Buick 2011 Regal Automobile User Manual
Contents
1. INFO The configuration has been updated and must be reloaded INFO The connection has entered an unknown state INFO The connection is idle INFO The hard lifetime has expired for phase 1 INFO The hard lifetime has expired for phase 2 with INFO The IP address for the virtual interface has been released INFO The IP address for the virtual interface has changed to INFO The ISAKMP port 500 is already in use Port will be used as the ISAKMP source port INFO The peer is not responding to phase 2 ISAKMP requests to INFO The phase 1 SA has been deleted INFO The phase 1 SA has died INFO The phase 2 SA has been deleted INFO The phase 2 SA has died INFO The SA lifetime for phase 1 is seconds Page 60 SonicWALL Global VPN Client 4 0 Administrator s Guide Table 3 Log Viewer Messages INFO The SA lifetime for phase 2 is seconds INFO The soft lifetime has expired for phase 1 INFO The soft lifetime has expired for phase 2 with INFO The system ARP cache has been flushed INFO Unable to encrypt payload INFO User authentication has failed INFO User authentication has succeeded INFO User authentication information is needed to complete the connection INFO XAuth has requested a username but one has not yet been specified WARNING A password must be entered WARNING AG failed SA state not matching mask process auth Peer WARNING AG failed SA state not matching mask p2. SonicWALL FcLass ee To a SONICWALL gt PROTECTION AT THE SPEED OF BUSINESS Table of Contents SonicWALL Global VPN Client sesse se se see se se ee ee ee 5 SonicWALL Global VPN Client Features esse ees ee ee ee ee ee ee 5 New Features in SonicWALL Global VPN Client 4 0 00 0 0 6 Global VPN Client Enterprise Global Security Client sesse ese 7 About this Guide sissies Ee BG Ee SE EE DS Eg GESE GE ESE SE SR DER 7 Using the Right Administrators GuideS iis ee ee ee ee ee 7 Conventions Used in this Guide ee AR ee 8 Icons Used in this Guide ER BG EE ie N ed 8 Copyright NOtICE EERS a GE Ee DE Ee ED EE Ee 8 Limited Warranty Di ee RE De N RE ee Da unica senna de 9 Installing the SonicWALL Global VPN Client 9 Using the Setup Wizard EER EE Eg Di SERE EG DI Ek GE ee 10 Adding VPN Connection Policies iss ss se se se se ss see 12 Understanding VPN Connection Policies ese ee ee ee 12 Understanding Digital Certificates iese ee ee ee ee ee ee 13 Using the New Connection Wizard sesse ee ee ee 13 Creating a VPN Connection Policy cccceceeeecceeeeeeeeeeeeeeeeeeeeeeeeeaes 13 Importing a VPN Configuration File sesse sesse ee ee ee ee Re ee ee ee ee ee 15 Configuring a Dial Up VPN Connection ee ee ee 16 Launching the SonicWALL Global VPN Client 17 Making VPN Connections cccecscscececeescescscscsenees 17 Accessing Redu
3. 20 25 or 30 seconds Assume peer is dead after choose from 3 4 or 5 Failed Checks Specify the conditions under which DPD packets will be sent Choose either Only when no traffic is received from the peer or whether or not traffic is received from the peer NAT Traversal Choose one of the following three menu options Automatic Automatically determines whether NAT traversal is forced on or disabled Forced On Forces the use of UDP encapsulation of IPSec packets even when there is no NAPT NAT device in between the peers Disabled Disables use of UDP encapsulation of IPSec packets between the peers Interface Selection Defines the interface used by this VPN connection policy Automatic Automatically determines the availability of each interface beginning with the LAN interface If the LAN interface is not available the Global VPN Client uses the Dial Up interface LAN Only Defaults to the LAN interface only Dial Up Only Defaults to the Dial Up interface only LAN Settings Displays LAN Settings dialog box for specifying the setting used when this connection is enabled over the LAN Type the IP address in the Next Hop IP Address field to specify the IP address of a different route than the default route Leaving the setting as zeros instructs the Global VPN Client to use the default route LAN Settings x B Specify the settings that will be used when this connection is enabled over the local area network LAN
4. INFO Received invalid certificate authentication notify INFO Received invalid certificate encoding notify INFO Received invalid certificate notify INFO Received invalid certificate request syntax notify INFO Received invalid cookie notify INFO Received invalid exchange type notify INFO Received invalid flags notify INFO Received invalid ID information notify INFO Received invalid key info notify INFO Received invalid major version notify Page 58 SonicWALL Global VPN Client 4 0 Administrators Guide Table 3 Log Viewer Messages INFO Received invalid message ID notify INFO Received invalid minor version notify INFO Received invalid payload notify INFO Received invalid protocol ID notify INFO Received invalid signature notify INFO Received invalid SPI notify INFO Received invalid transform ID notify INFO Received malformed payload notify INFO Received no proposal chosen notify INFO Received notify SA lifetime notify INFO Received phase 1 delete message INFO Received phase 2 delete message for SPI INFO Received policy provisioning acknowledgement INFO Received policy provisioning OK INFO Received policy provisioning update INFO Received policy provisioning version reply INFO Received policy provisioning version request INFO Received responder lifetime notify INFO Received situation not su
5. Indicates whether VPN connection policy is enabled or disabled Peer IP Address Displays the IP address of the VPN connection peer Duration Displays connection time Details Displays the Connection Status Details dialog box which specifies the negotiated phase 1 and phase 2 parameters as well as the status of all individual phase 2 SAs Connection Details amp This window shows the details of the IPSec connection x r Negotiated Phase Parameters Encryption Algorithm Hash Algorithm Authentication Method Diffie Hellman Group Expiration Time Not Established Negotiated Phase Il Parameters Protocot Encapsulation Mode Encryption Algorithm Hash Algorithm Diffie Hellman Group Not Established Destination Proxy IDs Subnet Mask 255 255 0 0 255 255 0 0 255 255 0 0 255 255 128 0 255 255 224 0 255 255 255 0 10 50 193 0 Activity Packets Displays number of packets sent and received through VPN tunnel Bytes Displays number of bytes sent and received through VPN tunnel Reset Resets the status information Virtual IP Configuration IP Address The IP address assigned via DHCP through the VPN tunnel from the VPN gateway Subnet Mask The subnet of the peer Renew Renews DHCP lease information Page 28 SonicWALL Global VPN Client 4 0 Administrators Guide Managing VPN Connection Policies The SonicWALL Global VPN Client supports as many VPN connection
6. SonicWALL GroupVPN supports two IPSec keying modes IKE using shared secret and IKE using 3rd Party Certificates Once you create the GroupVPN policy you configure GroupVPN to automatically provision SonicWALL Global VPN Clients by downloading the policy or exporting the policy file for manual installation in the SonicWALL Global VPN Client Page 34 SonicWALL Global VPN Client 4 0 Administrators Guide a Note For information on configuring GroupVPN on the SonicWALL to support SonicWALL Global VPN wy Client refer to the Administrator s Guide for your SonicWALL All SonicWALL product documentation is available at http www sonicwall com support documentation html SonicWALL Global VPN Client Licenses Global VPN Client Licensing is based on the number of simultaneous Global VPN Client connections to a SonicWALL If the number of simultaneous Global VPN Client connections is exceeded the SonicWALL does not allow any additional Global VPN Client connections Once the number of simultaneous Global VPN Client drops below the license limit new Global VPN connections can be established Group VPN Connections Supported by Each SonicWALL Model Tabe 1 describes the Global VPN Client License support of each SonicWALL model You can purchase Global VPN Client software and Global VPN Client Licenses from SonicWALL your reseller or online at mysonicwall com For more information on purchasing the Global VPN Client visit http www sonicwall com p
7. You must exit the SonicWALL Global VPN Client before uninstalling the program 1 2 3 6 Launch the Windows Control Panel Double click Add Remove Programs Select SonicWALL Global VPN Client and then click Change Remove The SonicWALL Global VPN Client Setup Wizard appears In the Confirm File Deletion dialog box click OK to confirm the removal of the SonicWALL Global VPN Client Choose Delete all individual user profiles if you want to delete all you existing VPN connection profiles If you leave this setting unchecked the VPN connection profiles are saved and appear again when you install the SonicWALL Global VPN Client at another time Choose Retain MAC Address if you want to retain the same SonicWALL VPN Adapter MAC address the next time you install the Global VPN Client Click Next N niert If you are upgrading SonicWALL Global VPN Client from an earlier version to 4 0 and want to use the Retain MAC Address uninstall feature of the SonicWALL Virtual Adapter you must uninstall the earlier version before installing Global VPN Client 4 0 7 After the Global VPN Client is removed select Yes want to restart my computer now and then click Finish Configuring SonicWALL Security Appliances for Global VPN Clients SonicWALL s GroupVPN policy provides the automatic provisioning of SonicWALL Global VPN Client from the SonicWALL security appliance The GroupVPN policy is only available for SonicWALL Global VPN Clients
8. ERROR Failed to encrypt notify payload ERROR Failed to encrypt packet ERROR Failed to encrypt duick mode payload ERROR Failed to expand packet to size bytes ERROR Failed to find an SA list for PROTO IPSEC AH ERROR Failed to find an SA list for PROTO_IPSEC_ESP ERROR Failed to find an SA list given the protocol ERROR Failed to find certificate with ID ERROR Failed to find connection entry for message ID ERROR Failed to find exit interface to reach ERROR Failed to find MAC address in the system interfaces table ERROR Failed to find matching SA list ERROR Failed to find message ID and matching cookies in the connection entry list ERROR Failed to find message ID in the connection entry list ERROR Failed to find message ID in the SA list Appendix E Log Viewer Messages Page 53 Table 3 Log Viewer Messages ERROR Failed to find OAKLEY group specified in the SA payload ERROR Failed to find private key for certificate with ID ERROR Failed to find protocol ID in the SA list ERROR Failed to find route to reach ERROR Failed to find seguence number ERROR Failed to find source IP address to reach ERROR Failed to flush the system ARP cache ERROR Failed to generate Diffie Hellman parameters ERROR Failed to generate guick mode initiator key ERROR Failed to generate quick mode responder key ERROR Failed to
9. Next Hop IP Address leave as zero to use default f 0 0 0 Cancel Dial Up Settings Displays the Dial Up Settings dialog box which allows you to select the dial up profile to use making a dial up VPN connection Use Microsoft dial up networking Uses the Microsoft dial up networking profile you specify for making the VPN connection Select the Dial up networking profile from the Phonebook Entry list Check the Do not hang up the modem when disabling this connection to keep the dial up network connection active after disabling the VPN connection Use a third party dial up application Select this option to use a third party dial up program Type the path in the Application field or use the browse button to locate the program Response Timeout in seconds Specifies a timeout value for the VPN connection attempt Maximum Send Attempts Specifies the number of IKE negotiation retries Managing VPN Connection Policy Properties Page 27 Status The Status page shows the current status of the connection gateway sonicwall com Properties General User Authentication Peers Status xl 3 This page shows the current status of this connection G p Connection Status Connected Peer IP Address 67 115 118 7 Duration Activity Sent Received Packets 64 58 Bytes 15145 21901 Reset m Virtual IP Configuration J IP Address Subnet Mask 10 50 191 74 255 255 255 0 Renew Connection Status
10. Select the connection policy and click the Disable button on the toolbar in the SonicWALL Global VPN Client window Checking the Status of a VPN Connection The SonicWALL Global VPN Client includes a variety of indicators to determine the status of your VPN connections The default Details view lists your VPN connection policies and their respective status Disabled Enabled Connected or Error e A successfully connected VPN policy is indicated by a green check mark on the policy icon A VPN policy that doesn t successfully complete all phase 2 connections displays a yellow warning on the policy icon Disabling a VPN Connection Page 21 AVPN policy that cannot be successfully connected displays an error mark red x on the policy icon e The SonicWALL Global VPN Client icon in the system tray displays a visual indicator of data passing between the Global VPN Client and the gateway e The Status page in the Properties dialog box displays more detailed information about the status of an active VPN connection To display the Status tab for any VPN connection use one of the following methods e Double click the active VPN connection policy e Select the VPN connection policy then press Ctrl T e Select the VPN connection policy then click the Status button on the toolbar e Right click the VPN connection policy in the SonicWALL Global VPN Client window and select Status gateway sonicwall com Properties d xj General User Authen
11. Understanding the Global VPN Client LO ee ee 31 Configuring TSO essa seein ses cecal ro ee we wee cased Sheen nent 32 Generating a Help Report se AVE KS ERGE ES GE GER eked 33 Accessing Technical SUBDEF oos EER RE SEE EER e SR EN ees OUER Eg geed 34 Viewing Help TOPICS EE ES Geen EE EE ee DE We n 34 Uninstalling the SonicWALL Global VPN Client Windows 98 SE 34 Configuring SonicWALL Security Appliances for Global VPN Glients siese ss sees SR og eN Ro se os se EG Nee se 34 SonicWALL Global VPN Client Licenses ees ee ee ee ee 35 Group VPN Connections Supported by Each SonicWALL Model 35 Activating Your SonicWALL Global VPN Client iese sesse ees see ee ee 36 Downloading Global VPN Client Software and Documentation 36 SonicWALL Global VPN Client 4 0 Administrator s Guide Page 3 SOFTWARE LICENSE AGREEMENT FOR THE SONICWALL GLOBAL VPN CLIENT ses esse sesse se se 37 LIGENSE EE ee eel eck ts eee aes Ate ict tue i aes ha 37 EXPORTS LIGENSE NE oe Ee ee ed ee Dee in ee 38 SUPPORT SERVICES EE ESE Ge Me Eet a Se ee se se ie Ie 38 WP GAD Stes eA ee catia ee ee ee E N 38 GOPYRIEET SE E E ee GE RE Sl cee hela duds 38 U S GOVERNMENT RESTRICTED RIGHTS ees ses sesse ee ee ee ee 38 MISGELEANEOUS OS SE De wend ho ee oe ee N ee r Ri 39 TEBMINATION Mes see ee ge ER Ve GE ee ee wee Caley WE Se 39 LIMITED WAR RAIN TY sees ES ee AE OR coup SEN es Ri eke ee ee ee ee 39 GUSTOMERREMEDIES AAR ee ede en eb ee o
12. Use Bold Highlights items you can select on the Global VPN Client interface or the SonicWALL Management Interface Italic Highlights a value to enter into a field For example type 192 168 168 168 in the IP Address field gt Indicates a multiple step menu choice For example select File gt Open means select the File menu then select the Open item from the File menu Icons Used in this Guide Alert mportant information about features that can affect performance security features or cause potential problems with your SonicWALL aye Tip Useful information about security features and configurations on your SonicWALL e Note Related information to the topic Copyright Notice 2007 SonicWALL Inc All rights reserved Under the copyright laws this manual or the software described within can not be copied in whole or part without the written consent of the manufacturer except in the normal use of the software to make a backup copy The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original This exception does not allow copies to be made for others whether or not sold but all of the material purchased with all backup copies can be sold given or loaned to another person Under the law copying includes translating into another language or format SonicWALL is a registered trademark of SonicWALL Inc Other product and compan
13. VPN Client actions from the command line IE Connection Name Enables the specific connection ID Connection Name Disables the specific connection e Q Quits a running an instance of the program Ignored if program is not already running A filename Starts the program and sends all messages to the specified log file If no log file is specified the default file name is gvcauto log If the program is already running this option is ignored e U Username Username to pass to XAUTH Must be used in conjunction with E P Password Password to pass to XAUTH Must be used in conjunction with E Command Line Examples e lt path gt swgvpnclient runs starts application If application is already running it does not create another instance e lt path gt swgvpnclient E lt connection name gt U lt username gt and P lt password gt runs starts the application and enables the named connection and use the lt username gt and lt password gt for user authentication If you do not include a username and password the Global VPN Client presents a dialog box asking for the information in order to continue e lt path gt swgvpnclient A lt path filename gt runs starts the application and enables auto logging of all events to a log file If the filename is not specified then the log file is created with the default name lt gvcauto log gt If you want to save the autolog for each Global VPN Clie
