Client\ directory based on the default. This is the easiest method for Global VPN Client users. Add the default.rcf file from the C:\Documents and Settings\<user>\Application Data\SonicWALL\SonicWALL Global VPN Client\ directory and add the default. the SonicWALL Global VPN Client.rcf file settings.rcf file is automatically created in the C:\Documents and Settings\<user>\Application Data\SonicWALL\SonicWALL Global VPN Client\ directory based on the settings defined in the default.rcf File for Global VPN Clients Page 41 . Replace the Existing SonicWALL Global VPN Client.Creating and Deploying the Default. Alert! The default.rcf file to the Default Global VPN Client Directory If the Global VPN Client software is installed without VPN connections. Alert! You cannot copy the SonicWALL Global VPN Client.Include the default.rcf file.rcf file will remove the VPN connections created in the Global VPN Client. Appendix A .rcf file must be included in the default Global VPN Client installation directory C:\Program Files\SonicWALL\SonicWALL Global VPN Client\ for the program to write the SonicWALL Global VPN Client.rcf file of another Global VPN Client.rcf file. When the user installs the Global VPN Client program.rcf file to the default Global VPN Client installation directory C:\Program Files\SonicWALL\SonicWALL Global VPN Client\.

<Flags> <AutoConnect>[Off=0]/On=1</AutoConnect> Enables this connection when program is launched. <Connection name = connection name> Provides a name for the VPN connection that appears in the Global VPN Client window. The default setting for each tag is highlighted in bracketed bold text. <ExecuteLogonScript>[Disable=0]/Enable=1</ExecuteLogonScript> Forces launch login script. If disabled then only traffic to the destination network(s) will initiate IKE negotiations. <SW_Client_Policy version =”9. </Flags> Page 42 SonicWALL Global VPN Client 3. The maximum number of characters for the <Description> tag is 1023.rcf File You can create your custom default.rcf configuration file. There is no hard limit defined on the number of connection profiles allowed.rcf File Tag Descriptions Tag that you do not explicitly list in the default.1 Administrator’s Guide . <ForceIsakmp>Off=0/[On=1]</ForceIsakmp> Starts IKE negotiation as soon as the connection is enabled without waiting for network traffic.rcf are set to the default setting (which is the same behavior as when you configure a New VPN Connection within the Global VPN Client manually). like [default].0”> <Connections> Defines the connection profiles in the default. <ReEnableOnWake>[Off=0]/On=1</ReEnableOnWake> Enables the connection when computer is coming out of sleep or hibernation.Creating the default.rcf file from any text editor. default. <ReconnectOnError>Off=0/[On=1]</ReconnectOnError> Automatically keeps trying to enable the connection when an error occurs. <Description> description text</Description> Provides a description for each connection profile that appears when the user moves the mouse pointer over the VPN Policy in the Global VPN Client window. such as Windows Notepad.

set ForceNATTraversal and DisableNATTraversal to 0.rcf File for Global VPN Clients Page 43 . Alert! NAT Traversal . Appendix A . <DialupUseMicrosoftDUN>3rd Party=0/[Microsoft=1]</DialupUseMicrosoftDUN> Instructs the Global VPN Client to use either Microsoft or a third party Dialup connection. including the application name. To specify Automatic in a custom default. The minimum <Retries>value is 1 and the maximum value is 10. Alert! A special case of Host Name is for an Office Gateway scenario.The implementation options for NAT Traversal were changed in Global VPN Client 2.exe</DialupApp> Specifies the directory path to a third party Dialup connection application. <InterfaceSelection> Automatically selects the connection based on link and IP detection=0/ Connection always uses LAN=1/Connection always uses Dial-Up=2</InterfaceSelection> Forces the interface selection for the VPN connection. there were checkboxes for Forcing or Disabling NAT Traversal. Normally NAT devices in the middle are automatically detected and UDP encapsulation of IPSEC traffic starts after IKE negotiation is complete. <NextHop>IP Address</NextHop>The IP Address of the next hop for this connection. This is ONLY used if there is a need to use a next hop that is different from the default gateway. including the semicolons and &s. This will send Vendor ID to the SonicWALL during IKE negotiation to enable Dead peer detection heart beat traffic. A VPN connection can support up to 5 peers. In this case. or do not list these tags at all.Detects if NAT Traversal is on or off. <DialupApp>c:\Program Files\Windows NT\dialer. <Retries>3<Retries>Number of times to retry packet retransmissions before the connection is considered as dead. If you want to use the Default Gateway as the host name use the exact text. <WaitForSourceIP>Off=0/[On=1]</WaitForSourceIP> Specifies that packets are to be sent when a local source IP address is available. • Forced On . <DialupPhonebook>MSN Office Network/[Prompt When Necessary]</DialupPhonebook> Specifies the name of the Microsoft Dialup connection as listed in Network and Dial-up Connections for the local computer. <UseDefaultGWAsPeerIP>[Off=0]/On=1</UseDefaultGWAsPeerIP> Specifies that the PC’s Default Gateway IP Address is used as the Peer IP Address.x.Forces NAT Traversal On. • Disabled . <DisableNATTraversal>[Off=0]/On=1</DisableNATTraversal> Disables NAT traversal even without a NAT device in the middle. The minimum <Timeout> value is 1 second and the maximum value is 10 seconds.x and later.x. In Global VPN Client releases prior to 2. you must also set the tag. <EnableDeadPeerDetection>Off=0/On=1</EnableDeadPeerDetection> Enables detection if the Peer stops responding to traffic. &lt. <Timeout>3<Timeout> Defines timeout value in seconds for packet retransmissions. <HostName>IP Address/Domain Name</HostName> The IP address or Domain name of the SonicWALL gateway.Creating and Deploying the Default.<Peer> Defines the peer settings for a VPN connection.rcf file. <DialupLeaveConnected>[Off=0]/On=1</DialupLeaveConnected> Instructs the Global VPN Client to leave the dialup connection logged in when the Global VPN Client is not connected. <UseDefaultGWAsPeerIP>=1. <ForceNATTraversal>[Off=0]/On=1</ForceNATTraversal> Forces NAT traversal even without a NAT device in the middle.Default Gateway&gt. there is now a drop down selection list containing the following three items: • Automatic . With Global VPN Client 2. Normally NAT devices in the middle are automatically detected and UDP encapsulation of IPSEC traffic starts after IKE negotiation is complete.Forces NAT Traversal Off.

