SonicWALL SMA 1000 Series User guide

Type
User guide
SonicWall
®
Secure Mobile
Access 12.4 Connect Tunnel
User Guide
SonicWall Secure Mobile Access 12.4 Connect Tunnel User Guide
Contents
1
2
Introduction to Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
About Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Guide Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Resources Available from Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Downloading and Installing Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Using Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Viewing Connect Tunnel Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Logging into Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Choosing a Login Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Processing Server Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Disconnecting from Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Customizing Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Viewing Current Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Connecting to a Different VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Configuring Split Tunnel Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Updating the Connect Tunnel Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Troubleshooting Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Unable to Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Unable to Access Resources or the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Using Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Introduction to Legacy Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About Legacy Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Connect Tunnel Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About Connect Tunnel Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Installing Connect Tunnel Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Importing the Client Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Using Windows Services to run CTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Using a Command or Script to run CTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Legacy Connect Tunnel Client for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
About Legacy Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Running the Legacy Connect Tunnel Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Quitting Legacy Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Configuring Legacy Connect Tunnel Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Updating the Legacy Connect Tunnel Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Legacy Connect Tunnel Client for MacOSLinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
About Legacy Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Starting Legacy Connect Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Managing Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Processing Server Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Configuring Proxy Server Settings (Linux Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Contents
SonicWall Secure Mobile Access 12.4 Connect Tunnel User Guide
Contents
3
SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
SonicWall SMA 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
1
4
Introduction to Connect Tunnel
About Connect Tunnel
Guide Conventions
Resources Available from Connect Tunnel
Downloading and Installing Connect Tunnel
About Connect Tunnel
Connect Tunnel client is a Windows server component of the SonicWall Secure Mobile Access (SMA 1000)
solution, which enables secure, authorized access to Web-based and client/server applications, and Windows
file shares. The Connect Tunnel client enables you to connect to network resources that are protected by the
SonicWall SMA 1000 Series appliances. It is supported for use with Windows 10.
The Secure Mobile Access (SMA) 12.4 Connect Tunnel User Guide provides information for both the
Administrator and the User.
Guide Conventions
Resources Available from Connect Tunnel
Connect Tunnel allows you to securely access the following types of resources:
NOTE: In the Install page, selecting the Next Generation Connect Tunnel installs the latest Connect
Tunnel client. If you wish to use the Legacy Connect Tunnel client, select Get the Legacy Connect Tunnel
for Compatibility. For more details on Connect Tunnel (Legacy) client, refer Introduction to Legacy
Connect Tunnel.
NOTE: SMA 12.4 provides Central Management Service (CMS) with Global Traffic Optimization (GTO). To
use this feature, you must upgrade to Connect Tunnel 12.4 as described in this Guide.
Convention Use
Bold Highlights dialog, window, screen names, parameter names, icons, and buttons.
Code Is used for file names and text or values you are being instructed to type into the interface.
Italic Indicates the name of a technical manual. It also indicates emphasis on certain words in a
sentence, and sometimes indicates the first instance of a significant term or concept.
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
5
Downloading and Installing Connect Tunnel
Using Connect Tunnel starts with the administrator downloading and installing the Connect Tunnel program.
To download and install Connect Tunnel for Device Guard:
1 Log into the Appliance Management Console (AMC) on your SonicWall SMA 1000 Series appliance.
2 In the User Access area, click Agent Configuration, then click Download in the Client Installation
Packages area.
3 In the Connect Tunnel area of the screen, click Download next to the Windows 64-bit or Windows 32-bit
installation package.
4 Click on the file name, and follow the prompts in the next steps to download the program file
(ConnectTunnel_x64-12.40.494.exe) or (ConnectTunnel_x86-12.40.494.exe).
5Click Agree to agree to the terms, then click Install.
6 On the next screen, click Yes to accept changes to the computer.
7 It may take a few seconds for the Launch screen to come up. When the installation has successfully
completed, click Launch to bring up the Configuration screen.
8 On the Configuration screen shown below, click on the drop-down list, then click on Add a
Configuration.
The program automatically shows the next screen for entering your chosen name and the name of your
server.
9 When the screen shown below appears, enter your chosen name and the name of your server. This can
be either a URL or an IP address.
Resource types
Resource type Description
Client/server resources Client/server applications, thin client applications, and terminal services, such as
Microsoft Outlook, Citrix, and Windows Terminal Services.
Web sites and applications Web content and Web-based applications that can be accessed through a
browser, such as Microsoft Outlook Web Access, Domino Web Access, and
general Web sites (such as intranets).