14. click Import Certificate Select Certificate 10 0 79 229 ix Select Certificate This connection requires a certificate for authentication Select the cetificate to use as your identity for this connection as specified by your network administrator Bellingham Pac Bell Bellingham Pac Bell Cag View Details Ifyou have the certificate you wish to use for your identity but it is not already in the certificate list you can import it here Import Certificate e Note See Managing Certificates on page 30 for more information on using the Certificate Manager Username and Password Authentication The VPN gateway typically specifies the use of XAUTH for determining GroupVPN policy membership by requiring a username and password either for authentication against the gateway s internal user database or via an external RADIUS service Page 20 SonicWALL Global VPN Client 4 0 Administrators Guide If the SonicWALL VPN gateway is provisioned to prompt you for the username and password to enter the remote network the Enter Username and Password dialog box appears Type your username and password If permitted by the gatewa y check Remember Username and Password to cache your username and password to automatically log in for future VPN connections Click OK to continue with establishing your VPN connection gateway sonicwall com x Enter Username and Password This peer requires that you log in with a us
15. desktop against the security policy making a real time decision to allow or deny network access through a SonicWALL Gateway About this Guide The SonicWALL Global VPN Client Administrator s Guide provides complete documentation on installing configuring and managing the SonicWALL Global VPN Client 4 0 This guide also provides instructions for SonicWALL Global VPN Client 4 0 Enterprise which is included as part of the SonicWALL Global Security Client The SonicWALL Global VPN Client as part of the SonicWALL Global Security Client operates on Windows 2000 SP3 Windows XP Home SP1 and Windows XP Professional SP1 operating systems for clients The Global VPN Client as part of the SonicWALL Global Security Client is supported by the following SonicWALL security appliances and firmware versions e SonicWALL TZ 170 running SonicOS Standard or Enhanced 2 1 or higher SonicWALL PRO Series PRO 2040 3060 4060 5060 running SonicOS Standard or Enhanced 2 1 or higher e SonicWALL Internet Security Appliances running firmware version 6 6 or higher Using the Right Administrator s Guides The SonicWALL Global VPN Client SonicWALL Global Security Client and SonicWALL Pocket Global VPN Client each have their own Administrator Guides SonicWALL Global Security Client and Global VPN Client Because the SonicWALL Global VPN Client is integrated into the SonicWALL Global Security Client you need to use the SonicWALL Global Security Clien
16. error occurs lt ExecuteLogonScript gt Disable 0 Enable 1 lt ExecuteLogonScript gt Forces launch login script lt Flags gt Page 42 SonicWALL Global VPN Client 4 0 Administrators Guide lt Peer gt Defines the peer settings for a VPN connection A VPN connection can support up to 5 peers N Alert A special case of Host Name is for an Office Gateway scenario If you want to use the Default Gateway as the host name use the exact text amp lt Default Gateway amp gt including the semicolons and amp s In this case you must also set the tag sUseDefaultGWAsPeerlP 1 cHostName P Address Domain Name lt HostName gt The IP address or Domain name of the SonicWALL gateway lt EnableDeadPeerDetection gt Off 0 On 1 lt EnableDeadPeerDetection gt Enables detection if the Peer stops responding to traffic This will send Vendor ID to the SonicWALL during IKE negotiation to enable Dead peer detection heart beat traffic N Alert NAT Traversal The implementation options for NAT Traversal were changed in Global VPN Client 2 x In Global VPN Client releases prior to 2 x there were checkboxes for Forcing or Disabling NAT Traversal With Global VPN Client 2 x and later there is now a drop down selection list containing the following three items e Automatic Detects if NAT Traversal is on or off Forced On Forces NAT Traversal On e Disabled Forces NAT Traversal Off To specify Automatic in a custom default rcf file set Forc
17. generate SKEYID ERROR Failed to get the size of the system interfaces table ERROR Failed to get the size of the system IP address table ERROR Failed to get the system interface table ERROR Failed to get the system IP address table ERROR Failed to get transforms from SA list ERROR Failed to match initiator cookie ERROR Failed to match responder cookie ERROR Failed to parse certificate data ERROR Failed to parse configuration file ERROR Failed to read the size of an incoming ISAKMP packet ERROR Failed to re allocate bytes ERROR Failed to receive an incoming ISAKMP packet ERROR Failed to receive an incoming ISAKMP packet The length is incorrect ERROR Failed to send an outgoing ISAKMP packet ERROR Failed to set policy configuration attributes into payload ERROR Failed to set proposals into phase 1 SA payload ERROR Failed to set proposals into phase 2 SA payload ERROR Failed to set responder lifetype attributes ERROR Failed to set the ESP attributes from the SA payload into the SA ERROR Failed to set the IPSEC AH attributes into the phase 2 SA Page 54 SonicWALL Global VPN Client 4 0 Administrators Guide Table 3 Log Viewer Messages ERROR Failed to set the IPSEC ESP attributes into the phase 2 SA ERROR Failed to set the OAKLEY attributes into the phase 1 SA ERROR Failed to set vendor ID into packet payl
18. network The most common use of this scenario is when you are at home or on the road and want access to the corporate network You enter the IP address or FQDN gateway yourcompany com of the VPN gateway and the Global VPN Client automatically downloads the VPN connection policy from the remote SonicWALL VPN gateway N niert If you are configuring the Global VPN Client for Remote Access make sure you have the IP address or FODN gateway yourcompany com of the remote SonicWALL VPN gateway and an active Internet connection before using the New Connection Wizard e Office Gateway You choose this scenario if you want secure access to a local SonicWALL Secure Wireless appliance network When you create an Office Gateway VPN connection it appears as the Peer entry of lt Default Gateway gt in the SonicWALL Global VPN Client window You can use this single Office Gateway VPN connection policy to roam securely across SonicWALL Secure Wireless appliance networks N Alert If you are configuring the Global VPN Client for Office Gateway make sure your wireless card is configured with the correct SSID information to access the SonicWALL Secure Wireless appliance before using the New Connection Wizard Creating a VPN Connection Policy The following instructions explain how to use the New Connection Wizard to automatically download VPN connection policies for the Global VPN Client from a local or remote SonicWALL VPN gateway 1 Choose Start gt Pro
19. on page 26 for more information o Note When configuring redundant VPN gateways the Group VPN policy attributes such as pre shared keys and the attributes on the Peer Information window must be the same for every gateway Enabling a VPN Connection Enabling a VPN connection with the SonicWALL Global VPN Client is a transparent two phase process Phase 1 enables the connection which completes the ISAKMP Internet Security Association and Key Management Protocol negotiation Phase 2 is IKE Internet Key Exchange negotiation which establishes the VPN connection for sending and receiving data When you enable a VPN connection policy the following information is displayed in the Status column of the SonicWALL Global VPN Client window 1 Disabled changes to Connecting 2 Connecting changes to Authenticating when the Enter Username Password dialog box is displayed 3 Authenticating changes to Connecting when the user enters the username and password 4 Connecting changes to Provisioning 5 Provisioning changes to Connected once the VPN connection is fully established A green checkmark is displayed on the VPN connection policy icon Once the VPN connection is established a pop up notification is displayed from the Global VPN Client system tray icon It displays the Connection Name Connected to IP address and the Virtual IP Address If an error occurs during the VPN connection Error appears in the Status column and an error mar
20. policies as you need To help you manage these connection policies the Global VPN Client provides the following connection policy management tools Arranging Connection Policies Over time as the number of VPN connection policies can increase in the SonicWALL Global VPN Client window you may want to arrange them for quicker access You can arrange your VPN connection policies in the SonicWALL Global VPN Client window by choosing View gt Arrange Icons by You can arrange VPN connection profiles by Name Sorts connection policies by name Peer Sorts connection policies by gateway IP address Status Sorts connection policies by connection status Ascending Sorts Name Gateway or Status arrangements in ascending order If unchecked policy arrangements are sorted in descending order The default arrangement is by Name in Ascending order Renaming a Connection Policy To rename a connection policy select the policy and click on the Rename button on the toolbar or choose File gt Rename then type in the new name You can also right click the connection policy and choose Rename from the menu Deleting a Connection Policy To delete a connection policy select the policy press Del or choose File gt Delete You can also right click the policy name and choose Delete You cannot delete an active VPN connection Disable the VPN connection then delete it Selecting All Connection Policies Choosing View gt Select All or pressing Ctr
21. terminated Without prejudice to any other rights SonicWALL may terminate this SLA if you fail to comply with the terms and conditions of this SLA In such event you agree to return or destroy the SOFTWARE PRODUCT including all related documents and components items as defined above and any and all copies of same LIMITED WARRANTY SonicWALL warrants that a the SOFTWARE PRODUCT will perform substantially in accordance with the accompanying written materials for a period of ninety 90 days from the date of receipt and b any Support Services provided by SonicWALL shall be substantially as described in applicable written materials provided to you by SonicWALL Any implied warranties on the SOFTWARE PRODUCT are limited to ninety 90 days Some states and jurisdictions do not allow limitations on duration of an implied warranty so the above limitation may not apply to you CUSTOMER REMEDIES SonicWALL s and its suppliers entire liability and your exclusive remedy shall be at SonicWALL s option either a return of the price paid or b repair or replacement of the SOFTWARE PRODUCT that does not meet SonicWALL s Limited Warranty and which is returned to SonicWALL with a copy of your receipt This Limited Warranty is void if failure of the SOFTWARE PRODUCT has resulted from accident abuse or misapplication Any replacement SOFTWARE PRODUCT shall be warranted for the remainder of the original warranty period or thirty 30 days whichever is lo
22. BILITY OF SUCH DAMAGES In no event shall SonicWALL or its suppliers liability to Customer whether in contract tort including negligence or otherwise exceed the price paid by Customer The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES THE ABOVE LIMITATION MAY NOT APPLY TO YOU Installing the SonicWALL Global VPN Client The SonicWALL Global VPN Client uses an easy to use wizard to guide you through the installation process The Global VPN Client supports Windows 98 SE Windows ME Windows NT 4 0 service pack 6 or later Windows 2000 Professional service pack 3 or later Windows XP Professional Windows XP Home Edition and Windows XP Tablet PC Edition Z atert Installing the Global VPN Client on Windows NT Windows 2000 and Windows XP requires _ Administrator rights The SonicWALL Global VPN Client requires a SonicWALL Internet Security Appliance running firmware version 6 4 2 0 or higher SonicOS 1 0 0 0 or higher SonicOS Standard 2 0 0 0 or higher or SonicOS Enhanced 2 0 0 0 or higher Installing the SonicWALL Global VPN Client Page 9 KT Tip For information on the number of SonicWALL Global VPN Client connections supported by your ay SonicWALL and Global VPN Client licensing for your SonicWALL see SonicWALL Global VPN Client Licenses on pag
23. D WARRANTIES INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE NONINFRINGEMENT SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING LAW USAGE OR TRADE PRACTICE ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY PERIOD BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS THE ABOVE LIMITATION MAY NOT APPLY TO YOU THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION This disclaimer and exclusion shall apply even if the express warranty set forth above fails of its essential purpose DISCLAIMER OF LIABILITY SONICWALL S SOLE LIABILITY IS THE SHIPMENT OF A REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY IN NO EVENT SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS BUSINESS INTERRUPTION LOSS OF INFORMATION OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT OR FOR SPECIAL INDIRECT CONSEQUENTIAL INCIDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSI
24. DefaultGWAsPeer P gt 0 lt UseDefaultGWAsPeerlP gt lt InterfaceSelection gt 0 lt InterfaceSelection gt lt WaitForSourcelP gt 0 lt WaitForSourcelP gt lt DialupUseMicrosoftDUN gt 1 lt DialupUseMicrosoftDUN gt lt DialupApp gt c program files aol aol exe lt DialupApp gt lt DialupPhonebook gt text lt DialupPhonebook gt lt DialupLeaveConnected gt 0 lt DialupLeaveConnected gt lt DPDInterval gt 5 lt DPDInterval gt lt DPDAttempts gt 3 lt DPDAttempts gt lt DPDAlwaysSend gt 0 lt DPDAlwaysSend gt lt Peer gt lt Connection gt lt Connection name Office Gateway gt lt Description gt This is the firewall to connect when traveling overseas lt Description gt lt Flags gt lt AutoConnect gt 0 lt AutoConnect gt lt Forcelsakmp gt 1 lt Forcelsakmp gt lt ReEnableOnWake gt 0 lt ReEnableOnWake gt Appendix A Creating and Deploying the Default rcf File for Global VPN Clients Page 45 lt ReconnectOnError gt 1 lt ReconnectOnError gt lt ExecuteLogonScript gt 0 lt ExecuteLogonScript gt lt Flags gt lt Peer gt lt HostName gt amp lt Default Gateway amp gt lt HostName gt lt EnableDeadPeerDetection gt 1 lt EnableDeadPeerDetection gt lt ForceNAT Traversal gt 0 lt ForceNAT Traversal gt lt DisableNAT Traversal gt 0 lt DisableNAT Traversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt lt UseDefaultGWAsPeerIP gt 1 lt UseDefaultGWAsPeerlP
25. E PRODUCT is an upgrade any transfer must include all prior versions of the SOFTWARE PRODUCT e The SOFTWARE PRODUCT is trade secret or confidential information of SonicWALL or its licensors You shall take appropriate action to protect the confidentiality of the SOFTWARE PRODUCT You shall not reverse engineer de compile or disassemble the SOFTWARE PRODUCT in whole or in part The provisions of this section will survive the termination of this SLA LICENSE SonicWALL grants you a non exclusive license to use the SOFTWARE PRODUCT for SonicWALL Internet Security Appliances OEM If the SOFTWARE PRODUCT is modified and enhanced for a SonicWALL OEM partner you must adhere to the software license agreement of the SonicWALL OEM partner SOFTWARE LICENSE AGREEMENT FOR THE SONICWALL GLOBAL VPN CLIENT Page 37 EXPORTS LICENSE Licensee will comply with and will at SonicWALL s reguest demonstrate such compliance with all applicable export laws restrictions and regulations of the U S Department of Commerce the U S Department of Treasury and any other any U S or foreign agency or authority Licensee will not export or re export or allow the export or re export of any product technology or information it obtains or learns pursuant to this Agreement or any direct product thereof in violation of any such law restriction or regulation including without limitation export or re export to Cuba Iran Iraq Libya North Korea Sudan Syria or
26. R Unable to compute shared secret for PFS in phase 2 ERROR Unable to read configuration file ERROR User did not enter XAuth next pin Page 56 SonicWALL Global VPN Client 4 0 Administrator s Guide Table 3 Log Viewer Messages ERROR XAuth CHAP requests are not supported at this time ERROR XAuth failed ERROR XAuth has requested a password but one has not yet been specified INFO The connection has been disabled INFO A certificate is needed to complete phase 1 INFO A phase 2 SA can not be established with until a phase 1 SA is established INFO A pre shared key is needed to complete phase 1 INFO AG failed SA state unknown Peer INFO An incoming ISAKMP packet from was ignored INFO DSS g value INFO DSS p value INFO DSS q value INFO Event publisher deregistered INFO Event publisher registered for INFO Failed to negotiate configuration information with INFO Found CA certificate in CA certificate list INFO Ignoring unsupported payload INFO Ignoring unsupported vendor ID INFO ISAKMP phase 1 proposal is not acceptable INFO ISAKMP phase 2 proposal is not acceptable INFO MM failed Payload processing failed OAK MM KEY EXCH Peer INFO MM failed Payload processing failed OAK MM NO STATE Peer INFO MM failed Payload processing failed OAK MM SA SETUP Peer INFO MM failed SA state not matchin