There can up to 5 redundant gateways for each connection. 25 and 30 seconds. <SW_Client_Policy> Sample default. 20.rcf file.rcf file. The Corporate Firewall connection configuration includes two peer entries for redundant VPN connectivity. Verify the file can be imported into the Global VPN Application before distributing it. and the allowed values are 5.<DPDInterval>[[5]-30]</DPDInterval> Specifies the duration of time (in seconds) to wait before declaring a peer as dead.rcf File The following is an example of a default.0. <?xml version="1.</ Description> <Flags> <AutoConnect>0</AutoConnect> <ForceIsakmp>1</ForceIsakmp> <ReEnableOnWake>0</ReEnableOnWake> <ReconnectOnError>1</ReconnectOnError> <ExecuteLogonScript>0</ExecuteLogonScript> </Flags> <Peer> <HostName>CorporateFW</HostName> <EnableDeadPeerDetection>1</EnableDeadPeerDetection> <ForceNATTraversal>0</ForceNATTraversal> <DisableNATTraversal>0</DisableNATTraversal> <NextHop>0. <DPDAlwaysSend>[Off=0]/On=1</DPDAlwaysSend> Instructs the Global VPN Client to send a DPD packet based on network traffic received from the peer. This file includes two VPN connections: Corporate Firewall and Office Gateway. </Connections> Defines the end of all connection profiles in the Default.0</NextHop> <Timeout>3</Timeout> <Retries>3</Retries> Page 44 SonicWALL Global VPN Client 3. </Peer> For redundant gateways on this connection.0" standalone="yes"?> <SW_Client_Policy version="9.0. you may have to remove all of the paragraph marks at the end of each line before saving it. repeat all the tags under <Peer>. 15. <DPDAttempts>[3-[5]]</DPDAttempts> Specifies number of unsuccessful attempts to contact a peer before declaring it as dead. 10.0"> <Connections> <Connection name="Corporate Firewall"> <Description>This is the corporate firewall. 4 or 5 times.1 Administrator’s Guide . Call 1-800-fix-today for problems with connections. The allowed values are 3. Alert! If you attempt to directly copy this sample file to an ASCII text editor. </Connection> Defines the end of each connection profile in the configuration file. The interval times listed are incremented by 5.

3.0.0</NextHop> <Timeout>3</Timeout> <Retries>3</Retries> <UseDefaultGWAsPeerIP>0</UseDefaultGWAsPeerIP> <InterfaceSelection>0</InterfaceSelection> <WaitForSourceIP>0</WaitForSourceIP> <DialupUseMicrosoftDUN>1</DialupUseMicrosoftDUN> <DialupApp>c:\program files\aol\aol.0.</Description> <Flags> <AutoConnect>0</AutoConnect> <ForceIsakmp>1</ForceIsakmp> <ReEnableOnWake>0</ReEnableOnWake> Appendix A .Creating and Deploying the Default.4</HostName> <EnableDeadPeerDetection>1</EnableDeadPeerDetection> <ForceNATTraversal>0</ForceNATTraversal> <DisableNATTraversal>0</DisableNATTraversal> <NextHop>0.2.exe</DialupApp> <DialupPhonebook>text</DialupPhonebook> <DialupLeaveConnected>0</DialupLeaveConnected> <DPDInterval>5</DPDInterval> <DPDAttempts>3</DPDAttempts> <DPDAlwaysSend>0</DPDAlwaysSend> </Peer> </Connection> <Connection name="Office Gateway"> <Description>This is the firewall to connect when traveling overseas.rcf File for Global VPN Clients Page 45 .exe</DialupApp> <DialupPhonebook>text</DialupPhonebook> <DialupLeaveConnected>0</DialupLeaveConnected> <DPDInterval>5</DPDInterval> <DPDAttempts>3</DPDAttempts> <DPDAlwaysSend>0</DPDAlwaysSend> </Peer> <Peer> <HostName>1.<UseDefaultGWAsPeerIP>0</UseDefaultGWAsPeerIP> <InterfaceSelection>0</InterfaceSelection> <WaitForSourceIP>0</WaitForSourceIP> <DialupUseMicrosoftDUN>1</DialupUseMicrosoftDUN> <DialupApp>c:\program files\aol\aol.

<ReconnectOnError>1</ReconnectOnError> <ExecuteLogonScript>0</ExecuteLogonScript> </Flags> <Peer> <HostName>&lt.Default Gateway&gt.</HostName> <EnableDeadPeerDetection>1</EnableDeadPeerDetection> <ForceNATTraversal>0</ForceNATTraversal> <DisableNATTraversal>0</DisableNATTraversal> <NextHop>0.0</NextHop> <Timeout>3</Timeout> <Retries>3</Retries> <UseDefaultGWAsPeerIP>1</UseDefaultGWAsPeerIP> <InterfaceSelection>0</InterfaceSelection> <WaitForSourceIP>0</WaitForSourceIP> <DialupUseMicrosoftDUN>1</DialupUseMicrosoftDUN> <DialupApp>c:\program files\aol\aol.exe</DialupApp> <DialupPhonebook>text</DialupPhonebook> <DialupLeaveConnected>0</DialupLeaveConnected> <DPDInterval>5</DPDInterval> <DPDAttempts>3</DPDAttempts> <DPDAlwaysSend>0</DPDAlwaysSend> </Peer> </Connection> </Connections> </SW_Client_Policy> Page 46 SonicWALL Global VPN Client 3.0.1 Administrator’s Guide .0.

but the response file has an . Appendix B . The default.rcf file created by the default.rcf file will not be incorporated into the Global VPN Client. The Peer Name.SonicWALL Global VPN Client Installation Using the InstallShield Silent Response File Page 47 . A silent installation must get its user input from a different source. <Default Gateway> displays the following error message when attempting to connect: “Failed to convert the Peer name <Default Gateway> to an IP address”. Creating the Silent Installation The format of response files resembles that of an .rcf file must be deleted from the \ directory and the default. The SonicWALL Global VPN Client.iss file). A silent setup reads the necessary input from the response file at run time.rcf file edited to correct the errors. However. To use this response file in a normal installation.ins). simply run the setup with the -r command line parameter: Setup.” Ensure that the file does not contain any non-ASCII characters.rcf file must be deleted from the \ directory and the default.rcf File Issue Solution If there are any incorrect entries or typos in your default. This response file contains the information that an end user would enter as responses to dialog boxes when running a normal setup.rcf file Read Only attribute removed to correct the error. The following instructions explain how to create and execute a silent installation of the SonicWALL Global VPN Client.SonicWALL Global VPN Client Installation Using the InstallShield Silent Response File A normal (non-silent) installation of the SonicWALL Global VPN Client receives the necessary input from the user in the form of responses to dialog boxes.Troubleshooting the deafult. The file appears to be corrupt.rcf File .iss and places the file in the Windows folder.exe –r Setup records all your installation choices in Setup.rcf file created by the default. Appendix B . A response file is a plain text file consisting of sections containing data entries. copy it into the default install location (normally Disk1 or the same folder as Setup. The SonicWALL Global VPN Client. or the following error message will be displayed when attempting to import the file: “Could not import the specified configuration file. Table 2: Troubleshooting the default.ini file.rcf file cannot have an attribute of READ Only.rcf file created by the default. To create a response file. The SonicWALL Global VPN Client. the settings in the default.rcf file. a silent installation does not prompt the user for input. and no connection profiles will appear in the Global VPN Client window. The error message Failed to parse configuration <file> will appear in the Global VPN Client Log Viewer.rcf file must be deleted from the \ directory.iss extensions. the tag for <UseDefaultGWAsPeerIP> must be set to 1. That source is the InstallShield Silent Response File (. When setting the Peer Name to the special case of <Default Gateway>.

run setup with the -s command line parameter: Setup.log is the default name for the silent installation log file. The second section. InstallShield writes an appropriate return value after the ResultCode keyname. identifies the installed application's name and version. [Application]. including whether the installation was successful.ins). setup looks for the response file in its default location (normally Disk1 or the same folder as Setup. look at the ResultCode value in the [ResponseResult] section of Setup. contains the result code indicating whether or not the silent installation succeeded.log to Check for Errors Setup. Page 48 SonicWALL Global VPN Client 3. You can specify a different name and location for the setup log file using the -f2 command line parameter: Setup. [InstallShield Silent].exe –s –f2<path\LogFile> The Setup. a log file Setup. identifies the version of InstallShield Silent used in the silent installation.ins). Instead.log.iss file -4 Not enough memory available -5 File does not exist -6 Cannot write to the response file -7 Unable to write to the log file -8 Invalid path to the InstallShield Silent response file -9 Not a valid list type (string or number) -10 Data type is invalid.Playing Back the Silent Installation After you have created the installation and the response file.1 Administrator’s Guide . The silent setup places one of the following return values after the ResultCode keyname: 0 Success -1 General error -2 Invalid mode -3 Required data not found in the Setup. The third section.exe –s –f1<path\ResponseFile> To verify if a silent installation succeeded. you are ready to run the Global VPN Client installation in silent mode. You can review the log file and determine the result of the installation.log captures installation information. To launch the silent setup.exe –s By default. [ResponseResult]. be aware that no messages are displayed. and its default location is Disk1 (in the same folder as Setup. It also identifies the file as a log file. and the company name. When running an installation in silent mode. You can specify a different response file using the -f1 command line parameter: Setup. Using Setup.log file contains three sections: • • • The first section. An integer value is assigned to the ResultCode keyname in the [ResponseResult] section.

If application is already running. then the log file is created with the default name <gvcauto. it does not create another instance. <path>\swgvpnclient /E <connection name> /U <username> and /P <password> runs/starts the application and enables the named connection and use the <username> and <password> for user authentication. • • • • • • /E “Connection Name” Enables the specific connection.Running the Global VPN Client from the Command Line Interface Page 49 . Alert! Embedding a user’s password directly in a script is a security risk. If you want to save the autolog for each Global VPN Client session. /A [filename] . If no log file is specified.runs/starts application. the Global VPN Client presents a dialog box asking for the information in order to continue. This interface allows for the programmatic or script-based initiation of certain Global VPN Client functions without requiring the user to directly act in the Global VPN Client application.Username to pass to XAUTH.Password to pass to XAUTH.-11 Unknown error during setup -12 Dialogs are out of order -51 Cannot create the specified folder -52 Cannot access the specified file or folder -53 Invalid option selected Appendix C . This file is created in the same directory where the Global VPN Client application is started. /Q .Quits a running an instance of the program. Anyone who can gain access to the script can read the password to circumvent security. If you do not include a username and password.runs/starts the application and enables auto logging of all events to a log file. The Global VPN Client CLI enables the setting up of scripts that automatically initiate a secure tunnel anytime a particular application or connection method is started. <path>\swgvpnclient /A <path\filename> . if the path is not specified.Starts the program and sends all messages to the specified log file. /U “Username” .Running the Global VPN Client from the Command Line Interface The SonicWALL Global VPN Client can run from the Command Line Interface (CLI). It is recommended that scripts or programmatic dashboards ask for the password before initiating a connection and then clear the variable. Command Line Examples • • • <path>\swgvpnclient . you can use the filename option and specify a different filename each time the application is stated.log. Appendix C . If the program is already running. /D “Connection Name” Disables the specific connection. Must be used in conjunction with /E. Must be used in conjunction with /E. If the filename is not specified. this option is ignored. Ignored if program is not already running. the default file name is gvcauto. The CLI commands require the use of a complete path name to the Global VPN Client application followed by various flags and variable information such as username or password. /P “Password” .log>. Command Line Options You can use the following options to perform a variety of Global VPN Client actions from the command line.

1 Administrator’s Guide . ERROR Certificate ID not specified. ERROR A phase 2 IV has already been created.Log Viewer Messages The following table lists the Info. Error. when the Global VPN Client is installed with CmdLine=/g (Ghost) option.Installing the Global VPN Client with a Ghost Application During the normal. If you open the Global VPN Client BEFORE using ghost." ERROR : called with invalid parameters. ERROR Can not set IPSEC proposals into empty SA list. ERROR Can not process packet that does not have at least one payload. Alert! DO NOT OPEN the Global VPN Client application after installing it and BEFORE you ghost it. However. you receive the same MAC address for the SonicWALL VPN Adapter resulting in network conflicts. ERROR Attributes were specified but not offered. ERROR Authentication algorithm is not supported. ERROR Can not process unsupported mode config type. ERROR An error occurred. After the installation when the Global VPN Client is started for the first time. ERROR CA certificate not found in list. this default MAC address is detected. and Warning messages that can appear in the Global VPN Client Log Viewer. ERROR Cannot do quick mode: no SA's to negotiate. ERROR Calculated policy configuration attributes length does not match length of attributes set into policy configuration payload. Table 3: Log Viewer Messages ERROR "Invalid DOI in notify message. ERROR Can not process unsupported XAuth type. ERROR Deallocation of event publisher context failed. ERROR Can not change the Diffie-Hellman group for PFS. a MAC address for the virtual adapter is generated and assigned during the installation process.Appendix D . ERROR Calculated XAuth attributes length does not match length of attributes set into XAuth payload. and randomly creates a unique MAC address for the SonicWALL VPN Adapter. Appendix E. ERROR certificate error. Page 50 SonicWALL Global VPN Client 3. non-Ghost installation of the Global VPN Client. Global VPN Client installation with the CmdLine=/g option works by recognizing that it is the FIRST time that the Global VPN Client has been started. which in turn generates a new MAC address and assigns it to the SonicWALL VPN Adapter. a default MAC address is assigned to the SonicWALL VPN Adapter.