Windows network shares Shared Windows folders and files through Windows Network Neighborhood, and
mapped drives.
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
6
10 Click Apply to add the configuration.
11 When the configuration is confirmed on the next screen, click Connect. It may take a few seconds and
several screen changes for initialization and connection to occur.
12 When the connection is successful, a shortcut, SonicWall VPN Connection, is created on the task bar.
The required program is now accessible on your desktop and from the Control Panel.
Using Connect Tunnel
Viewing Connect Tunnel Status
Logging into Connect Tunnel
Choosing a Login Group
Processing Server Certificates
Disconnecting from Connect Tunnel
Viewing Connect Tunnel Status
To find out if Connect Tunnel is already installed and connected to the VPN, the user can check if an icon
appears on the desktop or the task bar, or if the program is on the program list. If the program does not appear,
contact the administrator, who can then reconfigure it appropriately. Hovering over the icon displays the
connection status:
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
7
To view all the connection information, click on Connection Information on the Main Window.
The screen below shows the information given.
To configure the display of the Connect Tunnel icon during active connection, see Click Edit next to the list to
view previously made configuration settings for the chosen Configuration.
The Windows Network Connections window also gives the status of the Connect Tunnel VPN connection.
If Connect Tunnel experiences a temporary network interruption, a red circle with an X appears on the Connect
Tunnel icon in the taskbar notification area. If the network connection is reestablished, the red circle with the X
disappears and the Connect Tunnel icon returns to its normal state.
Logging into Connect Tunnel
To access network resources through Connect Tunnel, users must first verify their identity. This ensures that
only authorized users can access protected network resources. The credentials used to verify your identity
typically consist of a user name and password (or pass code).
Depending on the resources, you may also need to enter a one-time password given to you by your
administrator and/or accept an Acceptable Use Policy.
During Login, a prompt may appear indicating that an upgrade is ready. For instructions on upgrading, see
Updating the Connect Tunnel Application.
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
8
To log into Connect Tunnel:
1 Click the Windows Start button.
2 Click All Programs > search for Connect Tunnel.
3 Click Connect.
4 You may be required to pick the account you want to log into. Click the appropriate account listed on the
screen.
5 The initial login screen appears. Enter your VPN configuration choice and click Connect to start the login
process.
NOTE: Your administrator may have customized the name of this application.
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
9
6 The next screen gives a drop-down list to choose between modes to log into. Select a mode, then click
OK.
7 Enter your authentication credentials. Depending on how your administrator has configured Connect
Tunnel, you may see a combination of these prompts. Click OK to login. The screen below is an example:
Type your username in the Username field.
In the Password or Passcode field, type your password or passcode. (Passwords may be
case-sensitive. Make sure the Caps Lock or Num Lock keys are not enabled.)
Enter a one-time password if one was sent to you by your administrator.
If a client certificate is required for authentication, the Certificate list displays the ones on your
device that match the certificate authority (CA) used by the authentication server. Often there is
only one listed.
If an Acceptable Use Policy is displayed, click Accept to accept it.
8 If your login is successful, the following screen appears to show that you are connected to the VPN.
The Connect Tunnel icon appears in the task bar notification area, indicating that Connect Tunnel is
running and connected to the VPN.
NOTE: The Status “Device VPN connected” is displayed when you have selected the Device
VPN enabled realm.
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
10
Your login may not be exactly the same as that shown above. Your administrator might send you login
instructions that allow you to connect to a specific network.
Choosing a Login Group
Connect Tunnel allows you to choose the group or location you want to log into. This might be different at
different times. (For example, you might sometimes login to the Sales group and at other times the Marketing
group.) You may need to provide different authentication credentials for each login group.
You must specify a login group each time you initiate a connection to your VPN. This option is available only
when Connect Tunnel is off-line (that is, when it is not connected to your VPN). You do not need administrator
privileges to change a host name or login group.
To specify the login group:
1 Launch Connect Tunnel.
2 Click on the Edit Profile icon next to the Configuration drop-down list.
3 Click on the Forget Selections icon next to the Name field, then click Apply.
4 Click Connect.
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
11
5 Select or type the name of the login group you want to log into.
Depending on how your administrator has configured Connect Tunnel, some login groups may not
appear in the list. However, you can still log into a “hidden” login group, if you are authorized to do so,
by typing its name.