27. Shield Silent response file 9 Not a valid list type string or number 10 Data type is invalid Page 48 SonicWALL Global VPN Client 4 0 Administrators Guide 11 Unknown error during setup 12 Dialogs are out of order 51 Cannot create the specified folder 52 Cannot access the specified file or folder 53 Invalid option selected Appendix C Running the Global VPN Client from the Command Line Interface The SonicWALL Global VPN Client can run from the Command Line Interface CLI This interface allows for the programmatic or script based initiation of certain Global VPN Client functions without requiring the user to directly act in the Global VPN Client application The Global VPN Client CLI enables the setting up of scripts that automatically initiate a secure tunnel anytime a particular application or connection method is started The CLI commands require the use of a complete path name to the Global VPN Client application followed by various flags and variable information such as username or password N Alert Embedding a user s password directly in a script is a security risk Anyone who can gain access to the script can read the password to circumvent security It is recommended that scripts or programmatic dashboards ask for the password before initiating a connection and then clear the variable Command Line Options You can use the following options to perform a variety of Global
28. SonicWALL Global VPN Client Creating the Silent Installation The format of response files resembles that of an ini file but the response file has an iss extensions A response file is a plain text file consisting of sections containing data entries To create a response file simply run the setup with the r command line parameter Setup exe r Setup records all your installation choices in Setup iss and places the file in the Windows folder To use this response file in a normal installation copy it into the default install location normally Disk1 or the same folder as Setup ins Appendix B SonicWALL Global VPN Client Installation Using the InstallShield Silent Response File Page 47 Playing Back the Silent Installation After you have created the installation and the response file you are ready to run the Global VPN Client installation in silent mode When running an installation in silent mode be aware that no messages are displayed Instead a log file Setup log captures installation information including whether the installation was successful You can review the log file and determine the result of the installation To launch the silent setup run setup with the s command line parameter Setup exe s By default setup looks for the response file in its default location normally Disk1 or the same folder as Setup ins You can specify a different response file using the f1 command line parameter Setup exe s f1 lt p
29. Status tabs General The General page in the Connection Properties dialog box includes the following settings xi General User Authentication Peers Status 3 as dd Specify general settings For this connection Name gateway sonicwall com Description Attributes Other traffic allowed Enabled Default traffic tunneled to peer Disabled Use virtual IP address Enabled I Enable this connection when the program is launched IV Immediately establish security when connection is enabled IV Automatically reconnect when an error occurs T Automatically reconnect when waking from sleep or hibernation I Execute domain logon script when connection is established I Run the following command when connection is established H Cancel Apply Help Name Displays the name of your VPN connection policy Description Displays a pop up text about the connection policy The text appears when your mouse pointer moves over the VPN connection policy Page 24 SonicWALL Global VPN Client 4 0 Administrators Guide Attributes Defines the status of Tunnel All support These settings are controlled at the SonicWALL VPN gateway Other traffic allowed If enabled your computer can access the local network or Internet connection while the VPN connection is active Default traffic tunneled to peer If activated all network traffic not routed to the SonicWALL VPN gateway is blocked When you enable the VPN conne
30. The Peers page allows you to specify an ordered list of VPN gateway peers that this connection policy can use multiple entries allow a VPN connection to be established through multiple VPN gateways An attempt is made to establish a VPN connection to the given VPN gateway peers in the order they appear in the list Office Gateway Properties xj Status l General User Authentication L oS This page allows you to specify an ordered list of peers to which this connection can establish security Specify the list of peers An attempt will be made to establish security to the given peers in the order they appear here Add Edit Remove Cancel App Help To add a peer click Add In the Peer Information dialog box enter the IP address or DNS Name in the IP Address or DNS Name box then click OK e To edit a peer entry select the peer name and click Edit In the Peer Information dialog box make your changes then click OK e To delete a peer entry select the peer entry and click Remove Peer Information Dialog Box The Peer Information dialog box allows you to add or edit peer information Peer Information xj This page allows you to specify an ordered list of peers to which this connection can establish security IP Address or DNS Name F jateway sonicwall cont IT Use the default gateway as the peer IP address Detect when this peer stops responding Dead Peer Detection DPD Settin
31. ability under any provision of this SLA shall be limited to the greater of the amount actually paid by you for the SOFTWARE PRODUCT or U S 10 00 provided however if you have entered into a SonicWALL Support Services Agreement SonicWALL s entire liability regarding Support Services shall be governed by the terms of that agreement Because some states and jurisdiction do not allow the exclusion or limitation of liability the above limitation may not apply to you SonicWALL Global VPN Client Support SonicWALL s comprehensive support services protect your network security investment and offer the support you need when you need it SonicWALL Global VPN Client support is included as part of the support program of your SonicWALL Internet Security Appliance For more information on SonicWALL Support Services please visit http www sonicwall com support You can purchase activate SonicWALL Support Services through your mySonicWALL com account at http www mysonicwall com For Web based technical support please visit http www sonicwall com support contact html Appendix A Creating and Deploying the Default rcf File for Global VPN Clients The default rcf file allows the SonicWALL VPN Gateway administrator to create and distribute preconfigured VPN connections for SonicWALL Global VPN Clients The SonicWALL VPN Gateway administrator can distribute the default rcf file with the Global VPN Client software to automatically create preco
32. allation or add it after installing the Global VPN Client If the SonicWALL VPN Gateway administrator included the default rcf file as part of the Global VPN Client software when the program is installed one or more preconfigured VPN connections are automatically created a Note Creating a Default rcf file and distributing it with the Global VPN Client software allows the SonicWALL VPN Gateway administrator to streamline VPN client deployment and allow users to quickly establish VPN connections When the Global VPN Client software is installed the VPN policy created by the SonicWALL VPN Gateway administrator is automatically created For more information on creating the Default rcf file see Appendix A Creating and Deploying the Default rcf File for Global VPN Clients on page 40 N Alert Your SonicWALL must be configured with GroupVPN to facilitate the automatic provisioning of Global VPN Clients For instructions on configuring your SonicWALL with GroupVPN see your SonicWALL Administrator s Guide Understanding VPN Connection Policies The Global VPN Client allows multiple connection policies to be configured at the same time whether they are provisioned from multiple gateways or imported from one or more files Because connection policies may be provisioned from multiple gateways each connection policy explicitly states allowed behavior in the presence of any connection policy conflicts You may have VPN connections that don t al
33. and add the default rcf file to the default Global VPN Client installation directory C Program Files SonicWALL SonicWALL Global VPN ClienA When the user launches the Global VPN Client the SonicWALL Global VPN Client rcf file is created in the C Documents and Settings lt user gt Application Data SonicWALL SonicWALL Global VPN Client directory based on the default rcf file settings N niert You cannot copy the SonicWALL Global VPN Clientrcf file created from the settings defined in the default rcf file for one Global VPN Client to replace an existing SonicWALL Global VPN Client rcf file of another Global VPN Client N Alert Removing an existing SonicWALL Global VPN Client rcf file will remove the VPN connections created in the Global VPN Client These VPN connections can be added again from the Global VPN Client into the new SonicWALL Global VPN Clientrcf file Appendix A Creating and Deploying the Default rcf File for Global VPN Clients Page 41 Creating the default rcf File You can create your custom default rcf file from any text editor such as Windows Notepad zix File Edit Format Help lt xml version 1 0 standalone yes gt 0 eSw Client policy version 9 0 gt Connect ionss lt Connection name Corporate Firewall gt oeseripeler This is the corporate firewall call 1 800 fix today for problems with lt Flags gt Snutoconnect gt 0 aut oconnect gt lt Forcelsakmp gt 1 lt Forcelsakmp gt lt ReEnab eonwake
34. any other country subject to applicable U S trade embargoes or restrictions or to any party on the U S Export Administration Table of Denial Orders or the U S Department of Treasury List of Specially Designated Nationals or to any other prohibited destination or person pursuant to U S law regulations or other provisions SUPPORT SERVICES SonicWALL may provide you with support services related to the SOFTWARE PRODUCT Support Services Use of Support Services is governed by the SonicWALL policies and programs described in the user manual in online documentation and or in other SonicWALL provided materials Any supplemental software code provided to you as part of the Support Services shall be considered part of the SOFTWARE PRODUCT and subject to terms and conditions of this SLA With respect to technical information you provide to SonicWALL as part of the Support Services SonicWALL may use such information for its business purposes including for product support and development SonicWALL shall not utilize such technical information in a form that identifies its source UPGRADES If the SOFTWARE PRODUCT is labeled as an upgrade you must be properly licensed to use a product identified by SonicWALL as being eligible for the upgrade in order to use the SOFTWARE PRODUCT A SOFTWARE PRODUCT labeled as an upgrade replaces and or supplements the product that formed the basis for your eligibility for the upgrade You may use the result
35. ata Encryption Standard and the new U S Government encryption standard AES Advanced Encryption Standard for dramatically increased security AES requires SonicOS 2 0 GMS Management Allows Global VPN Client connections to be managed by SonicWALL s award winning Global Management System GMS Multi Platform Client Support Supports Windows 98 SE Windows ME Windows NT 4 0 service pack 6 or later Windows 2000 Professional service pack 3 or later Windows XP Professional Windows XP Home Edition and Windows XP Tablet PC Edition NAT Traversal Enables Global VPN Client connections to be initiated from behind any device performing NAT Network Address Translation The SonicWALL Global VPN Client encapsulates IPSec VPN traffic to pass through NAT devices which are widely deployed to allow local networks to use one external IP address for an entire network SonicWALL Global VPN Client Page 5 Automatic Reconnect When Error Occurs Allows the Global VPN Client to keep retrying a connection if it encounters a problem connecting to a peer This feature allows the Global VPN Client to automatically make a connection to a SonicWALL VPN gateway that is temporarily disabled without manual intervention Ghost Installation for Large Scale Installations Enables the Global VPN Client s virtual adapter to get its default address after installation and then create a ghost image NT Domain Logon Script Support Allows Global VPN Clients to pe
36. ath ResponseFile gt To verify if a silent installation succeeded look at the ResultCode value in the ResponseResult section of Setup log InstallShield writes an appropriate return value after the ResultCode keyname Using Setup log to Check for Errors Setup log is the default name for the silent installation log file and its default location is Disk1 in the same folder as Setup ins You can specify a different name and location for the setup log file using the f2 command line parameter Setup exe s f2 lt path LogFile gt The Setup log file contains three sections e The first section InstallShield Silent identifies the version of InstallShield Silent used in the silent installation It also identifies the file as a log file The second section Application identifies the installed application s name and version and the company name The third section ResponseResult contains the result code indicating whether or not the silent installation succeeded An integer value is assigned to the ResultCode keyname in the ResponseResult section The silent setup places one of the following return values after the ResultCode keyname 0 Success 1 General error 2 Invalid mode 3 Required data not found in the Setup iss file 4 Not enough memory available 5 File does not exist 6 Cannot write to the response file 7 Unable to write to the log file 8 Invalid path to the Install
37. bal VPN Client 4 0 Administrators Guide Page 63 SonicWALL Inc 1143 Borregas Avenue T 1 408 745 9600 www sonicwall com SONICWALL gt Sunnyvale CA 94089 1306 F 1 408 745 9300 P N 232 000xxx 00 PROTECTION AT THE SPEED OF BUSINESS Rev A 08 07 2007 SonicWALL Inc is a registered trademark of SonicWALL Inc Other product names mentioned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice 07 07 SW 145 SonicWALL Inc 1143 Borregas Avenue T 1 408 745 9600 www sonicwall com SONICWALL gt Sunnyvale CA 94089 1306 F 1 408 745 9300 P N 232 001144 00 PROTECTION AT THE SPEED OF BUSINESS Rev C 10 07 2007 SonicWALL Inc is a registered trademark of SonicWALL Inc Other product names mentioned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice 07 07 SW 145
38. blish this VPN connection when you launch the SonicWALL Global VPN Client Select Create a shortcut to this connection on the desktop if you want to create a shortcut icon on your desktop for this VPN connection 8 Click Finish The new VPN connection policy appears in the SonicWALL Global VPN Client window amp Note You can change the default name by right clicking the Office Gateway entry and selecting Properties from the menu In the General tab of the Properties dialog box enter the new name in the Name field Importing a VPN Configuration File A VPN connection policy can be created as a file and sent to you by the SonicWALL VPN gateway administrator This VPN configuration file has the filename extension rcf If you received a VPN connection policy file from your administrator you can install it using the Import Connection dialog box The VPN policy file is in the XML format to provide more efficient encoding of policy information Because the file can be encrypted pre shared keys can also be exported in the file The encryption method is specified in the PKCS 5 Password Based Cryptography Standard from RSA Laboratories and uses Triple DES encryption and SHA 1 message digest algorithms Adding VPN Connection Policies Page 15 Alert If your rcf file is encrypted you must have the password to import the configuration file into the Global VPN Client The following instructions explain how to add VPN connection policy by importi
39. ck the name of your SonicWALL on which the Global VPN Client license is activated Select Software Download If this service is not already activated click on Agree to activate it Download the SonicWALL Global VPN Client software and documentation Page 36 SonicWALL Global VPN Client 4 0 Administrator s Guide SOFTWARE LICENSE AGREEMENT FOR THE SONICWALL GLOBAL VPN CLIENT This Software License Agreement SLA is a legal agreement between you and SonicWALL Inc SonicWALL for the SonicWALL software product identified above which includes computer software and any and all associated media printed materials and online or electronic documentation SOFTWARE PRODUCT By opening the sealed package s installing or otherwise using the SOFTWARE PRODUCT you agree to be bound by the terms of this SLA If you do not agree to the terms of this SLA do not open the sealed package s install or use the SOFTWARE PRODUCT You may however return the unopened SOFTWARE PRODUCT to your place of purchase for a full refund e The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as by other intellectual property laws and treaties The SOFTWARE PRODUCT is licensed not sold e Title to the SOFTWARE PRODUCT licensed to you and all copies thereof are retained by SonicWALL or third parties from whom SonicWALL has obtained a licensing right You acknowledge and agree that all right title and interest in and to t