ERROR Failed to add XAuth username '' into the payload. ERROR Failed to add IPSEC life duration into the payload. ERROR Failed to build a DSS object. ERROR Failed to add OAKLEY generator G1 into the payload. ERROR Failed to begin phase 1 exchange. ERROR Failed to add OAKLEY life type into the payload. ERROR Failed to add XAuth status into the payload. ERROR Failed to add IPSEC life type into the payload.Log Viewer Messages Page 51 . ERROR Failed to add XAuth password '' into the payload. ERROR Failed to add XAuth type into the payload. ERROR Failed to add OAKLEY prime P into the payload. ERROR Failed to add a new AH entry to the phase 2 SA list. ERROR Failed to allocate memory. ERROR Failed to add OAKLEY group type into the payload. ERROR Failed to begin quick mode exchange. ERROR ESP transform algorithm is not supported.Table 3: Log Viewer Messages ERROR Diffie-Hellman group generator length has not been set. ERROR Failed to add OAKLEY group description into the payload. ERROR Failed to add IPSEC encapsulation mode into the payload. ERROR DSS signature processing failed . ERROR Failed to allocate bytes. ERROR Failed to add policy configuration version into the payload. ERROR Diffie-Hellman group prime length has not been set. Appendix E. ERROR Encryption algorithm is not supported. ERROR Failed to add a new ESP entry to the phase 2 SA list. ERROR Failed to add OAKLEY hash algorithm into the payload.signature is not valid. ERROR Failed to add OAKLEY encryption algorithm into the payload. ERROR Failed to add OAKLEY authentication algorithm into the payload. ERROR Failed to add IPSEC group description into the payload. ERROR Failed to add policy configuration INI format into the payload. ERROR Failed to add OAKLEY life duration into the payload. ERROR Failed to add IPSEC HMAC algorithm into the payload.

ERROR Failed to construct ISAKMP phase 1 delete payload. ERROR Failed to construct certificate payload. ERROR Failed to construct IPSEC SA payload. ERROR Failed to construct ISAKMP nonce payload. ERROR Failed to compute IV for connection entry. ERROR Failed to build phase 1 delete message. ERROR Failed to construct NAT discovery payload. ERROR Failed to calculate DES mode from ESP transfer. ERROR Failed to construct ISAKMP info hash payload. Page 52 SonicWALL Global VPN Client 3. ERROR Failed to construct certificate request payload. ERROR Failed to construct ISAKMP SA payload. ERROR Failed to construct ISAKMP packet header. ERROR Failed to construct IPSEC nonce payload. ERROR Failed to calculate policy configuration attributes length. ERROR Failed to construct hash payload. ERROR Failed to calculate XAuth attributes length. ERROR Failed to construct ISAKMP delete hash payload. ERROR Failed to construct DSS signature. ERROR Failed to construct ISAKMP vendor ID payload (ID = ).Table 3: Log Viewer Messages ERROR Failed to build dead peer detection packet.1 Administrator’s Guide . ERROR Failed to construct ISAKMP DPD notify payload. ERROR Failed to construct policy provisioning payload. ERROR Failed to construct ISAKMP blank hash payload. ERROR Failed to construct certificate. ERROR Failed to construct destination proxy ID payload. ERROR Failed to build dead peer detection reply message. ERROR Failed to construct mode config hash payload. ERROR Failed to construct ISAKMP key exchange payload. ERROR Failed to construct PFS key exchange payload. ERROR Failed to construct ISAKMP ID payload. ERROR Failed to build dead peer detection request message. ERROR Failed to construct ISAKMP notify payload.

ERROR Failed to find an SA list given the protocol. ERROR Failed to find connection entry for message ID. ERROR Failed to encrypt mode config payload. ERROR Failed to encrypt packet. ERROR Failed to decrypt packet. ERROR Failed to decrypt mode config payload. ERROR Failed to create connection entry with message ID. ERROR Failed to construct RSA signature. ERROR Failed to find MAC address in the system interfaces table. ERROR Failed to find message ID in the connection entry list. ERROR Failed to find an SA list for PROTO_IPSEC_AH. ERROR Failed to find message ID and matching cookies in the connection entry list. ERROR Failed to decrypt notify payload. ERROR Failed to construct source proxy ID payload. ERROR Failed to encrypt quick mode payload.Table 3: Log Viewer Messages ERROR Failed to construct quick mode hash payload. ERROR Failed to find message ID in the SA list. ERROR Failed to construct XAuth payload. ERROR Failed to decrypt quick mode payload. ERROR Failed to find matching SA list. ERROR Failed to create a new connection entry: an entry already exists with ID. ERROR Failed to encrypt notify payload. ERROR Failed to find exit interface to reach. ERROR Failed to construct signature payload. ERROR Failed to find an SA list for PROTO_IPSEC_ESP. ERROR Failed to expand packet to size bytes. Appendix E. ERROR Failed to convert the peer name to an IP address.Log Viewer Messages Page 53 . ERROR Failed to find certificate with ID. ERROR Failed to decrypt buffer. ERROR Failed to construct responder lifetime payload. ERROR Failed to construct quick mode packet.

ERROR Failed to get the system interface table. ERROR Failed to generate quick mode initiator key. ERROR Failed to send an outgoing ISAKMP packet. ERROR Failed to get the size of the system interfaces table.Table 3: Log Viewer Messages ERROR Failed to find OAKLEY group specified in the SA payload. ERROR Failed to generate SKEYID. ERROR Failed to set responder lifetype attributes. Page 54 SonicWALL Global VPN Client 3. ERROR Failed to set proposals into phase 1 SA payload. The length is incorrect. ERROR Failed to set proposals into phase 2 SA payload. ERROR Failed to match responder cookie. ERROR Failed to generate quick mode responder key. ERROR Failed to set the ESP attributes from the SA payload into the SA. ERROR Failed to find source IP address to reach. ERROR Failed to parse certificate data. ERROR Failed to parse configuration file. ERROR Failed to find private key for certificate with ID. ERROR Failed to set the IPSEC AH attributes into the phase 2 SA. ERROR Failed to find sequence number. ERROR Failed to re-allocate bytes. ERROR Failed to read the size of an incoming ISAKMP packet. ERROR Failed to get the size of the system IP address table. ERROR Failed to receive an incoming ISAKMP packet. ERROR Failed to match initiator cookie. ERROR Failed to find route to reach. ERROR Failed to set policy configuration attributes into payload. ERROR Failed to get transforms from SA list.1 Administrator’s Guide . ERROR Failed to generate Diffie-Hellman parameters. ERROR Failed to flush the system ARP cache. ERROR Failed to get the system IP address table. ERROR Failed to receive an incoming ISAKMP packet. ERROR Failed to find protocol ID in the SA list.

ERROR Failed to verify mode config message hash payload. ERROR is not a supported policy configuration attribute type. ERROR Failed to verify certificate signature. ERROR is not a supported payload type. ERROR Failed to set the OAKLEY attributes into the phase 1 SA. Possible overrun attack! ERROR Invalid SA state: ERROR Invalid signature payload. ERROR is not a valid XAuth message type. ERROR Invalid hash payload. ERROR is not a valid quick mode state. ERROR Invalid payload. ERROR is not a supported exchange type. ERROR Failed to verify informational message hash payload. ERROR is not a supported Diffie-Hellman group type. ERROR Failed to sign hash. ERROR Failed to set vendor ID into packet payload. ERROR Hash algorithm is not supported. ERROR Hash size invalid: ERROR Header invalid (verified)! ERROR Invalid certificate: ASN sequence is not correct. ERROR is not a supported proxy ID payload type.Log Viewer Messages Page 55 . ERROR is not a supported DOI. ERROR Hash Payload does not match. ERROR is not a supported IPSEC protocol. Appendix E. ERROR is not a supported XAuth attribute type. ERROR is not a supported ID payload type. ERROR is not a supported policy configuration message type. ERROR Invalid certificate: payload length is too small. ERROR Failed to set XAuth attributes into payload. ERROR is not a supported notify message type.Table 3: Log Viewer Messages ERROR Failed to set the IPSEC ESP attributes into the phase 2 SA. ERROR Invalid SPI size.

ERROR Out of memory. ERROR ISAKMP SA delete msg for a different SA! ERROR No certificate for CERT authentication. ERROR User did not enter XAuth next pin. ERROR Phase 1 authentication algorithm is not supported. ERROR Protocol mismatch: expected PROTO_IPSEC_AH but got. ERROR The peer is not responding to phase 1 ISAKMP requests. ERROR The system IP address table is empty.1 Administrator’s Guide . ERROR Unable to compute hash! ERROR Unable to compute shared secret for PFS in phase 2! ERROR Unable to read configuration file. ERROR The current state is not valid for processing mode config payload. ERROR Signature Algorithm mismatch is X. ERROR Signature verification failed! ERROR The certificate is not valid at this time. ERROR Protocol mismatch: expected PROTO_IPSEC_ESP but got.Table 3: Log Viewer Messages ERROR is not a valid XAuth status. ERROR SA hash function has not been set in.509 certificate. ERROR No KE payload while PFS configured mess_id. ERROR Protocol ID has already been added to the SA list. ERROR Responder cookie is not zero. ERROR The state flag indicates that the IPSEC SA payload has not been processed. ERROR Publisher deregistration failed. ERROR The following error occurred while trying to open the configuration file: ERROR The peer is not responding to phase 1 ISAKMP requests. ERROR The current state is not valid for processing signature payload. ERROR The system interface table is empty.signature is not valid. ERROR The first payload is not a hash payload. Page 56 SonicWALL Global VPN Client 3. ERROR Phase 1 encryption algorithm is not supported. ERROR RSA signature processing failed . ERROR No entry in the system IP address table was found with index.