6 Click OK.
Processing Server Certificates
Some VPN configurations require that you accept a server certificate before you can gain access to a protected
network resource. A server certificate is a digital signature that verifies a server’s identity.
If you access a network resource that uses a server certificate, Connect Tunnel may display the certificate.
Connect Tunnel displays a certificate warning only if the VPN appliance certificate is not from a trusted source.
You must then verify that the server certificate is from a trusted source before accepting it. Otherwise, the login
process continues without any prompt.
Because anyone can issue a certificate, you should accept certificates only from trusted sources, as the
information you receive from others may be invalid. You do not need Administrator privileges to process server
certificates. If you have any concerns about whether to accept a certificate or not, check with your
administrator.
To process a server certificate:
1 When a trusted certificate appears, verify that the certificate is associated with the correct server.
2 Accept or reject the certificate:
If you click Reject, your connection is not established.
If you click Accept, the certificate is accepted as valid, and the login process continues.
3 Accept a license agreement or Acceptable Use Policy, if required.
Disconnecting from Connect Tunnel
Leaving Connect Tunnel ends your VPN session and disconnects you from the remote network.
To disconnect from Connect Tunnel:
1 In the task bar notification area, right-click the Connect Tunnel icon.
NOTE: During the login process, Connect Tunnel processes or warns only for certificates from the VPN,
not from resources. Applications, such as Internet Explorer, that are used to access resources, should
handle any certificates that are associated with resources.
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
12
2 Click Disconnect.
Customizing Connect Tunnel
This section describes how to view and customize the Connect Tunnel client settings. You must have
administrator privileges on your computer to change these settings, and Connect Tunnel must be off-line to
change program settings.
Topics:
Viewing Current Settings
Connecting to a Different VPN
Configuring Split Tunnel Mode
Configuring Split Tunnel Mode
Updating the Connect Tunnel Application
Viewing Current Settings
Connect Tunnel must be off-line to view current settings
To view current Connect Tunnel settings:
1 On the Connect Tunnel login dialog box, select the configuration from the drop-down Configuration list.
2 Click Edit Profile next to the list to view previously made configuration settings for the chosen
Configuration.
Connecting to a Different VPN
Connect Tunnel must be off-line to change the connection to a different VPN.
To specify the host name or IP address of a different VPN:
1 In the Connect Tunnel login dialog box, click the drop-down list to choose a different VPN.
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
13
2 On the screen below, click Add configuration.
3 Enter a name in the Name field. In the Server field, enter the IP address of the VPN you want to connect
to. Click Apply to complete the process.
Configuring Split Tunnel Mode
When requests for resources or Internet access are received from clients by the appliance, they can be handled
a few different ways. The administrator makes this configuration choice in the Appliance Management Console
(AMC).
In split tunnel mode, only traffic destined for resources that have been specified in AMC is redirected to
the appliance. All other traffic is routed as normal. In other words, the administrator sets up a list of
resources that are kept secure because they are accessible only through the appliance, but you have
open access to anything not spelled out in the resource list (for example, other Internet sites).
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
14
In redirect all mode, which is the more secure (and restrictive) approach, all traffic is redirected through
the appliance. You are not allowed to access anything that is not in the list of allowed resources.
The administrator can opt to give you access to local printers and file shares, regardless of the tunnel
mode.
If you are having trouble accessing resources, your administrator may instruct you to make a change in the
Advanced settings. The Network conflict resolution options are available only when your administrator has
configured you for split tunnel mode for this particular VPN configuration. If you need to make a configuration
change, it must be done while Connect Tunnel is disconnected.
Updating the Connect Tunnel Application
The network administrator may issue software updates when a new version of the Connect Tunnel software
becomes available, or when your network requirements change. Your administrator determines whether to
make software updates available, and when.
If your administrator has enabled Connect Tunnel software updating, an alert appears during the login process
whenever an Connect Tunnel update is ready to download.
To download and install a software update:
During login, if the Connect Tunnel Software Update dialog box appears to indicate that a software
update is available, the available options depend on how your administrator has configured software
updating:
Click Update to download and install the software update immediately. If you select this option,
the software update is installed, then the login process continues.
Click Remind Me Later (if available) to postpone the software update and continue logging in. If
you select this option, Connect Tunnel prompts you again (once per day) until you download and
install the update by clicking Update. Depending on how your administrator has configured
Connect Tunnel, this option may be unavailable.
Click Cancel to cancel the software update and the login process.