40. claring it as dead The allowed values are 3 4 or 5 times lt DPDAlwaysSend gt Off 0 On 1 lt DPDAlwaysSend gt Instructs the Global VPN Client to send a DPD packet based on network traffic received from the peer lt Peer gt For redundant gateways on this connection repeat all the tags under lt Peer gt There can up to 5 redundant gateways for each connection lt Connection gt Defines the end of each connection profile in the configuration file lt Connections gt Defines the end of all connection profiles in the Default rcf file lt SW_Client_Policy gt Sample default rcf File The following is an example of a default rcf file This file includes two VPN connections Corporate Firewall and Office Gateway The Corporate Firewall connection configuration includes two peer entries for redundant VPN connectivity N Alert If you attempt to directly copy this sample file to an ASCII text editor you may have to remove all of the paragraph marks at the end of each line before saving it Verify the file can be imported into the Global VPN Application before distributing it lt xml version 1 0 standalone yes gt lt SW_Client_Policy version 9 0 gt lt Connections gt lt Connection name Corporate Firewall gt lt Description gt This is the corporate firewall Call 1 800 fix today for problems with connections lt Description gt lt Flags gt lt AutoConnect gt 0 lt AutoConnect gt lt Forcelsakmp gt 1 lt Fo
41. ction always uses Dial Up 2 lt InterfaceSelection gt Forces the interface selection for the VPN connection lt WaitForSourcelP gt Off 0 On 1 lt WaitForSourcelP gt Specifies that packets are to be sent when a local source IP address is available lt DialupUseMicrosoftDUN gt 3 Party 0 Microsoft 1 lt DialupUseMicrosoftDUN gt Instructs the Global VPN Client to use either Microsoft or a third party Dialup connection lt DialupApp gt c Program Files Windows NT dialer exe lt DialupApp gt Specifies the directory path to a third party Dialup connection application including the application name lt DialupPhonebook gt MSWN Office Network Prompt When Necessary lt DialupPhonebook gt Specifies the name of the Microsoft Dialup connection as listed in Network and Dial up Connections for the local computer lt DialupLeaveConnected gt Off 0 On 1 lt DialupLeaveConnected gt Instructs the Global VPN Client to leave the dialup connection logged in when the Global VPN Client is not connected Appendix A Creating and Deploying the Default rcf File for Global VPN Clients Page 43 lt DPDInterval gt 5 30 lt DPDInterval gt Specifies the duration of time in seconds to wait before declaring a peer as dead The interval times listed are incremented by 5 and the allowed values are 5 10 15 20 25 and 30 seconds lt DPDAttempts gt 3 5 lt DPDAttempts gt Specifies number of unsuccessful attempts to contact a peer before de
42. ction with this feature active the Connection Warning message appears Use virtual IP address Allows the VPN Client to get its IP address via DHCP through the VPN tunnel from the gateway Enable this connection when the program is launched Establishes the VPN connection policy as the default VPN connection when you launch the SonicWALL Global VPN Client Immediately establish security when connection is enabled Negotiates the first phase of IKE as soon as the connection is enabled instead of waiting for network traffic transmission to begin This setting is enabled by default Automatically reconnect when an error occurs With this feature enabled if the Global VPN Client encounters a problem connecting to the peer it keeps retrying to make the connection This feature allows a Global VPN Client to make a connection to a VPN connection that is temporarily disabled without manual intervention If the connection error is due to an incorrect configuration such as the DNS or IP address of the peer gateway then the connection must be manually corrected Check the Log Viewer to determine the problem and then edit the connection This option is enabled by default If an error occurs with this option disabled during an attempted connection the Global VPN Client logs the error displays an error message dialog box and stops the connection attempt Automatically reconnect when waking from sleep or hibernation Automatically re enables the VPN co
43. d Key Depending on the attributes for the VPN connection policy if no default Pre Shared Key is used you must have a Pre Shared Key provided by the gateway administrator in order to make your VPN connection If the default Pre Shared Key is not included as part of the connection policy download or file the Enter Pre Shared Key dialog box appears to prompt you for the Pre Shared key before establishing the VPN Enter Pre Shared Key 10 0 79 229 x Enter Pre Shared Key The pre shared key for this connection appears to be incorrect Enter the pre shared key for this connection as specified by your network administrator Pre Shared Key Don t hide the pre shared key ji Cancel Type your Pre Shared Key in the Pre shared Key field The Pre Shared Key is masked for security If you want to make sure you re entering the correct Pre Shared Key check Don t hide the pre shared key The Pre Shared Key you enter appears unmasked in the Pre shared Key field connection 1 purposes 2 3 Click OK Selecting a Certificate If the SonicWALL VPN Gateway requires a Digital Certificate to establish your identity for the VPN connection the Select Certificate dialog box appears This dialog box lists all the available certificates installed on your Global VPN Client Select the certificate from the menu then click OK If you have a certificate that has not been imported into the Global VPN Client using Certificate Manager
44. de Page 5 SonicWALL Global VPN Client The SonicWALL Global VPN Client creates a Virtual Private Network VPN connection between your computer and the corporate network to maintain the confidentiality of private data The Global VPN Client provides an easy to use solution for secure encrypted access through the Internet or corporate dial up facilities for remote users as well as secure wireless networking for SonicWALL Secure Wireless appliance clients using SonicWALL s WiFiSec technology Custom developed by SonicWALL the Global VPN Client combines with Group VPN on SonicWALL Internet Security Appliances to dramatically streamline VPN deployment and management Using SonicWALL s Client Policy Provisioning technology the SonicWALL administrator establishes the VPN connections policies for the Global VPN Clients The VPN configuration data is transparently downloaded from the SonicWALL VPN Gateway SonicWALL Internet Security Appliance to Global VPN Clients removing the burden of provisioning VPN connections from the user SonicWALL Global VPN Client Features The SonicWALL Global VPN Client delivers a robust IPSec VPN solution with these features Easy to Use Provides an easy to follow Installation Wizard to quickly install the product an easy to follow Configuration Wizard with common VPN deployment scenarios point and click activation of VPN connections and streamlined management tools to minimize support requirements Client Polic
45. des 25 WAN Global VPN Client Licenses PRO 4060 Includes unrestricted WLAN Global VPN Client Licenses Enhanced Includes 1 000 WAN Global VPN Client Licenses PRO 4100 Includes unrestricted WLAN Global VPN Client Licenses Enhanced Includes 1 500 WAN Global VPN Client Licenses PRO 5060 Includes unrestricted WLAN Global VPN Client Licenses Enhanced Includes 2 000 WAN Global VPN Client Licenses Activating Your SonicWALL Global VPN Clients In order to activate and download your SonicWALL Global VPN Client software you must have a valid mysonicwall com account and your SonicWALL product must be registered to your account If you do not have a mysonicwall com account or if you have not registered your product to your account create an account and then follow the registration instructions at hito www mysonicwall com To activate your Global VPN Client license 1 PYN 6 Log in to your mysonicwall com account Select the registered SonicWALL Internet Security Appliance Select Global VPN Client from the Applicable Services menu Select Activate Type in your activation key in the Activation Key field Click Submit Upon successful activation a confirmation message will be displayed For future reference record the Serial Number of the SonicWALL product Your license activation is now complete Downloading Global VPN Client Software and Documentation 1 2 3 In the My Products page cli
46. dition of the SonicWALL Global VPN Client as well as the system it s running on Information in this report includes Version information Drivers System information IP addresses route table Current log messages To view the report in the default text editor window click View nll J aj To save the report to a text file click Save As To send the report via e mail click Send To close the report window without taking any action click Don t Send Troubleshooting the SonicWALL Global VPN Client Page 33 Accessing Technical Support Selecting Help gt Technical Support accesses the SonicWALL Support site at http www sonicwall com support The SonicWALL Support site offer a full range of support services including extensive online resources and information on SonicWALL s enhanced support programs Viewing Help Topics Selecting Help gt Help Topics displays SonicWALL Global VPN Client help system window You can access help topics using the following options Contents displays help in a table of contents view Index displays help in an alphabetical topic view Search allows you to search the help system using keywords Uninstalling the SonicWALL Global VPN Client Windows 98 SE You can easily uninstall the SonicWALL Global VPN Client and choose to save or delete your VPN connection policies as part of the uninstall process To uninstall the SonicWALL Global VPN Client N Alert
47. e 35 You can upgrade the SonicWALL Global VPN Client from an earlier version to 4 0 without uninstalling the earlier version A N hiert If you are upgrading SonicWALL Global VPN Client from an earlier version to 4 0 and want to use the Retain MAC Address uninstall feature of the SonicWALL Virtual Adapter you must uninstall the earlier version before installing Global VPN Client 4 0 a F Using the Setup Wizard The following steps explain how to install the SonicWALL Global VPN Client program using the Setup Wizard You use the Setup Wizard for a new Global VPN Client installation or upgrading a previous version of the SonicWALL Global VPN Client If you re upgrading your Global VPN Client software the Setup Wizard doesn t display all the same pages as a new installation Alert Remove any installed 3rd Party VPN client program before installing the SonicWALL Global VPN Client Alert You must use a Zip program to unzip the SonicWALL Global VPN Client program files before installing it 1 Unzip the SonicWALL Global VPN Client program 2 Double click setup exe The Setup Wizard launches Page 10 SonicWALL Global VPN Client 4 0 Administrators Guide 4 Close all applications and disable any disk protection and personal firewall software running on your computer Click Next 6 Click Next to accept the default location and continue installation or click Browse to specify a different location 7 Click Install Th
48. e Ee eie 39 NO OTHER WARRANTIES see Ee ie ere oe ve ee ees es we ee 39 LIMITATION OF LIABILITY es ee ce se De ve oe ee ees es ait 39 SonicWALL Global VPN Client Support sesse ses 40 Appendix A Creating and Deploying the Default rcf File for Global VPN Clients ii fest EE Re ee es ed ge ee wie 40 How the Global VPN Client uses the default rcf File iese esse esse 40 Deploying the default rcf File esse ee ee ae 40 Creating the default rcf File iese ee Re AA ee ee 42 sample deiaulttef File is ER ee ED ee ed 44 Troubleshooting the deafult rcf File esse ee AA ee ee 47 Appendix B SonicWALL Global VPN Client Installation Using the InstallShield Silent Response File cec00 47 Creating the Silent Installation cccceceeeeeseeceeeeeeeeeeeeeeeeeeeeeeneeeaes 47 Playing Back the Silent Installation esse Re ee 48 Using Setup log to Check for EFFOIS sesse ee ee ee ee ee ee ee ee ee ee ee ee 48 Appendix C Running the Global VPN Client from the Command Line Interface sis eed ee ee se ee Ee 49 Command Line ODUGNS ies EER sie en gie ee oge Se SERE EER ee 49 Command Line Examples iii see ee AA ee ee ee ee 49 Page 4 SonicWALL Global VPN Client 4 0 Administrators Guide Appendix D Installing the Global VPN Client with a GhostApplicati f EE ES ED GO eens 50 Appendix E Log Viewer Messages sisie ss sesse ses 50 SonicWALL Global VPN Client 4 0 Administrators Gui
49. e Setup Wizard installs the Global VPN Client files on your computer After the Setup Wizard installs the Global VPN Client the Setup Complete page is displayed Installing the SonicWALL Global VPN Client Page 11 8 Select Start program automatically when users log in to automatically launch the VPN Global Client when you log onto the computer if desired 9 Select Launch program now to automatically launch the Global VPN Client after finishing the installation if desired 10 Click Finish Adding VPN Connection Policies Adding a new VPN connection policy is easy because SonicWALL s Client Policy Provisioning automatically provides all the necessary configuration information to make a secure connection to the local or remote network The burden of configuring the VPN connection parameters is removed from the Global VPN Client user VPN connection policies can be created using three methods e Download the VPN policy from the SonicWALL VPN Gateway to the Global VPN Client using the New Connection Wizard This wizard walks you through the process of locating the source of your configuration information and automatically downloads the VPN configuration information over a secure IPSec VPN tunnel e Import a VPN policy file into the SonicWALL Global VPN Client The VPN policy is sent to you as a file which you install using the Import Connection dialog box e Install the default rcf file as part of the Global VPN Client software inst
50. eNATTraversal and DisableNAT Traversal to 0 or do not list these tags at all lt ForceNATTraversal gt Off 0 On 1 lt ForceNATTraversal gt Forces NAT traversal even without a NAT device in the middle Normally NAT devices in the middle are automatically detected and UDP encapsulation of IPSEC traffic starts after IKE negotiation is complete lt DisableNATTraversal gt Off 0 On 1 lt DisableNATTraversal gt Disables NAT traversal even without a NAT device in the middle Normally NAT devices in the middle are automatically detected and UDP encapsulation of IPSEC traffic starts after IKE negotiation is complete lt NextHop gt P Address lt NextHop gt The IP Address of the next hop for this connection This is ONLY used if there is a need to use a next hop that is different from the default gateway lt Timeout gt 3 lt Timeout gt Defines timeout value in seconds for packet retransmissions The minimum lt Timeout gt value is 1 second and the maximum value is 10 seconds lt Retries gt 3 lt Retries gt Number of times to retry packet retransmissions before the connection is considered as dead The minimum lt Retries gt value is 1 and the maximum value is 10 lt UseDefaultGWAsPeerIP gt Off 0 On 1 lt UseDefaultGWAsPeerIP gt Specifies that the PC s Default Gateway IP Address is used as the Peer IP Address lt InterfaceSelection gt Automatically selects the connection based on link and IP detection 0 Connection always uses LAN 1 Conne
51. ername and password Please enter your username and password assigned to you by your network administrator Usemame i Password G The peer does not allow saving of usemame and password Lo Cancel Connection Warning If the VPN connection policy allows only traffic to the gateway the Connection Warning message appears warning you that only network traffic destined for the remote network at the other end of the VPN tunnel is allowed Any network traffic destined for local network interfaces and the Internet is blocked Connection Warning x Enabling this connection will block all traffic that does not get sent to the peer This means that you may no longer be able to browse the Intemet share local files etc Do you want to continue IT If yes don t show this dialog again You can disable the Connection Warning message from displaying every time you enable the VPN connection by checking If yes don t show this dialog box again Click Yes to continue with establishing your VPN connection Disabling a VPN Connection Disabling a VPN connection terminates the VPN tunnel You can disable a VPN connection using any of the following methods e Right click the SonicWALL Global VPN Client icon on the system tray and choose Disable gt connection policy Right click the VPN connection policy in the SonicWALL Global VPN Client window and select Disable e Select the connection policy then press Ctrl B
52. ess in the Choose Scenario page the Remote Access page is displayed Type the IP address or FQDN of the gateway in the IP Address or Domain Name field The information you type in the IP Address or Domain Name field appears in the Connection Name field If you want a different name for your connection type the new name for your VPN connection policy in the Connection Name field Click Next The Completing the New Connection Wizard page is displayed New Connection Wizard xj Remote Access To use the remote access scenario specify the gateway s domain name or IP address Specify the domain name or IP address of the security gateway IP Address or Domain Name You may also specify a name for this connection Connection Name To continue click Next 6 If you selected Office Gateway in the Choose Scenario page the Completing the New Connection Wizard page is displayed New Connection Wizard x Completing the New Connection S Wizard Your new connection is ready to be added to your configuration You can set the following options for this new connection I Create a desktop shortcut for this connection IT Enable this connection when the program is launched To complete this wizard click Finish j Cancel 7 Inthe Completing the New Connection Wizard page select any of the following options Select Enable this connection when the program is launched if you want to automatically esta
53. g mask process auth Peer INFO MM failed SA state not matching mask process key Peer INFO MM failed SA state not matching mask process sa Peer INFO MM failed SA state unknown Peer INFO NAT Detected Local host is behind a NAT device INFO NAT Detected Peer is behind a NAT device Appendix E Log Viewer Messages Page 57 Table 3 Log Viewer Messages INFO peer certificate missing key value INFO Phase 1 has completed INFO Phase 1 SA lifetime set to INFO Phase 2 negotiation has failed INFO Phase 2 SA lifetime set to INFO Phase 2 with has completed INFO Proposal not acceptable not authentication algorithm specified INFO Proposal not acceptable not Diffie Hellman group specified INFO Proposal not acceptable not encryption algorithm specified INFO Proposal not acceptable not hash algorithm specified INFO Proposal not acceptable proposal not found in list INFO QM failed Load SA failed Peer INFO Reading configuration file INFO Ready to negotiate phase 2 with INFO Received address notification notify INFO Received attributes not supported notify INFO Received authentication failed notify INFO Received bad syntax notify INFO Received certificate unavailable notify INFO Received dead peer detection acknowledgement INFO Received dead peer detection request INFO Received initial contact notify
54. grams gt SonicWALL Global VPN Client The first time you open the SonicWALL Global VPN Client the New Connection Wizard automatically launches New Connection Wizard x Welcome to the New Connection S Wizard This wizard will guide you through the process of adding a new connection to your configuration To continue click Next 2 Ifthe New Connection Wizard does not display click the New Connection Wizard icon on the far left side of the toolbar to launch the New Connection Wizard Click Next Adding VPN Connection Policies Page 13 3 Inthe Choose Scenario page you can click on View Scenario to view a diagram of each type of VPN connection i New Connection Wizard E i Choose Scenario To add a new connection you must choose the scenario that best fits how you will be using this connection Clicking on the Remote Access View Scenario links displays the diagram for this type of VPN connection Internet Internet Router VPN Client VIP 10 10 10 20 LAN Desktop N De LAN Server 10 10 10 2 0 10 10 10 10 201 Internet WAN Port i Clie DHCP 172 16 31 2 7 G py LAN Port Pi A WiFiSec Client DHCP 172 16 31 3 i WiFiSec Client DHCP 172 16 31 4 LAN Desktop LAN Desktop LAN Server 10 10 10 2 10 10 10 3 10 10 10 204 4 Select Remote Access or Office Gateway and then click Next Page 14 SonicWALL Global VPN Client 4 0 Administrators Guide 5 If you selected Remote Acc
55. gs NAT Traversal Automatic h Interface Selection Automatic z LAN Settings Dial Up Settings Response Timeout Maximum Send Attempts 3 Seconds E 3 Attempts had oes a Note When configuring redundant VPN gateways the Group VPN policy attributes such as pre shared keys and the attributes on the Peer Information window must be the same for every gateway IP Address or DNS Name Specifies the peer VPN gateway IP address or DNS name Use the default gateway as the peer IP address Specifies the default gateway as the peer IP address Detect when this peer stops responding Dead Peer Detection Automatically initiates VPN connection again if the VPN gateway does not respond for three consecutive heart beats The Global VPN Client exchanges heart beat packets to detect if the peer gateway is alive This setting is enabled by default Page 26 SonicWALL Global VPN Client 4 0 Administrators Guide DPD Settings Displays the Dead Peer Detection Settings dialog box Dead Peer Detection Settings E x This window allows you to specify advanced settings for dead peer detection DPD Check for dead peer every 5 Seconds Assume peer is dead after 5 Failed Checks bd Specify the conditions under which DPD packets will be sent Only when no traffic is received from the peer Whether or not traffic is received from the peer Cancel Check for dead peer every choose from 5 10 15
56. gt lt InterfaceSelection gt 0 lt InterfaceSelection gt lt WaitForSourcelP gt 0 lt WaitForSourcelP gt lt DialupUseMicrosoftDUN gt 1 lt DialupUseMicrosoftDUN gt lt DialupApp gt c program files aol aol exe lt DialupApp gt lt DialupPhonebook gt text lt DialupPhonebook gt lt DialupLeaveConnected gt 0 lt DialupLeaveConnected gt lt DPDInterval gt 5 lt DPDInterval gt lt DPDAttempts gt 3 lt DPDAttempts gt lt DPDAlwaysSend gt 0 lt DPDAlwaysSend gt lt Peer gt lt Connection gt lt Connections gt lt SW_Client_Policy gt Page 46 SonicWALL Global VPN Client 4 0 Administrator s Guide Troubleshooting the deafult rcf File Table 2 Troubleshooting the default rcf File Issue Solution If there are any incorrect entries or typos in your default rcf file the settings in the default rcf file will not be incorporated into the Global VPN Client and no connection profiles will appear in the Global VPN Client window The error message Failed to parse configuration lt file gt will appear in the Global VPN Client Log Viewer or the following error message will be displayed when attempting to import the file Could not import the specified configuration file The file appears to be corrupt Ensure that the file does not contain any non ASCII characters The SonicWALL Global VPN Client rcf file created by the default rcf file must be deleted from the directory and the default rcf file edited to correc
57. gt 0 lt ReEnableonwake gt lt Flags gt lt Peer gt lt HostName gt 0 0 0 0 lt HOstName gt lt Enab eDbeadPeer Detect jon gt 1 lt Enab eDeadPeer Detection gt lt ForceNaTTraversal gt 0 lt For ceNATTraversal lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt lt Peer gt lt Peer gt lt HostName gt Redundant acme com lt HostName gt lt Enab eDeadPeer Detect jon gt 1 lt Enab ebeadPeer Detect ion gt lt ForcenaTTraversal gt 0 lt ForceNaTTraversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt lt Peer gt lt connection gt lt Connection name overseas office gt OE Gr inti one Tas is the firewall to connect when travelling overseas lt Description gt lt Flags gt Shut oConnect gt 0 lt autoConnect gt lt ForceIsakmp gt 1 lt Forcelsakmp gt lt ReEnab eonwak e gt 0 lt ReEnab eonwake gt lt Flags gt lt Peer gt lt HostName gt Q 0 0 0 lt HostName gt lt Enab eDeadPeer Detect i on gt 1 lt Enab ebeadPeer Detect ion gt lt ForcenaTTraversal gt 0 lt ForceNaTTraversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt T imeout gt lt Retries gt 3 lt Retries gt lt Pear gt lt f Connection gt lt Connections gt lt sw_Client_Policy gt default rcf File Tag Descriptions Tag that you do not explicitly list in the default rcf are set
58. he SOFTWARE PRODUCT including all associated intellectual property rights are and shall remain with SonicWALL This SLA does not convey to you an interest in or to the SOFTWARE PRODUCT but only a limited right of use revocable in accordance with the terms of this SLA e The SOFTWARE PRODUCT is licensed as a single product Its component parts may not be separated for use on more than one computer e You may install and use one copy of the SOFTWARE PRODUCT or any prior version for the same operating system on a single computer e You may also store or install a copy of the SOFTWARE PRODUCT on a storage device such as a network server used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network However you must acquire and dedicate a license for each separate computer on which the SOFTWARE PRODUCT is installed or run from the storage device A license for the SOFTWARE PRODUCT may not be shared or used concurrently on different computers e You may not resell or otherwise transfer for value the SOFTWARE PRODUCT e You may not rent lease or lend the SOFTWARE PRODUCT e You may permanently transfer all of your rights under this SLA provided you retain no copies you transfer all of the SOFTWARE PRODUCT including all component parts the media and printed materials any upgrades and this SLA the recipient agrees to the terms of this SLA and you obtain prior written consent from SonicWALL If the SOFTWAR
59. hide the status bar in the Log Viewer window choose View gt Status Bar Configuring the Log The Logging page in the Options dialog box specifies the settings for configuring the GLobal VPN Client Log behavior General Logging Ef Specify settings For logging Maximum number of log messages to keep 0 means no maximum I Log ISAKMP header information T Log dead peer detection packets T Log NAT keep alive packets I Enable automatic logging of messages to a file Settings Maximum number of log messages to keep Specifies the maximum number of log messages kept in the log file Log ISAKMP header information Enables the logging of ISAKMP header information Log dead peer detection packets Enables the logging of dead peer detection packets Log NAT keep alive packets Enables the logging of NAT keep alive packets Enable automatic logging of messages to file Enables automatic logging of messages to a file as specified in the Auto Logging window Settings Clicking on Settings displays the Auto Logging window Configuring Auto Logging Clicking on Settings displays the Auto Logging window for specifying settings for auto logging of messages to a file Log files are saved as text files txt Auto Logging xj yf Specify settings For auto logging messages to a file Enter the name of the auto log file I Overwrite existing file when auto logging starts I Set size limit on au
60. ing upgraded product only in accordance with the terms of this SLA If the SOFTWARE PRODUCT is an upgrade of a component of a package of software programs that you licensed as a single product the SOFTWARE PRODUCT may be used and transferred only as part of that single product package and may not be separated for use on more than one computer COPYRIGHT All title and copyrights in and to the SOFTWARE PRODUCT including but not limited to any images photographs animations video audio music text and applets incorporated into the SOFTWARE PRODUCT the accompanying printed materials and any copies of the SOFTWARE PRODUCT are owned by SonicWALL or its suppliers licensors The SOFTWARE PRODUCT is protected by copyrights laws and international treaty provisions Therefore you must treat the SOFTWARE PRODUCT like any other copyrighted material except that you may install the SOFTWARE PRODUCT on a single computer provided you keep the original solely for backup or archival purposes You may not copy the printed materials accompanying the SOFTWARE PRODUCT U S GOVERNMENT RESTRICTED RIGHTS If you are acquiring the Software including accompanying documentation on behalf of the U S Government the following provisions apply If the Software is supplied to the Department of Defense DOD the Software is subject to Restricted Rights as that term is defined in the DOD Supplement to the Federal Acquisition Regulations DFAR in
61. ions for managing the program Open SonicWALL Global VPN Client Opens the program window Enable Displays a menu of VPN connection policies Specifying Global VPN Client Launch Options Page 23 e Disable Allows you to disable active VPN connections e Open Log Viewer Opens the Log Viewer to view informational and error messages See page 31 for more information on the Log Viewer e Open Certificate Manager Opens the Certificate Manager See page 30 for more information on the Certificate Manager e Exit Exits the SonicWALL Global VPN Client window and disables any active VPN connections Moving the mouse pointer over the SonicWALL Global VPN Client icon in the system tray displays the number of enabled VPN connections The Global VPN Client icon in the system tray also acts as a visual indicator of data passing between the Global VPN Client and the SonicWALL gateway Managing VPN Connection Policy Properties The Connection Properties dialog box includes the controls for configuring a specific VPN connection profile To open the Connection Properties dialog box choose one of the following methods e Select the connection policy and choose File gt Properties e Right click the connection policy and select Properties e Select the connection policy and click the Properties button on the SonicWALL Global VPN Client window toolbar The Connection Properties dialog box includes the General User Authentication Peers and
62. ity to route clear traffic to directly connected network interfaces that are configured with the Route All policy which is generally used in the WLAN zone Program Auto Start on VPN Connection Automatically launches a program with optional arguments when successful VPN connections are established as specified in the Connection Properties dialog box Page 6 SonicWALL Global VPN Client 4 0 Administrators Guide Global VPN Client Enterprise Global Security Client SonicWALL Global Security Client combines gateway enforcement central management configuration flexibility and software deployment to deliver comprehensive desktop security to mobile workers and corporate networks Global Security Client protection includes the SonicWALL Distributed Security Client and the SonicWALL Global VPN Client Enterprise combined with centrally managed security policies via the SonicWALL Internet Security Appliance and SonicWALL s industry leading Distributed Enforcement Architecture DEA Global VPN Client Enterprise provides the same functionality as the Global VPN Client with the added feature of license sharing On the remote client desktop the SonicWALL Global VPN Client Enterprise Distributed Security Client and DEA Client provide client security and secure IPSec VPN access to the corporate network The SonicWALL Distributed Security Client enforces firewall protection at the desktop from centrally managed security policies The DEA Client monitors the
63. k red x appears on the VPN connection policy icon A VPN policy that doesn t successfully complete all phase 2 connections displays a yellow warning symbol on the policy icon wD Note f the Global VPN Client doesn t establish the VPN connection you can use the Log Viewer to view the error messages to troubleshoot the problem See Understanding the Global VPN Client Log on page 31 for more information Page 18 SonicWALL Global VPN Client 4 0 Administrators Guide To establish a VPN connection using a VPN connection policy you created in the Global VPN Client follow these instructions 1 Enable a VPN connection policy using one of the following methods If you selected Enable this connection when the program is launched in the New Connection Wizard the VPN connection is automatically established when you launch the SonicWALL Global VPN Client If your VPN connection isn t automatically established when you launch the Global VPN Client choose one of the following methods to enable a VPN connection Double click the VPN connection policy Right click the VPN connection policy icon and select Enable from the menu Select the VPN connection policy and press Ctrl B Select the VPN connection policy and click the Enable button on the toolbar Select the VPN connection policy and then choose File gt Enable If the Global VPN Client icon is displayed in the system tray right click the icon and then select Enable gt connec
64. l A selects all the connection policies in the SonicWALL Global VPN Client window Managing VPN Connection Policies Page 29 Managing Certificates The Certificate Manager allows you to manage digital certificates used by the SonicWALL Global VPN Client for VPN connections If your VPN gateway uses digital certificates you must import the CA and Local Certificates into the Certificate Manager To open the Certificate Manager click the Certificate Manager button on the SonicWALL Global VPN Client window toolbar choose View gt Certificate Manager or press Ctrl M amp SonicWALL Global PN Client Certificate Manager loj x File View Help N aa 3 User Certificates Name Value EH Union Atlantic Rail version Post Office for Wid Serial number OOF2 SBE4 4465 OD2C 12 Walla Walla Sweet Key Algorithm Baseball Team Usa Signature Algorithm md5R54 Valid From 04 27 05 00 19 16 E Pots For E g di jy veryone valid to 04 26 08 00 19 16 A ertificates Valid SonicWALL CA a Truste CA QA CertAuth QA Test Unit 1024 Q i i RSA 1024 Bits ICN Q4 CertAuth OU 04 Test Unit 1024 D 0A Certificate Authority for 1024 RSA L Santa Clarita The left pane of the Certificate Manager window lists the active Local and CA certificates currently used by your VPN policies User Certificates list the local digital certificates used to establish the VPN Security Association CA Certificates list the digital certificates used to valida
65. lert Exiting the SonicWALL Global VPN Client from the system tray icon menu disables any active VPN connections aye Tip You can change the default launch setting for SonicWALL Global VPN Client see Specifying Global VPN Client Launch Options on page 23 for more information aye Tip You can create a shortcut to automatically launch the SonicWALL Global VPN Client window and make the VPN connection from the desktop taskbar or Start menu See Creating a VPN Policy Shortcut on page 22 for more information aye Tip You can launch the SonicWALL Global VPN Client from the command line See Appendix C Running the Global VPN Client from the Command Line Interface on page 49 for more information Making VPN Connections Making a VPN connection from the Global VPN Client is easy because the configuration information is managed by the SonicWALL VPN gateway The SonicWALL administrator sets the parameters for what is allowed and not allowed with the VPN connection policy For example for security reasons the SonicWALL VPN Gateway administrator may not allow multiple VPN connections or the ability to access the Internet or local network while the VPN connection is enabled Launching the SonicWALL Global VPN Client Page 17 The Global VPN Client support two IPSec Keying modes IKE using Preshared Secret and IKE using 3rd Party Certificates Preshared Secret is the most common form of the IPSec Keying modes If your VPN connection p
66. lient software When the user installs the Global VPN Client program the SonicWALL Global VPN Client rcf file is automatically created in the C Documents and Settings lt user gt Application Data SonicWALL SonicWALL Global VPN Client directory based on the settings defined in the default rcf file This is the easiest method for Global VPN Client users N Alert The default rcf file must be included in the default Global VPN Client installation directory C Program Files SonicWALL SonicWALL Global VPN Client for the program to write the SonicWALL Global VPN Client rcf file based on the settings defined in the default rcf file Add the default rcf file to the Default Global VPN Client Directory If the Global VPN Client software is installed without VPN connections the user can add the default rcf file to the default Global VPN Client installation directory C Program Files SonicWALL SonicWALL Global VPN Client When the user launches the Global VPN Client the SonicWALL Global VPN Client rcf file is created in the C Documents and Settings lt user gt Application Data SonicWALL SonicWALL Global VPN Client directory based on the default rcf file settings Replace the Existing SonicWALL Global VPN Client rcf File If the Global VPN Client is installed with VPN connections the user can remove the SonicWALL Global VPN Client rcf file from the C Documents and Settings lt user gt Application Data SonicWALL SonicWALL Global VPN Client directory
67. low other VPN connections or Internet and network connections while the VPN policy is enabled The VPN connection policy includes all the parameters necessary to establish secure IPSec tunnels to the gateway A connection policy includes Phase 1 and Phase 2 Security Associations SA parameters including e Encryption and authentication proposals e Phase 1 identity payload type Phase 2 proxy IDs traffic selectors e Client Phase 1 credential Allowed behavior of connection in presence of other active connections e Client caching behavior Page 12 SonicWALL Global VPN Client 4 0 Administrators Guide Understanding Digital Certificates If digital certificates are required as part of your VPN connection policy your gateway administrator must provide you with the required information to import the certificate You then need to import the certificate in the Global VPN Client using the Certificate Manager Alert f digital certificates are required as part of your VPN connection policy your VPN gateway administrator must provide you with the required certificates a Note For instructions on importing a certificate into the Global VPN Client see Managing Certificates on page 30 Using the New Connection Wizard The New Connection Wizard provides easy configuration for the following VPN connection scenarios e Remote Access You choose this scenario if you want secure access to a remote VPN gateway from any wired or wireless
68. ndant VPN Gateway ee ee ee RR ee ee 18 Enabling a VPN ConnectON sees ese se ee ee ee RR ee ee ee ee ee ee 18 Establishing Multiple ConnectionS sesse esse ee ee ee ee ee ee ee ee ee 19 Entering a Pre Shared Key iis ese ee ek ee AA ee ee 20 Selecting a Ode OE N N AR AE ON 20 Username and Password Authentication iese ee ee 20 Connection VV ANTI Ge ss ed ER Ee EER 21 Disabling a VPN Connection iss ese sesse ee se se se se ee ee 21 Checking the Status of a VPN Connection 21 Page 2 SonicWALL Global VPN Client 4 0 Administrators Guide Creating a VPN Policy Shortcut ss ss sesse sesse esse se se se 22 Specifying Global VPN Client Launch Options 23 Managing the Global VPN Client System Tray Icon 23 Managing VPN Connection Policy Properties 24 GER AR AA OE NO WE N EG 24 User Authentication Ai ER Re consi wndiaasauavasiecwesta 25 Sie ese ce ES De OR GE le dee 2 toate oles Gan 26 COPEL Silesia EE DE BE EE ER cd eh ta louise pense each ae at ea ve 28 Managing VPN Connection Policies ce eeee eens 29 Arranging Connection Policies ee ee AA ee ee 29 Renaming a Connection Policy see ee AA ee 29 Deleting a Connection Policy is cues a Re ge Ee 29 Selecting All Connection Policies ee ee Re ee 29 Managing Certificates sesse ese ee Ge Ge Ee ee 30 Troubleshooting the SonicWALL Global VPN Client 30
69. nection policy to access the networks of multiple SonicWALL Secure Wireless appliances Automatic Configuration of Redundant Gateways from DNS When an IPSec gateway domain name resolves to multiple IP addresses the Global VPN Client version 2 1 0 0 or higher uses the IP addresses in the list as failover gateways New Features in SonicWALL Global VPN Client 4 0 The following new features are supported on the SonicWALL Global VPN Client 4 0 release Tunnel State Display Enhancement The Global VPN Client now provides additional information about the state of VPN tunnels In addition to the states of enabled disabled and connected the Global VPN Client now indicates when tunnels are authenticating provisioning and connecting Tunnel Status Pop Up Window The Global VPN Client now alerts users when tunnels are connected or disconnected by displaying a small pop up window Smart Card and USB Token Authentication The Global VPN Client is now integrated with the Microsoft Cryptographic Application Program MS CryptoAPI or MSCAPI which enables the Global VPN Client to support user authentication using digital certificates on Smart cards and USB tokens NAT T IKE 03 Draft Support To improve compatibility with NAT T IKE 03 UDP encapsulation now uses port 4500 instead of port 500 DNS Redirect DNS queries to DNS suffix associated with Virtual Adapter are not sent on the physical adapter Tunnel All Support Enhancement Provides the abil
70. nfigured VPN connections for streamlined deployment The VPN connections created from the default rcf file appear in the SonicWALL Global VPN Client window The Global VPN Client user simply enables the VPN connection and after XAUTH authentication with a username and password the policy download is automatically completed How the Global VPN Client uses the default rcf File When the Global VPN Client starts up the program always looks for the SonicWALL Global VPN Client rcf file in the C Documents and Settings lt user gt Application Data SonicWALL SonicWALL Global VPN Client directory If this file does not exist the Global VPN Client looks for the default rcf file in the C Program Files SonicWALL SonicWALL Global VPN Client directory The Global VPN Client reads the default rcf file if it exists and creates the SonicWALL Global VPN Client rcf file in the C Documents and Settings lt user gt Application Data SonicWALL SonicWALL Global VPN Client directory The encrypted SonicWALL Global VPN Client rcf file contains all the VPN connection configuration information for the SonicWALL Global VPN Client Deploying the default rcf File There are three ways to deploy the default rcf file for your SonicWALL Global VPN Clients Page 40 SonicWALL Global VPN Client 4 0 Administrators Guide Include the default rcf File with the Global VPN Client Software After you create the default rcf file you can include it with the SonicWALL Global VPN C
71. ng a connection policy file provided by your gateway administrator 1 2 Choose Start Programs SonicWALL Global VPN Client Select File Import Connection The Import Connection dialog box is displayed xi This window allows you to import connection settings from a configuration file Specify the name of the configuration file to import Tf the file is encrypted specify the password Le Cancel Type the file path for the configuration file in the Specify the name of the configuration file to import field or click the browse button to locate the file If the file is encrypted enter the password in the If the file is encrypted specify the password field Click OK Configuring a Dial Up VPN Connection You can use a dial up Internet connection to establish your VPN connection You can create a Remote Access VPN connection policy using the Make New Connection wizard or use an existing VPN connection policy and then configure the VPN connection policy to use a Microsoft Dial Up Networking phone book entry or a third party dial up application You can also use a dial up connection as an automatic backup for your VPN connection in the event your broadband Internet connection is disabled N niert Make sure you create your dial up connection profile using Microsoft Dial up Networking or your third party dial up application before configuring your dial up VPN connection policy 1 Create a VPN connection policy usi
72. ng the New Connection Wizard or use an existing VPN connection policy Right click the VPN connection policy and select Properties from the menu The Properties dialog box is displayed Click the Peers tab Click Edit The Peer Information dialog box is displayed Use the default Automatic option in the Interface Selection menu if you want the Global VPN Client to automatically determine whether to use the LAN or Dial Up interface based on availability If the LAN interface is active the Global VPN Client uses this interface first If the LAN interface is not available the Global VPN Client uses the dial up connection If you want this VPN connection policy to use a dial up connection select Dial Up Only from the Interface Selection menu Click Dial Up Settings The Dial Up Settings dialog box is displayed If you re using Microsoft Dial Up Networking check Use Microsoft dial up networking and select the dial up networking profile from the Phonebook Entry list Select Do not hang up the modem when disabling this connection if you want to remain connected to the Internet after disabling the Global VPN Client connection If you re using a third party dial up application select Use a third party dial up application and then enter the path for the program in the Application field or click browse to locate the program Click OK three times to return to the SonicWALL Global VPN Client window Page 16 SonicWALL Global VPN Client 4 0 Admini
73. nger Outside of the United States neither these remedies nor any product Support Services offered by SonicWALL are available without proof of purchase from an authorized SonicWALL international reseller or distributor NO OTHER WARRANTIES To the maximum extent permitted by applicable law SonicWALL and its suppliers licensors disclaim all other warranties and conditions either express or implied including but not limited to implied warranties of merchantability fitness for a particular purpose title and non infringement with regard to the SOFTWARE PRODUCT and the provision of or failure to provide Support Services This Limited Warranty gives you specific legal rights You may have others which vary from state jurisdiction to state jurisdiction LIMITATION OF LIABILITY To the maximum extent permitted by applicable law in no event shall SonicWALL or its suppliers licensors be liable for any damages including without limitation special incidental indirect or consequential whatsoever including without limitation damages for loss of business profits business interruption loss of business information or any other pecuniary loss arising out of the use of or inability to use the SOFTWARE PRODUCT or the provision of or failure to provide Support Services even if SOFTWARE LICENSE AGREEMENT FOR THE SONICWALL GLOBAL VPN CLIENT Page 39 SonicWALL has been advised of the possibility of such damages In any case SonicWALL s entire li
74. nnection policy after the computer wakes from a sleep or hibernation state This setting is disabled by default Execute logon script when connected Allows the Global VPN Client to perform domain authentication after logging into the SonicWALL VPN Gateway and establishing a secure tunnel Run the following command when connection is established Allows a program to be automatically executed with optional arguments when successful VPN connections are established User Authentication The User Authentication page allows you to specify a username and password when user authentication is required by the gateway If the SonicWALL VPN gateway does not support the saving caching of ausername and password the settings in this page are not active and the message The peer does not allow saving of username and password appears at the bottom of the page Office Gateway Properties x Peers Status This page allows you to specify a username and password when user authentication is required by the gateway m The peer does not allow saving of usemame and password Cancel Apply Help Remember my username and password Enables the saving of your username and password for connecting to the SonicWALL VPN gateway Managing VPN Connection Policy Properties Page 25 Username Enter the username provided by your gateway administrator Password Enter the password provided by your gateway administrator Peers
75. nt session you can use the filename option and specify a different filename each time the application is stated This file is created in the same directory where the Global VPN Client application is started if the path is not specified Appendix C Running the Global VPN Client from the Command Line Interface Page 49 Appendix D Installing the Global VPN Client with a Ghost Application During the normal non Ghost installation of the Global VPN Client a MAC address for the virtual adapter is generated and assigned during the installation process However when the Global VPN Client is installed with CmdLine g Ghost option a default MAC address is assigned to the SonicWALL VPN Adapter After the installation when the Global VPN Client is started for the first time this default MAC address is detected which in turn generates a new MAC address and assigns it to the SonicWALL VPN Adapter N Alert DO NOT OPEN the Global VPN Client application after installing it and BEFORE you ghost it Global VPN Client installation with the CmdLine g option works by recognizing that it is the FIRST time that the Global VPN Client has been started and randomly creates a unique MAC address for the SonicWALL VPN Adapter If you open the Global VPN Client BEFORE using ghost you receive the same MAC address for the SonicWALL VPN Adapter resulting in network conflicts Appendix E Log Viewer Messages The following table lists the Info Error and Warning me
76. oad ERROR Failed to set XAuth attributes into payload ERROR Failed to sign hash ERROR Failed to verify certificate signature ERROR Failed to verify informational message hash payload ERROR Failed to verify mode config message hash payload ERROR Hash algorithm is not supported ERROR Hash Payload does not match ERROR Hash size invalid ERROR Header invalid verified ERROR Invalid certificate ASN sequence is not correct ERROR Invalid certificate payload length is too small ERROR Invalid hash payload ERROR Invalid payload Possible overrun attack ERROR Invalid SA state ERROR Invalid signature payload ERROR Invalid SPI size ERROR is not a supported Diffie Hellman group type ERROR is not a supported DOI ERROR is not a supported exchange type ERROR is not a supported ID payload type ERROR is not a Supported IPSEC protocol ERROR is not a supported notify message type ERROR is not a supported payload type ERROR is not a supported policy configuration attribute type ERROR is not a supported policy configuration message type ERROR is not a supported proxy ID payload type ERROR is not a supported XAuth attribute type ERROR is not a valid quick mode state ERROR is not a valid XAuth message type Appendix E Log Viewer Messages Page 55 Table 3 Log Viewer Messages ERROR is not a valid XAuth sta
77. olicy uses 3rd party certificates you use the Certificate Manager to configure the Global VPN Client to use digital certificates A Pre Shared Key also called a Shared Secret is a predefined field that the two endpoints of a VPN tunnel use to set up an IKE Internet Key Exchange Security Association This field can be any combination of Alphanumeric characters with a minimum length of 4 characters and a maximum of 128 characters Your Pre Shared Key is typically configured as part of your Global VPN Client provisioning If itis not you are prompted to enter it before you log on to the remote network Accessing Redundant VPN Gateways The Global VPN Client supports redundant VPN gateways by manually adding the peer in the Peers page of the VPN connection Properties dialog box See Peers on page 26 for more information The Global VPN Client version 2 1 0 0 or higher adds automatic support for redundant VPN gateways if the IPSec gateway s domain name resolves to multiple IP address For example if gateway yourcompany com resolves to 67 115 118 7 67 115 118 8 and 67 115 118 9 the Global VPN Client cycles through these resolved IP addresses until it finds a gateway that responds allowing multiple IP addresses to be used as failover gateways If all the resolved IP addresses fail to respond Global VPN Client switches to the next peer if another peer is specified in the Peers page of the VPN connection Properties dialog box See Peers
78. paragraph 252 227 7013 c 1 If the Software is supplied to any unit or agency of the United States Government other than DOD the Government s rights in the Software will be as defined in paragraph 52 227 19 c 2 of the Federal Acquisition Regulations FAR Use duplication reproduction or disclosure by the Government is subject to such restrictions or successor provisions Page 38 SonicWALL Global VPN Client 4 0 Administrators Guide MISCELLANEOUS This SLA represents the entire agreement concerning the subject matter hereof between the parties and supersedes all prior agreements and representations between them It may be amended only in writing executed by both parties This SLA shall be governed by and construed under the laws of the State of California as if entirely performed within the State and without regard for conflicts of laws Should any term of this SLA be declared void or unenforceable by any court of competent jurisdiction such declaration shall have no effect on the remaining terms hereof The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches TERMINATION This SLA is effective upon your opening of the sealed package s installing or otherwise using the SOFTWARE PRODUCT and shall continue until
79. pen or closed the next time the program is started For example a user can launch the Global VPN Client from the system tray without opening a window on the desktop When closing the connections window Specifies how the Global VPN Client window behaves after closing The three options include Minimize the window restore it from the task bar Minimizes the window to taskbar and restores it from the taskbar Hide the window re open it from the tray icon The default setting that hides the SonicWALL Global VPN Client window when you close it You can open the Global VPN Client from the program icon in the system tray Enabling this setting also displays the Show the notification when I hide the connections window checkbox Show the notification when I hide the connections window Checking this box activates the SonicWALL Global VPN Client Hide Notification window whenever you close the Global VPN Client window while the program is still running The message tells you that the Global VPN Client program continues to run after you close hide the window Managing the Global VPN Client System Tray Icon When you launch the SonicWALL Global VPN Client window the program icon appears in the system tray on the taskbar This icon provides program and VPN connection status indicators as well as a menu for common SonicWALL Global VPN Client commands Right clicking on the SonicWALL Global VPN Client icon in the system tray displays a menu of opt
80. pported notify INFO Received unequal payload length notify INFO Received unknown notify INFO Received unsupported DOI notify INFO Received unsupported exchange type notify INFO Received XAuth request INFO Received XAuth status INFO Re evaluating ID info after INVALID_ID_INFO message INFO Releasing IP address for the virtual interface INFO Renewing IP address for the virtual interface INFO Saving configuration file INFO Sending dead peer detection acknowledgement INFO Sending dead peer detection request INFO Sending phase 1 delete Appendix E Log Viewer Messages Page 59 Table 3 Log Viewer Messages INFO Sending phase 2 delete for INFO Sending policy provisioning acknowledgement INFO Sending policy provisioning version reply INFO Sending XAuth acknowledgement INFO Sending XAuth reply INFO Signature Verified INFO SonicWALL Global VPN Client version INFO SonicWALL VPN Client INFO Starting aggressive mode phase 1 exchange INFO Starting authentication negotiation INFO Starting configuration negotiation INFO Starting ISAKMP phase 1 negotiation INFO Starting ISAKMP phase 2 negotiation with INFO Starting main mode phase 1 exchange INFO Starting quick mode phase 2 exchange INFO The configuration for the connection has been updated INFO The configuration for the connection is up to date
81. program for easy access to all your VPN policies Page 22 SonicWALL Global VPN Client 4 0 Administrators Guide Specifying Global VPN Client Launch Options You can specify how the SonicWALL Global VPN Client launches and what notification windows appear using the controls in the General tab of the Options dialog box Choose View gt Options to display the Options dialog box General Logaing Ey Specify general settings that control how this program behaves I Start this program when log in IV Wam me before enabling a connection that will block my Internet traffic I Remember the last window state closed or open the next time the program is started When closing the connections window Minimize the window restore it from the task bar Hide the window re open it from the tray icon I Show the notification when hide the connections OK Cancel Help The General page includes the following settings to control the launch of the Global VPN Client Start this program when log in Launches the SonicWALL Global VPN Client when you log into your computer Warn me before enabling a connection that will block my Internet traffic Activates Connection Warning message notifying you that the VPN connection will block local Internet and network traffic Remember the last window state closed or open the next time the program is started Allows the Global VPN Client to remember the last window state o
82. rcelsakmp gt lt ReEnableOnWake gt 0 lt ReEnableOnWake gt lt ReconnectOnError gt 1 lt ReconnectOnError gt lt ExecuteLogonScript gt 0 lt ExecuteLogonScript gt lt Flags gt lt Peer gt lt HostName gt CorporateFW lt HostName gt lt EnableDeadPeerDetection gt 1 lt EnableDeadPeerDetection gt lt ForceNAT Traversal gt 0 lt ForceNAT Traversal gt lt DisableNAT Traversal gt 0 lt DisableNAT Traversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt Page 44 SonicWALL Global VPN Client 4 0 Administrators Guide sUseDefaultGWAsPeerlP O UseDefaultGWAsPeerlP lt InterfaceSelection gt 0 lt InterfaceSelection gt lt WaitForSourcelP gt 0 lt WaitForSourcelP gt lt DialupUseMicrosoftDUN gt 1 lt DialupUseMicrosoftDUN gt lt DialupApp gt c program files aol aol exe lt DialupApp gt lt DialupPhonebook gt text lt DialupPhonebook gt lt DialupLeaveConnected gt 0 lt DialupLeaveConnected gt lt DPDInterval gt 5 lt DPDInterval gt lt DPDAttempts gt 3 lt DPDAttempts gt lt DPDAlwaysSend gt 0 lt DPDAlwaysSend gt lt Peer gt lt Peer gt lt HostName gt 1 2 3 4 lt HostName gt lt EnableDeadPeerDetection gt 1 lt EnableDeadPeerDetection gt lt ForceNAT Traversal gt 0 lt ForceNAT Traversal gt lt DisableNAT Traversal gt 0 lt DisableNAT Traversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt lt Use
83. rform Windows NT 2000 domain authentication after establishing a secure IPSec tunnel The SonicWALL VPN gateway passes the logon script as part of the Global VPN Client configuration This feature allows the VPN user to have access to mapped network drives and other network services Dual Processor Support Enables the Global VPN Client to operate on dual processor computers Group Policy Management Global VPN Clients access can be customized and restricted to specific subnet access Requires SonicOS Enhanced Hub and Spoke VPN Access Allows IP addressing from SonicWALL VPN Gateway s DHCP Server to Global VPN Client for configuring a different subnet for all remote Global VPN Clients than the subnet of the LAN Makes hub and spoke VPN access simpler When a Global VPN Client successfully authenticates with the central site it receives a virtual IP address that also grants it access to other trusted VPN sites Default VPN Connections File Enables the SonicWALL administrator to configure and distribute the corporate VPN connections with the Global VPN Client software to streamline VPN client deployment Integration with Dial Up Adapter Allows Global VPN Client connections using Microsoft Dial Up Networking or third party dial up applications either as an automatic backup to a broadband connection or as the primary connection Single VPN Connection to any SonicWALL Secure Wireless Appliance for Roaming Allows users to use a single VPN con
84. rocess key Peer WARNING AG failed State OAK_AG_INIT_EXCH is invalid when responder Peer WARNING AG failed State OAK_AG_NO_ STATE is invalid when initiator Peer WARNING Failed to process aggressive mode packet WARNING Failed to process final quick mode packet WARNING Failed to process informational exchange packet WARNING Failed to process main mode packet WARNING Failed to process mode configuration packet WARNING Failed to process packet payloads WARNING Failed to process payload WARNING Failed to process quick mode packet WARNING Ignoring AUTH message when aggressive mode already complete Peer WARNING Invalid DOI in delete message WARNING Invalid IPSEC SA delete message WARNING Invalid ISAKMP SA delete message WARNING is not a supported OAKLEY attribute class WARNING Protocol ID is not supported in SA payloads WARNING Received an encrypted packet when not crypto active Appendix E Log Viewer Messages Page 61 Table 3 Log Viewer Messages WARNING Received an unencrypted packet when crypto active WARNING Responder lifetime protocol is not supported WARNING The password is incorrect Please re enter the password WARNING The pre shared key dialog box was cancelled by the user The connection will be disabled WARNING The select certificate dialog box was cancelled by the user The connection
85. roducts vpnglobal html Table 1 Global VPN Client License Support by SonicWALL Model SonicWALL Model Global VPN Clients TELE3 Requires Global VPN Client License TELE3 TZ TELE3 TZX TELE3 SP SOHO3 PRO 100 Includes 1 Global VPN Client License Additional Licenses may be added PRO 200 Includes 10 Global VPN Client License PRO 230 Additional Licenses may be added PRO 300 Includes 200 Global VPN Client License PRO 330 Additional Licenses may be added GX 250 Includes 5 000 Global VPN Client licenses GX 650 Includes 10 000 Global VPN Client licenses SOHO TZW Includes unrestricted WLAN Global VPN Client Licenses Requires WAN Global VPN Client Licenses TZ 50 Requires Global VPN Client Licenses TZ 150 TZ 170 Includes unrestricted WLAN Global VPN TZ 170 SP Client Licenses Enhanced Requires WAN TZ 170 SP Wireless Global VPN Client Licenses TZ 50 Wireless Includes unrestricted WLAN Global VPN TZ 150 Wireless Client Licenses Requires WAN Global VPN TZ 170 Wireless Client Licenses PRO 1260 Requires Global VPN Client License Configuring SonicWALL Security Appliances for Global VPN Clients Page 35 Table 1 Global VPN Client License Support by SonicWALL Model PRO 2040 Includes unrestricted WLAN Global VPN Client Licenses Enhanced Includes 10 WAN Global VPN Client Licenses PRO 3060 Includes unrestricted WLAN Global VPN Client Licenses Enhanced Inclu
86. signature is not valid ERROR Encryption algorithm is not supported ERROR ESP transform algorithm is not supported ERROR Failed to add a new AH entry to the phase 2 SA list ERROR Failed to add a new ESP entry to the phase 2 SA list ERROR Failed to add IPSEC encapsulation mode into the payload ERROR Failed to add IPSEC group description into the payload ERROR Failed to add IPSEC HMAC algorithm into the payload ERROR Failed to add IPSEC life duration into the payload ERROR Failed to add IPSEC life type into the payload ERROR Failed to add OAKLEY authentication algorithm into the payload ERROR Failed to add OAKLEY encryption algorithm into the payload ERROR Failed to add OAKLEY generator G1 into the payload ERROR Failed to add OAKLEY group description into the payload ERROR Failed to add OAKLEY group type into the payload ERROR Failed to add OAKLEY hash algorithm into the payload ERROR Failed to add OAKLEY life duration into the payload ERROR Failed to add OAKLEY life type into the payload ERROR Failed to add OAKLEY prime P into the payload ERROR Failed to add policy configuration INI format into the payload ERROR Failed to add policy configuration version into the payload ERROR Failed to add XAuth password into the payload ERROR Failed to add XAuth status into the payload ERROR Failed to add XAuth type into the payload ERROR Failed to add XAuth username into the payload ERROR Failed to allocate bytes ERROR Failed
87. sonicwall com has been disabled a lt localhost gt The connection gateway sonicwall com has been enabled 10 115 118 8 Starting ISAKMP phase 1 negotiation 2 10 115 118 8 Starting aggressive mode phase 1 exchange 2 10 115 118 8 Ignoring unsupported vendor ID 1 G 10 115 118 8 NAT Detected Local host is behind a NAT device G 10 115 118 8 The SA lifetime for phase 1 is 28800 seconds 4 10 115 118 8 Phase 1 has completed Type Information Peer lt local host gt Timestamp 2005 08 10 18 07 09 623 The connection gateway sonicwall com has been enabled Peer The IP address or FQDN of the peer Message Text of the message describing the event Type The type of message Information Error or Warning Timestamp Date and time the message was generated You can save a current log to a txt file When you save the current log to a file the Global VPN Client automatically adds a Help Report containing useful information regarding the condition of the SonicWALL Global VPN Client as well as the system it s running on for troubleshooting The Help Report information is inserted at the beginning of the log file See Generating a Help Report on page 33 for more information ME me Tip See Appendix E Log Viewer Messages on page 50 for complete listing of Log Viewer messages The Log Viewer provides the following features to help you manage log messages e To save a current log to a txt file click
88. ssages that can appear in the Global VPN Client Log Viewer Table 3 Log Viewer Messages ERROR Invalid DOI in notify message ERROR called with invalid parameters ERROR A phase 2 IV has already been created ERROR An error occurred ERROR Attributes were specified but not offered ERROR Authentication algorithm is not supported ERROR CA certificate not found in list ERROR Calculated policy configuration attributes length does not match length of attributes set into policy configuration payload ERROR Calculated XAuth attributes length does not match length of attributes set into XAuth payload ERROR Can not change the Diffie Hellman group for PFS ERROR Can not process packet that does not have at least one payload ERROR Can not process unsupported mode config type ERROR Can not process unsupported XAuth type ERROR Can not set IPSEC proposals into empty SA list ERROR Cannot do quick mode no SA s to negotiate ERROR certificate error ERROR Certificate ID not specified ERROR Deallocation of event publisher context failed Page 50 SonicWALL Global VPN Client 4 0 Administrators Guide Table 3 Log Viewer Messages ERROR Diffie Hellman group generator length has not been set ERROR Diffie Hellman group prime length has not been set ERROR DSS signature processing failed
89. strator s Guide Launching the SonicWALL Global VPN Client To launch the SonicWALL Global VPN Client choose Start gt Programs gt SonicWALL Global VPN Client SS SonicWALL Global PN Client 5 x File view Help BRA RR TB Name Peer Status ath Corporate Gateway 10 0 79 101 Disabled k Home WiFi 172 16 31 1 Disabled ath Office WiFi 172 18 0 1 Disabled Overseas Office 10 0 78 102 Disabled For Help press F1 The default setting for the SonicWALL Global VPN Client window is Hide the window reopen it from the tray icon If you click Close press Alt F4 or choose File gt Close the SonicWALL Global VPN Client window closes but your established VPN connections remain active A message dialog box appears notifying you that the Global VPN Client program and any enabled connections will remain active after the window is closed If you don t want this notification message to display every time you close the Global VPN Client window check Don t show me this message again and then click OK SonicWALL Global PN Client Hide Notification xi Although you have closed the connection window the program will g continue to run in the taskbar near the clock so that you wil have your secure connections available You can open the SonicWALL Global VPN Client window by double clicking the SonicWALL Global VPN Client icon in the system tray or right clicking the icon and selecting Open SonicWALL Global VPN Client N A
90. t Administrator s Guide and SonicWALL Global VPN Client Administrator s Guide for complete instructions on installing configuring using and managing the Global VPN Client and Global Security Client For configuring your SonicWALL security appliance to support the SonicWALL Global Security Clients use the SonicWALL Global Security Client Administrator s Guide For configuring your SonicWALL security appliance to support Global VPN Clients using SonicWALL s GroupVPN see the Administrator s Guide for the firmware or SonicOS version running on your SonicWALL security appliance About this Guide Page 7 SonicWALL Pocket Global VPN Client Use the SonicWALL Pocket Global VPN Client Administrator s Guide for complete instructions on installing configuring and managing the Pocket Global VPN Client For configuring your SonicWALL security appliance to support Pocket Global VPN Clients using SonicWALL s GroupVPN see the Administrator s Guide for the firmware or SonicOS version running on your SonicWALL wireless security appliance SonicWALL Global VPN Client If you re using SonicWALL Global VPN Client 4 0 on Windows 98 SE use only the SonicWALL Global VPN Client 4 0 Administrator s Guide aye Tip Always check hito www sonicwall com supporV VPN documentation html or the latest version of this manual and other upgrade manuals as well Conventions Used in this Guide Conventions used in this guide are as follows Convention