INFO DSS g value: INFO DSS p value: INFO DSS q value: INFO Event publisher deregistered. INFO ISAKMP phase 2 proposal is not acceptable. INFO Ignoring unsupported vendor ID. Peer: INFO MM failed. INFO A phase 2 SA can not be established with until a phase 1 SA is established. Peer: INFO MM failed.Table 3: Log Viewer Messages ERROR XAuth CHAP requests are not supported at this time. Peer: INFO MM failed. INFO Failed to negotiate configuration information with. Payload processing failed." INFO A certificate is needed to complete phase 1. Peer: INFO An incoming ISAKMP packet from was ignored. INFO "The connection """" has been disabled. Peer: INFO MM failed. INFO A pre-shared key is needed to complete phase 1. Peer: INFO NAT Detected: Local host is behind a NAT device. OAK_MM_KEY_EXCH. SA state unknown. SA state not matching mask process key. Appendix E. INFO MM failed. INFO AG failed. INFO Event publisher registered for. SA state not matching mask process auth. INFO NAT Detected: Peer is behind a NAT device. Payload processing failed: OAK_MM_SA_SETUP. INFO ISAKMP phase 1 proposal is not acceptable. SA state not matching mask process sa. INFO Found CA certificate in CA certificate list. Payload processing failed: OAK_MM_NO_STATE. SA state unknown. Peer: INFO MM failed. Peer: INFO MM failed. INFO Ignoring unsupported payload. ERROR XAuth failed. ERROR XAuth has requested a password but one has not yet been specified.Log Viewer Messages Page 57 .

Table 3: Log Viewer Messages INFO peer certificate missing key value.1 Administrator’s Guide . INFO Proposal not acceptable: not authentication algorithm specified. INFO Received dead peer detection acknowledgement. INFO QM failed. INFO Received initial contact notify. INFO Proposal not acceptable: proposal not found in list. INFO Phase 2 negotiation has failed. INFO Phase 1 has completed. INFO Ready to negotiate phase 2 with. INFO Received invalid cookie notify. INFO Received dead peer detection request. INFO Received address notification notify. INFO Received bad syntax notify. INFO Received attributes not supported notify. INFO Received certificate unavailable notify. INFO Phase 2 SA lifetime set to. Peer: INFO Reading configuration file. INFO Received invalid certificate notify. INFO Phase 2 with has completed. INFO Proposal not acceptable: not encryption algorithm specified. INFO Received invalid exchange type notify. INFO Proposal not acceptable: not Diffie-Hellman group specified. INFO Received invalid certificate authentication notify. Page 58 SonicWALL Global VPN Client 3. INFO Received invalid certificate request syntax notify. INFO Received invalid certificate encoding notify. INFO Received invalid key info notify. INFO Proposal not acceptable: not hash algorithm specified. INFO Received invalid major version notify. INFO Phase 1 SA lifetime set to. INFO Received authentication failed notify. Load SA failed. INFO Received invalid flags notify. INFO Received invalid ID information notify.

Table 3: Log Viewer Messages INFO Received invalid message ID notify. INFO Received phase 2 delete message for SPI. INFO Received invalid minor version notify. INFO Saving configuration file. INFO Received responder lifetime notify. INFO Received phase 1 delete message. INFO Sending dead peer detection request. INFO Received invalid payload notify. INFO Received unsupported DOI notify. INFO Received invalid transform ID notify.Log Viewer Messages Page 59 . INFO Received malformed payload notify. INFO Releasing IP address for the virtual interface (). INFO Received notify SA lifetime notify. INFO Received policy provisioning acknowledgement. INFO Sending dead peer detection acknowledgement. INFO Re-evaluating ID info after INVALID_ID_INFO message. INFO Sending phase 1 delete. INFO Received policy provisioning update. INFO Received unequal payload length notify. INFO Received XAuth status. INFO Received invalid SPI notify. INFO Received policy provisioning version reply. INFO Renewing IP address for the virtual interface (). INFO Received XAuth request. Appendix E. INFO Received invalid protocol ID notify. INFO Received unsupported exchange type notify. INFO Received no proposal chosen notify. INFO Received situation not supported notify. INFO Received policy provisioning version request. INFO Received unknown notify. INFO Received policy provisioning OK. INFO Received invalid signature notify.

INFO SonicWALL VPN Client. INFO The connection has entered an unknown state. INFO Starting main mode phase 1 exchange.1 Administrator’s Guide . INFO Sending policy provisioning version reply. INFO The configuration has been updated and must be reloaded. INFO Starting quick mode phase 2 exchange. INFO Starting configuration negotiation. INFO The phase 2 SA has been deleted. INFO The phase 1 SA has been deleted. INFO The IP address for the virtual interface has changed to. Page 60 SonicWALL Global VPN Client 3. INFO Signature Verified! INFO SonicWALL Global VPN Client version. INFO The hard lifetime has expired for phase 1. INFO Starting ISAKMP phase 2 negotiation with. INFO The SA lifetime for phase 1 is seconds. INFO Sending XAuth acknowledgement. INFO Starting ISAKMP phase 1 negotiation. INFO The phase 2 SA has died. INFO The configuration for the connection has been updated. INFO The peer is not responding to phase 2 ISAKMP requests to. INFO The IP address for the virtual interface has been released. INFO Starting authentication negotiation. INFO The configuration for the connection is up to date. INFO The hard lifetime has expired for phase 2 with. INFO Sending XAuth reply.Table 3: Log Viewer Messages INFO Sending phase 2 delete for. INFO The phase 1 SA has died. INFO Starting aggressive mode phase 1 exchange. INFO The ISAKMP port (500) is already in use. INFO The connection is idle. Port will be used as the ISAKMP source port. INFO Sending policy provisioning acknowledgement.

Peer: WARNING AG failed. SA state not matching mask process auth. WARNING Invalid ISAKMP SA delete message. INFO User authentication has succeeded.Log Viewer Messages Page 61 . Peer: WARNING AG failed. INFO The soft lifetime has expired for phase 2 with. WARNING Failed to process packet payloads. WARNING Protocol ID is not supported in SA payloads. WARNING Failed to process payload. INFO Unable to encrypt payload! INFO User authentication has failed. Peer: WARNING Invalid DOI in delete message: WARNING Invalid IPSEC SA delete message. State OAK_AG_NO_STATE is invalid when initiator. WARNING Failed to process quick mode packet. Peer: WARNING AG failed. INFO The soft lifetime has expired for phase 1. WARNING is not a supported OAKLEY attribute class. INFO User authentication information is needed to complete the connection. Peer: WARNING Failed to process aggressive mode packet. State OAK_AG_INIT_EXCH is invalid when responder. SA state not matching mask process key. INFO The system ARP cache has been flushed.Table 3: Log Viewer Messages INFO The SA lifetime for phase 2 is seconds. INFO XAuth has requested a username but one has not yet been specified. WARNING Failed to process main mode packet. WARNING Received an encrypted packet when not crypto active! Appendix E. WARNING A password must be entered. WARNING Failed to process informational exchange packet. WARNING Failed to process mode configuration packet. WARNING AG failed. WARNING Ignoring AUTH message when aggressive mode already complete. WARNING Failed to process final quick mode packet.

WARNING The username/password dialog box was cancelled by the user. WARNING Unable to decrypt payload! Page 62 SonicWALL Global VPN Client 3. WARNING The select certificate dialog box was cancelled by the user. The connection will be disabled. Please re-enter the password.Table 3: Log Viewer Messages WARNING Received an unencrypted packet when crypto active! WARNING Responder lifetime protocol is not supported.1 Administrator’s Guide . WARNING The password is incorrect. WARNING The pre-shared key dialog box was cancelled by the user. The connection will be disabled. The connection will be disabled.

28 Connection Warning 21 D Default.1 Administrator’s Guide Page 63 . 29 SonicWALL Global VPN Client 3.A I Adding VPN Connection Policies 12 Default.rfc File 40 Dial-Up VPN Connections Configuration 16 Digital Certificates 13 Disabling a VPN Connection 21 E Enabling VPN Connections 18 G Global Security Client 7 Global VPN Client Enterprise 7 15 L 23 17 M Multiple VPN Connections 19 N New Connection Wizard Office Gateway 13 Remote Access 13 13 P Pre-Shared Key 20 R Redundant Gateways Configuration 18 S Selecting a Certificate 20 SonicWALL VPN Gateway Configuration 34 T Troubleshooting 30 Generate Report Log Viewer 31 33 U Uninstalling Global VPN Client 34 Username/Password Authentication 20 V VPN Connection Policies Arranging 29 VPN Policy Shortcut 22 12.rcf File 12 Import Connection Policy 12 New Connection Wizard 12 Importing a VPN Policy Installation 9 Setup Wizard 10 C Launching Global VPN Client Hide Window 17 Licensing 35 Log Viewer 31 Messages 50 Certificate Manager 30 Import Certificate 30 Command Line Interface 49 Configuring Program Launch Options Connection Policies Deleting 29 Renaming 29 Connection Properties 24 General 24 Peer Peer Information 26 Peers 26 Status 28 User Authentication 25 Connection Status 21.

745. SonicWALL is a registered tradema rk of Soni cWALL.9600 F: 408.9300 www.000915. Specif ication s and descriptions subjec t to change with out notice.745. Inc. Other product and company n ames mentioned herein may be tradema rks a nd/ or registered tradema rks of their respective companies.CA 94089-1306 T: 408. P/ N 232. Inc.SonicWALL.sonicwall.Inc.00 Rev A 08/05 .com © 2005 Son icWALL. 1143 Borregas Avenue Sunnyvale.

Sign up to vote on this title
UsefulNot useful