Troubleshooting Connect Tunnel
This section describes how to troubleshoot common Connect Tunnel client problems. If you are having trouble
connecting to your VPN, or accessing local or remote network resources, check if your problem is addressed by
the following. If the problem persists, contact your system administrator.
Topics:
Unable to Connect
Unable to Access Resources or the Internet
Using Logs
Unable to Connect
Here are a few items to check if you are having trouble connecting to your VPN:
Make sure that Connect Tunnel is running and actively connected to the network. For more information,
see Viewing Connect Tunnel Status.
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
15
Verify in the Connect Tunnel Properties dialog box that you are initiating a connection to the correct
host name or IP address. For more information, see Connecting to a Different VPN.
Verify in the Connect Tunnel Properties dialog box that you are initiating a connection to the correct
login group. For more information, see Choosing a Login Group.
If you use a personal firewall, you may need to reconfigure the firewall before you can access the VPN.
To do this, configure the firewall to allow SnwlConnect.exe traffic to access the Internet, and add the
VPN’s host name or IP address as a trusted host or zone.
Authentication may require that you have a particular client certificate on your device. If you make
changes to the certificates installed on your computer between logon attempts, update the list
presented during login by clicking Refresh.
Unable to Access Resources or the Internet
Your device may have been classified into the wrong security zone:
Your administrator may ask you to confirm the security zone into which you have been classified. If
security zones have been configured, click on the Connection Information icon on the Connect Tunnel
screen.
When requests for resources or Internet access are received from clients by the appliance, they can be handled
in several different ways. Your administrator makes this configuration choice in AMC:
In split tunnel mode, only traffic destined for resources that have been specified in AMC is redirected to
the appliance, and all other traffic is routed as normal. In other words, your administrator sets up a list of
resources that are kept secure because they are accessible only through the appliance, but you have
open access to anything that is not spelled out in the resource list (for example, other Internet sites).
In redirect all mode, which is the more secure (and restrictive) approach, all traffic is redirected through
the appliance, you are not allowed to access anything that is not in the list of allowed resources.
Your administrator can opt to give you access to local printers and file shares, regardless of the tunnel
mode.
Using Logs
The following instructions show how to respond to an administrator request to print debug logs, reproduce a
problem, or download logs for any reason.
1 To enable logging, click on Advanced Settings.
2 Click the General tab.
3 Clear the existing logs by clicking Clear Logs.
SonicWall 12.4 Connect Tunnel User Guide
Introduction to Connect Tunnel
16
4Set Network Preference to Default / Local / Remote.
5Set Logging levels to Information / Debug enabling / Packet Capture.
6 Click OK, and let the log run for the specified time. Logs are named according to the formula:
ConnectTunnel-YYYYMMDD_at_HHMMSS.ZIP.
7 When you want to export a log, return to the Connect Tunnel Advanced Settings tab.
8 Click Export Logs.
9 Click OK.
SonicWall Secure Mobile Access 12.4 User Guide
Introduction to Legacy Connect Tunnel
2
17
Introduction to Legacy Connect
Tunnel
About Legacy Connect Tunnel
Connect Tunnel Service
Legacy Connect Tunnel Client for Windows
Legacy Connect Tunnel Client for MacOSLinux
About Legacy Connect Tunnel
The Secure Mobile Access (SMA) 12.4 Connect Tunnel User Guide provides information on installing and using
the Connect Tunnel Service and Legacy Connect Tunnel clients. A section on troubleshooting is also included.
Connect Tunnel Service
Topics
About Connect Tunnel Service
Installing Connect Tunnel Service
Importing the Client Certificate
Using Windows Services to run CTS
Using a Command or Script to run CTS
Troubleshooting
About Connect Tunnel Service
The Connect Tunnel Service client is a Windows server component of the SonicWall Secure Mobile Access (SMA
1000) solution that enables secure, authorized access to Web-based and client/server applications and
Windows file shares.
In a server environment, you can install and configure an add-on component—CTS —so that the VPN
connection starts automatically without user intervention: no user login is required and no user interface or
icons are displayed.
NOTE: For information on using SMA 12.4 Legacy Connect Tunnel, see Introduction to Connect Tunnel.
NOTE: SMA 12.4 provides the Central Management Service (CMS) with Global Traffic Optimization (GTO).
To use this feature, you must upgrade to Legacy Connect Tunnel 12.4.