91. t the errors The default rcf file cannot have an attribute of READ Only The SonicWALL Global VPN Client rcf file created by the default rcf file must be deleted from the directory and the default rcf file Read Only attribute removed to correct the error The Peer Name lt Default Gateway gt displays the following error message when attempting to connect Failed to convert the Peer name lt Default Gateway gt to an IP address When setting the Peer Name to the special case of lt Default Gateway gt the tag for lt UseDefaultGWAsPeerIP gt must be set to 1 The SonicWALL Global VPN Client rcf file created by the default rcf file must be deleted from the directory Appendix B SonicWALL Global VPN Client Installation Using the InstallShield Silent Response File A normal non silent installation of the SonicWALL Global VPN Client receives the necessary input from the user in the form of responses to dialog boxes However a silent installation does not prompt the user for input A silent installation must get its user input from a different source That source is the InstallShield Silent Response File iss file This response file contains the information that an end user would enter as responses to dialog boxes when running a normal setup A silent setup reads the necessary input from the response file at run time The following instructions explain how to create and execute a silent installation of the
92. te the user certificates e Click on the certificate in the left pane to display the certificate information in the right pane e Click the Import button on the toolbar press Ctrl I or choose File gt Import Certificate from the to display the Import Certificate window to import a certificate file e Click the Delete button on the toolbar press Del or choose File gt Delete Certificate to delete the selected certificate e Choose View gt Toolbar to hide the toolbar Choose View gt Status Bar to hide the status bar aye Tip For more information on using certificates for your VPN on the SonicWALL see the SonicWALL Administrators Guide Troubleshooting the SonicWALL Global VPN Client The SonicWALL Global VPN Client provides tools for troubleshooting your VPN connections This section explains using Log Viewer generating a Help Report accessing SonicWALL s Support site using SonicWALL Global VPN Client help system and uninstalling the Global VPN Client Page 30 SonicWALL Global VPN Client 4 0 Administrators Guide Understanding the Global VPN Client Log The SonicWALL Global VPN Client Log window displays messages about Global VPN Client activities To open the Log Viewer window click the Log Viewer button on the Global VPN Client window toolbar Peer Message 2 lt local host gt An incoming ISAKMP packet from 10 115 118 8 was ignored 3 10 115 118 8 Sending phase 1 delete G lt localhost gt The connection gateway
93. the Save button on the toolbar press Ctrl S or choose File gt Save When you save a Log Viewer file the Global VPN Client automatically adds a report containing useful information regarding the condition of the SonicWALL Global VPN Client as well as the system it s running on e To enable or disable message capturing click the Capture button on the toolbar press Ctrl M or choose View gt Stop Capturing Messages or View gt Start Capturing Messages e To start or stop automatic scrolling of messages to the latest message click the Auto Scroll button on the toolbar press Ctrl T or choose View gt Start Auto Scroll or View gt Stop Auto Scroll e To select all messages press Ctrl A or choose Edit gt Select All e To copy log contents for pasting into another application select the messages you want to copy then click the Copy button on the toolbar press Ctrl C or choose Edit Copy e To clear current log information click the Clear button on the toolbar press Crtl X or choose Edit gt Clear e To specify the message display level from All Messages to Filtered Messages click the Filtered Messages button on the toolbar You can also choose View gt Show All Message or View gt Show Filtered Messages Troubleshooting the SonicWALL Global VPN Client Page 31 e To remove redundant messages from displaying choose View gt Ignore Redundant Messages or press Ctrl l e To hide the toolbar in the Log Viewer window choose View gt Toolbar e To
94. tication Peers Status 35 This page shows the current status of this connection G Connection Status Connected Peer IP Address 67 115 118 7 Duration 00 00 36 p Deta Activity F Sent Received 58 Packets 64 Bytes 15145 21901 Reset Virtual IP Configuration IP Address Subnet Mask 10 50 191 74 255 255 255 0 Renew DK Cancel ply Help You can also display the Status page by e Right clicking on the VPN connection policy then selecting Status from the pop up menu e Selecting the VPN connection policy then press Ctrl T e Selecting the VPN connection policy then click the Status button on the toolbar aye Tip For more information on the Status page see Status on page 28 Creating a VPN Policy Shortcut To streamline enabling a VPN connection you can place a VPN connection policy on the desktop taskbar or Start menu You can also place the connection policy at any other location on your system To create a shortcut 1 Select the VPN connection policy you want to create a shortcut for in the SonicWALL Global VPN Client window 2 Choose File gt Create Shortcut and select the shortcut option you want You can select from On the Desktop On the Task Bar In the Start Menu or Select a Location You can also right click the VPN connection policy and then choose Create Shortcut gt shortcut option yy ae Tip You can also create a Desktop shortcut for the SonicWALL Global VPN Client
95. tion policy name The Global VPN Client enables the VPN connection without opening the SonicWALL Global VPN Client window Depending on how the VPN connection policy is configured the Cannot Enable Connection Enter Pre Shared Secret Enter Username and Password and Connection Warning dialog boxes may be displayed which are explained in the following sections Establishing Multiple Connections You can have more than one connection enabled at a time but it depends on the connection policy parameters established at the VPN gateway If you attempt to enable a subsequent VPN connection with a currently enabled VPN connection policy that does not allow multiple VPN connections the Cannot Enable Connection message appears informing you the VPN connection cannot be made because the currently active VPN policy does not allow multiple active VPN connection The currently enabled VPN connection policy must be disabled before enabling the new VPN connection gateway sonicwall com xj Cannot Enable Connection Multiple active connecections are not allowed This connection can not be enabled because the connection SonicWALL Long Range is already enabled and does not allow multiple active connections You can continue enabling this connection by disabling SonicWALL Long Range Choose Yes to disable SonicWALL Long Range and continue enabling this connection or choose No to cancel Making VPN Connections Page 19 Entering a Pre Share
96. to allocate memory ERROR Failed to begin phase 1 exchange ERROR Failed to begin quick mode exchange ERROR Failed to build a DSS object Appendix E Log Viewer Messages Page 51 Table 3 Log Viewer Messages ERROR Failed to build dead peer detection packet ERROR Failed to build dead peer detection reply message ERROR Failed to build dead peer detection reguest message ERROR Failed to build phase 1 delete message ERROR Failed to calculate DES mode from ESP transfer ERROR Failed to calculate policy configuration attributes length ERROR Failed to calculate XAuth attributes length ERROR Failed to compute IV for connection entry ERROR Failed to construct certificate payload ERROR Failed to construct certificate request payload ERROR Failed to construct certificate ERROR Failed to construct destination proxy ID payload ERROR Failed to construct DSS signature ERROR Failed to construct hash payload ERROR Failed to construct IPSEC nonce payload ERROR Failed to construct IPSEC SA payload ERROR Failed to construct ISAKMP blank hash payload ERROR Failed to construct ISAKMP delete hash payload ERROR Failed to construct ISAKMP DPD notify payload ERROR Failed to construct ISAKMP ID payload ERROR Failed to construct ISAKMP info hash payload ERROR Failed to construct ISAKMP key exchange payload ERROR Failed to cons
97. to log file Maximum auto log file size 1 MB oy When auto log size limit is reached Ask me what to do v E Enter the name of the auto log file Specifies the file to save the logging messages Clicking on the button allows you to specify the location of your auto log file View Auto Log File Displays the entire log file up to 71 000 lines Overwrite existing file when auto logging starts Overwrites existing auto log file after maximum file size is reached Set size limit on auto log file Activates a maximum size limit for the log file Page 32 SonicWALL Global VPN Client 4 0 Administrator s Guide Maximum auto log file size Specifies the maximum file size in KB or MB When auto log size limit is reached Instructs Auto logging what to do when log file size is reached Ask me what to do Prompts you when the log file reaches maximum size to choose either Stop auto logging or Overwrite auto log file Stop auto logging Stops auto logging when maximum file size is reached Overwrite auto log file overwrites existing auto log file after maximum file size is reached Generating a Help Report Choosing Help Generate Report in the SonicWALL Global VPN Client window displays the SonicWALL Global VPN Client Report dialog box Generate Report creates a report containing useful information for getting help in solving any problems you may be experiencing The report contains information regarding the con
98. to the default setting which is the same behavior as when you configure a New VPN Connection within the Global VPN Client manually The default setting for each tag is highlighted in bracketed bold text like default lt SW_Client_Policy version 9 0 gt lt Connections gt Defines the connection profiles in the default rcf configuration file There is no hard limit defined on the number of connection profiles allowed lt Connection name connection name gt Provides a name for the VPN connection that appears in the Global VPN Client window lt Description gt description text lt Description gt Provides a description for each connection profile that appears when the user moves the mouse pointer over the VPN Policy in the Global VPN Client window The maximum number of characters for the lt Description gt tag is 1023 lt Flags gt lt AutoConnect gt Off 0 On 1 lt AutoConnect gt Enables this connection when program is launched lt Forcelsakmp gt O ff 0 On 1 lt Forcelsakmp gt Starts IKE negotiation as soon as the connection is enabled without waiting for network traffic If disabled then only traffic to the destination network s will initiate IKE negotiations lt ReEnableOnWake gt Off 0 On 1 lt ReEnableOnWake gt Enables the connection when computer is coming out of sleep or hibernation lt ReconnectOnError gt Off 0 On 1 lt ReconnectOnError gt Automatically keeps trying to enable the connection when an
99. truct ISAKMP nonce payload ERROR Failed to construct ISAKMP notify payload ERROR Failed to construct ISAKMP packet header ERROR Failed to construct ISAKMP phase 1 delete payload ERROR Failed to construct ISAKMP SA payload ERROR Failed to construct ISAKMP vendor ID payload ID ERROR Failed to construct mode config hash payload ERROR Failed to construct NAT discovery payload ERROR Failed to construct PFS key exchange payload ERROR Failed to construct policy provisioning payload Page 52 SonicWALL Global VPN Client 4 0 Administrators Guide Table 3 Log Viewer Messages ERROR Failed to construct duick mode hash payload ERROR Failed to construct guick mode packet ERROR Failed to construct responder lifetime payload ERROR Failed to construct RSA signature ERROR Failed to construct signature payload ERROR Failed to construct source proxy ID payload ERROR Failed to construct XAuth payload ERROR Failed to convert the peer name to an IP address ERROR Failed to create a new connection entry an entry already exists with ID ERROR Failed to create connection entry with message ID ERROR Failed to decrypt buffer ERROR Failed to decrypt mode config payload ERROR Failed to decrypt notify payload ERROR Failed to decrypt packet ERROR Failed to decrypt duick mode payload ERROR Failed to encrypt mode config payload
100. tus ERROR ISAKMP SA delete msg for a different SA ERROR No certificate for CERT authentication ERROR No entry in the system IP address table was found with index ERROR No KE payload while PFS configured mess_id ERROR Out of memory ERROR Phase 1 authentication algorithm is not supported ERROR Phase 1 encryption algorithm is not supported ERROR Protocol ID has already been added to the SA list ERROR Protocol mismatch expected PROTO_IPSEC_AH but got ERROR Protocol mismatch expected PROTO_IPSEC_ESP but got ERROR Publisher deregistration failed ERROR Responder cookie is not zero ERROR RSA signature processing failed signature is not valid ERROR SA hash function has not been set in ERROR Signature Algorithm mismatch is X 509 certificate ERROR Signature verification failed ERROR The certificate is not valid at this time ERROR The current state is not valid for processing mode config payload ERROR The current state is not valid for processing signature payload ERROR The first payload is not a hash payload ERROR The following error occurred while trying to open the configuration file ERROR The peer is not responding to phase 1 ISAKMP requests ERROR The peer is not responding to phase 1 ISAKMP requests ERROR The state flag indicates that the IPSEC SA payload has not been processed ERROR The system interface table is empty ERROR The system IP address table is empty ERROR Unable to compute hash ERRO
101. will be disabled WARNING The username password dialog box was cancelled by the user The connection will be disabled WARNING Unable to decrypt payload Page 62 SonicWALL Global VPN Client 4 0 Administrator s Guide A Adding VPN Connection Policies 12 Default rcf File 12 Import Connection Policy 12 New Connection Wizard 12 C Certificate Manager 30 Import Certificate 30 Command Line Interface 49 Configuring Program Launch Options 23 Connection Policies Deleting 29 Renaming 29 Connection Properties 24 General 24 Peer Peer Information 26 Peers 26 Status 28 User Authentication 25 Connection Status 21 28 Connection Warning 21 D Default rfc File 40 Dial Up VPN Connections Configuration 16 Digital Certificates 13 Disabling a VPN Connection 21 E Enabling VPN Connections 18 G Global Security Client 7 Global VPN Client Enterprise 7 l Importing a VPN Policy 15 Installation 9 Setup Wizard 10 L Launching Global VPN Client 17 Hide Window 17 Licensing 35 Log Viewer 31 Messages 50 M Multiple VPN Connections 19 N New Connection Wizard 13 Office Gateway 13 Remote Access 13 P Pre Shared Key 20 R Redundant Gateways Configuration 18 S Selecting a Certificate 20 SonicWALL VPN Gateway Configuration 34 T Troubleshooting 30 Generate Report 33 Log Viewer 31 U Uninstalling Global VPN Client 34 Username Password Authentication 20 V VPN Connection Policies 12 29 Arranging 29 VPN Policy Shortcut 22 SonicWALL Glo
102. y Provisioning Using only the IP address or Fully Qualified Domain Name FQDN of the SonicWALL VPN gateway the VPN configuration data is automatically downloaded from the SonicWALL VPN gateway via a secure IPSec tunnel removing the burden from the remote user of provisioning VPN connections XAUTH Authentication with RADIUS Provides added security with user authentication after the client has been authenticated via a RADIUS server VPN Session Reliability Allows automatic redirect in case of a SonicWALL VPN gateway failure If a SonicWALL VPN gateway is down then the Global VPN Client can go through another SonicWALL VPN gateway Multiple Subnet Support Allows Global VPN Client connections to more than one subnet in the configuration to increase networking flexibility Third Party Certificate Support Supports VeriSign Entrust Microsoft and Netscape Certificate Authorities CAs for enhanced user authentication Tunnel All Support Provides enhanced security by blocking all traffic not directed to the VPN tunnel to prevent Internet attacks from entering the corporate network through a VPN connection DHCP over VPN Support Allows IP address provisioning across a VPN tunnel for the corporate network while allowing WAN DHCP for Internet Access from the ISP Secure VPN Configuration Critical Global VPN Client configuration information is locked from the user to prevent tampering AES and 3DES Encryption Supports 168 bit key 3DES D
103. y names mentioned herein can be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice Page 8 SonicWALL Global VPN Client 4 0 Administrators Guide Limited Warranty SonicWALL Inc warrants that commencing from the delivery date to Customer but in any case commencing not more than ninety 90 days after the original shipment by SonicWALL and continuing for a period of twelve 12 months that the product will be free from defects in materials and workmanship under normal use This Limited Warranty is not transferable and applies only to the original end user of the product SonicWALL and its suppliers entire liability and Customer s sole and exclusive remedy under this limited warranty will be shipment of a replacement product At SonicWALL s discretion the replacement product may be of equal or greater functionality and may be of either new or like new quality SonicWALL s obligations under this warranty are contingent upon the return of the defective product according to the terms of SonicWALL s then current Support Services policies This warranty does not apply if the product has been subjected to abnormal electrical stress damaged by accident abuse misuse or misapplication or has been modified without the written permission of SonicWALL DISCLAIMER OF WARRANTY EXCEPT AS SPECIFIED IN THIS WARRANTY ALL EXPRESS OR IMPLIED CONDITIONS REPRESENTATIONS AN
Download Pdf Manuals
Related Search