SonicWall Secure Mobile Access 12.4 User Guide
Introduction to Legacy Connect Tunnel
18
For example, you may want to synchronize data between a remote system in the field and a file server secured
behind the VPN at corporate headquarters. On the remote system—running the Windows Server platform—
CTS is configured to run at a specific time, connect to the corporate file server, and synchronize its database
with the master database at headquarters.
CTS is supported on Windows Server 2012, 2016, and 2019.
Installing Connect Tunnel Service
Using Connect Tunnel Service involves installing both Legacy Connect Tunnel (CT) and Connect Tunnel Service
(CTS).
To install and configure Connect Tunnel Service:
1 Log into the Appliance Management Console (AMC) on your SonicWall SMA 1000 Series appliance.
2 Navigate to User Access > Agent Configuration.
3 In the Access Agents section, next to Client installation packages, click Download.
4 In the Connect Tunnel Client section, click Download next to the version(s) of the Connect Tunnel client
you need for your end-user client environment(s).
5 In the Connect Tunnel Service section, select the version and language you need for your server
environment, then click Download.
6 Install Legacy Connect Tunnel first (ConnectTunnel_Legacy_x64-12.40.494.exe) or
(ConnectTunnel_Legacy_x86-12.40.494.exe).
When the installation is completed, a shortcut named SonicWall VPN Connection should appear on the
desktop.
7 Install Connect Tunnel Service (ctssetup_en-12.40.494.exe or
ctssetup64_en-12.40.494.exe).
When the installation is completed, a shortcut named SonicWall VPN Service Options should appear on
the desktop.
8 On the desktop, double-click the SonicWall VPN Service Options shortcut. Alternatively, double-click
SonicWall VPN Service Options in the Control Panel. The SonicWall VPN Service Properties dialog
appears.
NOTE: Connect Tunnel Service is not supported on Connect Tunnel and is supported only on Legacy
Connect Tunnel.
SonicWall Secure Mobile Access 12.4 User Guide
Introduction to Legacy Connect Tunnel
19
9 On the VPN tab, configure these settings:
10 On the Service tab, configure the following settings:
11 Click the Start button. The Start and Stop buttons are used to control the service.
VPN Connection Name Type the name of the SonicWall Legacy Connect Client connection object
exactly as it appears in the Windows Network Connections window
(Start|Connect To|Show All Connections). By default, this is SonicWall
VPN Connection.
Hostname or IP address Type the host name or IP address of the SonicWall SMA 1000 Series
appliance.
Login group Type the name of the realm used by users in this login group.
Username and Password Type the credentials for a user in this Login group. You must enter a
username and password or a certificate CN. In some cases of chained
authentication, both a username and certificate are required.
Certificate CN A certificate's common name (CN) identifies its owner. Specify the CN for
the certificate associated with this realm.
Number of attempts to
restart a failed connection
Specify how many times to attempt restarting if an initial connection
attempt fails.
Endless Retries Select this check box to continuously keep trying to connect until
connected successfully.
Time interval between
restart attempts
Specify the amount of time (in minutes) to wait between restart
attempts.
SonicWall Secure Mobile Access 12.4 User Guide
Introduction to Legacy Connect Tunnel
20
12 To verify that Connect Tunnel started, open the SonicWall VPN Connection shortcut on the desktop. You
should see the established connection.
Alternatively, you can issue the ipconfig command on the command line to verify that you have a
virtual IP address for the SonicWall VPN Connection.
Importing the Client Certificate
The certificate specified for CTS must be located in the Local Computer certificate store of the user’s device;
certificates in a user's store are not available to the service. The Microsoft Management Console (MMC) is a
tool for managing administrative tools, including snap-ins and extension snap-ins.
To import a certificate into the user’s Local Computer store:
1 To open the Microsoft Management Console, click the Windows start button and type mmc in the text
field.
2 Press Enter.
3 In the File menu, choose the option for adding a snap-in.
4 To add a standalone snap-in, select Certificates, and then click the Add > button. Snap-ins can manage
certificates for different accounts.
5 Select Computer account.
6 Click Next.
7 Select Local computer.
8 Click Finish.
You should now see Certificates (Local Computer) in the list of selected snap-ins. The certificate must
now be copied to a certificate store.
9 In the Microsoft Management Console, right-click Personal > Certificates in the left navigation pane, and
then select All Tasks > Import.
10 Specify the certificate file you want to import, along with its password.
11 Place the certificate in your Personal store.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48

SonicWALL SMA 1000 Series User guide

Type
User guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI