Manuel d'utilisation / d'entretien du produit none du fabricant SonicWALL
Aller à la page of 66
PROTECTION AT THE SPEED OF BUSINESS ™ Global VPN Client Administrator's Gui de.
Page 2 SonicWALL Global VPN Cli ent 4.0 Administrator’s Guide Table of Contents SonicWALL Global VPN Client ......................................... 5 SonicWALL Global VPN Client Features .... .............................. ............ 5 New Features in SonicWA LL Global VPN Clie nt 4.
SonicWALL Global VPN Client 4. 0 Administrator’s Guide Page 3 Creating a VPN Policy Shortcut ..................................... 22 Specifying Global VPN Client Launch Options ............... 23 Managing the Global VPN C lient System Tray Icon ...
Page 4 SonicWALL Global VPN Cli ent 4.0 Administrator’s Guide SOFTWARE LICENSE AGREEMENT FOR THE SONICWALL GLOBAL VPN CLIENT ............................... 37 LICENSE .................. ................................. ............................
SonicWALL Global VPN Client 4. 0 Administrator’s Guide Page 5 Appendix D - Installing the Global VPN Client with a Ghost Application .......................................................... 50 Appendix E- Log Vi ewer Messages .....................
SonicWALL Global VPN Client Page 5 SonicWALL Global VPN Client The SonicWALL Global VPN Client crea tes a Virtual Private Network (VPN) connection between you r computer and the cor porate network to maintain th e confidentiality of private data.
Page 6 SonicWALL Global VPN Cli ent 4.0 Administrator ’ s Guide • Automatic Reconnect Wh en Error Occurs - Allows the Global VPN Client to keep retrying a connection if it encounters a prob lem connecting to a peer.
About this Guide Page 7 Global VPN Client Enterpri se/Global Security Client SonicWALL Global Security Client combines gate w ay enforcement, central management, configur ation flexibility and software deployment to deliver comprehensive desk top se curity to mob ile workers and corporate networks.
Page 8 SonicWALL Global VPN Cli ent 4.0 Administrator ’ s Guide SonicWALL Pocket Global VPN Client Use the SonicWALL Pocket Global VPN Client Administrator’s Guide for complete instruct ions on installing, configuring and managing the Pock et Global VPN Client.
Installing the SonicWALL Global VPN Client Page 9 Limited W ar r anty SonicWALL, Inc. warrants th at commencing from th e delivery date to Custom er (but in any case commencing not more than ninety (9.
Page 10 SonicWALL Global VPN Client 4.0 Administrator’s Guide Tip! For information on th e number of SonicWALL Gl obal VPN Client connecti ons supported by your SonicWALL and Global VPN Client licensing for your SonicWALL, se e “SonicWALL Global VPN Client Licenses” on page 35.
Installing the SonicWALL Global VPN Client Page 11 4. Close all application s an d disa bl e an y disk pr ot ec tio n an d pers onal firewall software running on you r computer. Click Next . 5. Select I accept the terms of the lic en se ag re eme n t .
Page 12 SonicWALL Global VPN Client 4.0 Administrator’s Guide 8. Select Start program automat ically when users log in to automa tically launch the VPN Globa l Client when you lo g onto the computer, if desired. 9. Select Launch program no w to automatically launch the Glob al VPN Client after finishing the installation, if desired.
Adding VPN Connection Policies Page 13 Under standing Digital Certif ica tes If digital cer tificates are required as part of your VPN co nnection policy, your gat eway administrator m ust provide you with the requir ed information to import the certificate.
Page 14 SonicWALL Global VPN Client 4.0 Administrator’s Guide 3. In the Choose Scenario page, you can click on View Scenario to view a diagram of each type of VPN connection. Clicking on the Remote Access View Scenario links displays the diagram for this type of VPN connection.
Adding VPN Connection Policies Page 15 5. If you selected Remote Access in the Choose Scenario page , the Re mote Access page is displayed. Type the IP address or FQDN of the gateway in the IP Addre ss or Domain Name field. The information you type in the IP Address or Do main Name field appea rs in the Connection Name field.
Page 16 SonicWALL Global VPN Client 4.0 Administrator’s Guide Alert! If your .rcf file is encrypted, yo u must have the password to import the configuration file into the Global VPN Client. The following instructions explai n how to add VPN connectio n policy by importing a connection policy file provided by your gatew ay administrator.
Launching the SonicWALL Global VPN Client Page 17 Launc hing the SonicWALL Global VPN Client To launch the SonicWALL Global VPN Client, choose Start>Programs>Soni cWALL Glob al VPN Client . The default setting for the Soni cW ALL Global VPN Client window is Hide the windo w (reopen it from the tray icon) .
Page 18 SonicWALL Global VPN Client 4.0 Administrator’s Guide The Global VPN Client support two IPSec Keying modes: IKE using Pres hared S ecret a nd IKE using 3rd Party Certificates. Preshared Secret is the most co mmon form of the IPSec Keying modes.
Making VPN Connections Page 19 To establish a VPN connection us ing a VPN connection policy you cr eated in the Global VPN Client, follow these instructions.
Page 20 SonicWALL Global VPN Client 4.0 Administrator’s Guide Entering a Pr e-Shar ed K ey Depending on the attr ibutes for the VPN connection pol icy, if no default Pre-Sha red Key is used, you must have a Pre-Sh ared Key provided by the gateway admini strato r in order to make you r VPN connection.
Disabling a VPN Connection Page 21 If the SonicWALL VPN gateway is provisioned to prompt you for the usernam e and password to enter the remote n etwork, the Enter Usern ame and Password dialog box appears.
Page 22 SonicWALL Global VPN Client 4.0 Administrator’s Guide • A VPN policy that cannot be successfully conne cte d displays an error mark (red x) on the policy icon. • The SonicWALL Global VPN Client icon in the syst em tray displays a visual i ndicator of data passing between the Global VPN Client and the gateway.
Specifying Global VPN Client Launch Options Page 23 Specifying Global VPN Client Launc h Options You can specify how the SonicWALL Glob al VPN Client launches and what notific ation windows appea r using the controls in the Genera l tab of the Options dialog box.
Page 24 SonicWALL Global VPN Client 4.0 Administrator’s Guide • Disable - Allows you to disable active VPN connections. • Open Log Viewer - Opens the Log Viewer to view informational and error messages. See pa ge 31 for more information on the Log Viewer.
Managing VPN Connection Policy Properties Page 25 • Attributes - Defines the status of Tunnel All suppor t. These settin gs are controlled at the SonicWALL VPN gateway. Other traffic allowed - If en abled, your computer ca n access the local network or Intern et connection while the VPN connection is active.
Page 26 SonicWALL Global VPN Client 4.0 Administrator’s Guide • Username - Enter the usernam e pr ov ide d by your gat ew ay adm in istr ato r . • Password - Enter the password provided by your gateway administrator .
Managing VPN Connection Policy Properties Page 27 • DPD Settings - Displays th e Dead Peer Detection Settings dia log box. Check for dead peer every - choose from 5, 10, 15 , 20, 25, or 30 seconds. Assume peer i s dead after - choo se from 3, 4, or 5 Fa iled Checks.
Page 28 SonicWALL Global VPN Client 4.0 Administrator’s Guide Sta tus The Status page shows the current status of the connection. • Connection Status - Indicates whether VPN connection policy is enabled or disabled. Peer IP Address - Displays the IP addr ess of the VPN connection peer.
Managing VPN Connection Policies Page 29 Managing VPN Connection P olicies The SonicWALL Global VPN Client su pports as many VPN connection po lic ies as you need. To help you manage these connection policies, the Global VPN Client provide s the following connection policy management tools.
Page 30 SonicWALL Global VPN Client 4.0 Administrator’s Guide Managing Certificates The Certificat e Ma nager allows you to manage digital certific ates used by the SonicWALL Global VPN Client for VPN connections. If your VPN gateway uses digital certif icates, you must import the CA and Local Certificates into the Certificat e Manager .
Troubleshooting the SonicWALL Global VPN Client Page 31 Under standing the Gl obal VPN Client Log The SonicWALL Global VPN Client Log window displays messages abou t Global VPN Client activities. To open the Lo g Viewer window, click the Log Viewer button on the Global VPN Client window toolbar, or choose View>Log Viewer , or press Ctrl+L .
Page 32 SonicWALL Global VPN Client 4.0 Administrator’s Guide • To remove re dundant messages from displa ying, choose View>Ignore Redundant Mess ages or press Ctrl+I . • To hide the to olbar in the Lo g Viewer window, choose View>Toolbar .
Troubleshooting the SonicWALL Global VPN Client Page 33 Maximum auto-log file size - Specifies the maximum f ile size in KB or MB. When auto- log size limit is reach ed - Instructs Auto-log ging what to do when log fil e size is reached.
Page 34 SonicWALL Global VPN Client 4.0 Administrator’s Guide Accessing T ec hnical Suppor t Selecting Help > T echnical Support accesses the SonicWALL Support site at http://www.
Configuring SonicWALL Security A ppliances for Global VPN Clients Page 35 Note! For information on configuring GroupVPN on the SonicWALL to support SonicWALL Global VPN Client, refer to the Administrator’s Guide for your SonicW ALL. All So nicWALL product documentation is available at http://www.
Page 36 SonicWALL Global VPN Client 4.0 Administrator’s Guide Activa ting Y our SonicWALL Global VPN Clients In order to activate and download your SonicWALL Global VPN Client software, you must have a valid mysonicwall.com account and yo ur SonicWALL product mu st be register ed to your account.
SOFTWARE LICENSE AGREEMENT FOR THE SONICWALL GLOBAL VPN CLIENT Page 37 SOFTWARE LICENSE A GREEMENT FOR THE SONICWALL GL OB AL VPN CLIENT This Software License Agreement (SLA) is a lega l agreement between you an d SonicWALL, Inc.
Page 38 SonicWALL Global VPN Client 4.0 Administrator’s Guide EXPOR TS LICENSE Licensee will comply with, and will, at SonicWALL' s request, demons trate such compliance with all applicable export laws, restri ctions, and regulati ons of the U.
SOFTWARE LICENSE AGREEMENT FOR THE SONICWALL GLOBAL VPN CLIENT Page 39 MISCELLANEOUS This SLA represents the entire agreement concerning the subject matter he reof between the parties an d supersedes all prior agreem ents and representations betwe en them.
Page 40 SonicWALL Global VPN Client 4.0 Administrator’s Guide SonicWALL has been advised of the possibility of such damages. In any case, S onicWALL's entire liability under any provisio n of this SLA sh all be limite d to the gr ea te r of the am o un t ac tua lly pa id by you for the SOFTWARE PRODUCT or U.
Appendix A - Creating and Deploying the Defaul t.rcf File for Global VPN Clients Page 41 Include the default.rcf File with the Global VPN Client Software After you create the default.rcf file, you can include it with the SonicWALL Global VPN Client software.
Page 42 SonicWALL Global VPN Client 4.0 Administrator’s Guide Cr ea ting the default.r cf File You can create your custom default.rcf file from any text edito r, such as Windows Notepad. default.rcf File Tag Descriptio ns Tag that you do not explicitly list in the default.
Appendix A - Creating and Deploying the Defaul t.rcf File for Global VPN Clients Page 43 <Peer> Defines the peer settings for a VPN conn ectio n . A VPN connection can support up to 5 peer s. Alert! A special case of Host Name is for an Of fice Gateway scenario.
Page 44 SonicWALL Global VPN Client 4.0 Administrator’s Guide <DPDInterval> [ [ 5 ] -30] </DPDInterv al> Specifies the d uration of time (in seconds) to wait before declaring a peer as dead. The inter val times listed are incre mented by 5, and the a llowed values are 5, 10, 15, 20, 25 and 30 seconds.
Appendix A - Creating and Deploying the Defaul t.rcf File for Global VPN Clients Page 45 <UseDefaultGWAsPeerIP> 0 </UseDefaultGWAsPeerIP> <InterfaceSelection>0</InterfaceSelection.
Page 46 SonicWALL Global VPN Client 4.0 Administrator’s Guide <ReconnectOnError>1</ReconnectOnError> <ExecuteLogonScript>0</ExecuteLogonScript> </Flags> <Peer> &l.
Appendix B - SonicWALL Global VPN Cl ient Installation Using the InstallSh ield Silent Response File Page 47 T r oub leshooting the deafult.r cf File .
Page 48 SonicWALL Global VPN Client 4.0 Administrator’s Guide Play ing Bac k the Silent Instal la tion After you have create d the installation and the resp ons e file, you are r eady to ru n the Glob al VPN Client installation in silent mode. When running an installation in silent mode, be aware that no messages are displayed.
Appendix C - Running the Global VPN Client from the Command Line Interface Page 49 Appendix C - R unning the Global VPN Client fr om the Command Line Interface The SonicWALL Global VPN Client can run from the Co mmand Line Interface (CL I).
Page 50 SonicWALL Global VPN Client 4.0 Administrator’s Guide Appendix D - Installing the Global VPN Client with a Ghost Applica tion During the normal, no n-Ghost insta llation of the Global VPN Client, a MAC address for th e virtual adapter is generated and assign ed during the installation process.
Appendix E- Log Viewer Messages Page 51 ERROR Diffie-Hellman group ge nerator length has not been set. ERROR Diffie-Hellman group pr ime length has not been set. ERROR DSS signature processing failed - signatu re is not valid. ERROR Encryption algorith m is not supported.
Page 52 SonicWALL Global VPN Client 4.0 Administrator’s Guide ERROR Failed to build dead peer detection p acket. ERROR Failed to build dead peer detection reply message. ERROR Failed to build dead peer detection requ est message. ERROR Failed to build phase 1 delete message.
Appendix E- Log Viewer Messages Page 53 ERROR Failed to construct quick mode hash payload. ERROR Failed to construct quick mode packet. ERROR Failed to construct responder lifetime paylo ad. ERROR Failed to construct RSA signature. ERROR Failed to construct signature payload.
Page 54 SonicWALL Global VPN Client 4.0 Administrator’s Guide ERROR Failed to find OAKLEY group spe cified in the SA payloa d. ERROR Failed to find private ke y for certificate w ith ID. ERROR Failed to find protocol ID in the SA list. ERROR Failed to find route to reach.
Appendix E- Log Viewer Messages Page 55 ERROR Failed to set the IPSEC ESP at tributes into the phase 2 SA. ERROR Failed to set the OAKL EY attrib ut es into th e phas e 1 SA. ERROR Failed to set vendor ID into packet payload. ERROR Failed to set XAuth attributes into payload.
Page 56 SonicWALL Global VPN Client 4.0 Administrator’s Guide ERROR is not a valid XAuth status. ERROR ISAKMP SA delete msg for a different SA! ERROR No certificate for CERT authentication. ERROR No entry in the system IP addr ess table was found with inde x.
Appendix E- Log Viewer Messages Page 57 ERROR XAuth CHAP requests are not supp orted at this time. ERROR XAuth failed. ERROR XAuth has requested a password but one has not yet been specified. INFO "The connection """" has be en disabled.
Page 58 SonicWALL Global VPN Client 4.0 Administrator’s Guide INFO peer certifica te missing key value. INFO Phase 1 has completed. INFO Phase 1 SA lifetime set to. INFO Phase 2 negotiation has failed. INFO Phase 2 SA lifetime set to. INFO Phase 2 with has completed.
Appendix E- Log Viewer Messages Page 59 INFO Received invalid message ID notify. INFO Received invalid minor versio n notif y. INFO Received invalid payload notify. INFO Received invalid protocol ID notify. INFO Received invalid signature notify. INFO Received invalid SPI notify.
Page 60 SonicWALL Global VPN Client 4.0 Administrator’s Guide INFO Sending phase 2 delete for. INFO Sending policy provisioning acknowled gement. INFO Sending policy provisioning version reply. INFO Sending XAuth acknowled gement. INFO Sending XA uth reply.
Appendix E- Log Viewer Messages Page 61 INFO The SA lifetime for phase 2 is seconds. INFO The soft lifetime has expired for ph ase 1. INFO The soft lifetime has expired for ph ase 2 with. INFO The system ARP cache has been flushed . INFO Unable to encrypt payload! INFO User authentication has failed.
Page 62 SonicWALL Global VPN Client 4.0 Administrator’s Guide WARNING Received an unencrypted pa cket when crypto active! WARNING Responder lifetime pr otocol is not supp orted. WARNING The password is incorrec t. Please re-enter the password. WARNING The pre-shared key dialog bo x was cancelled by the user.
SonicWALL Global VPN Client 4.0 Administrator’s Guide Page 63 A Adding VPN Connection Policies 12 Default.rcf File 12 Import Connection Policy 12 New Connection Wizard 12 C Certificate Manager 30 Im.
SonicWA LL, Inc. 1 143 Borre gas Avenue T + 1 4 08.745.9600 w ww.so nicw all.co m Sunny val e CA 94 089 - 1306 F + 1 4 08.74 5. 930 0 P /N: 2 3 2- 00 0xxx -0 0 Rev A , 08/07 ©2007 Soni cW ALL , Inc.
SonicWA LL, Inc. 1 143 Borre gas Avenue T + 1 4 08.745.9600 w ww.so nicw all.co m Sunny val e CA 94 089 - 1306 F + 1 4 08.74 5. 930 0 P /N: 2 3 2- 00 1144 -00 Rev C , 10 /07 ©2007 Soni cW ALL , Inc.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté SonicWALL none c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du SonicWALL none - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation SonicWALL none, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le SonicWALL none va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le SonicWALL none, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du SonicWALL none.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le SonicWALL none. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei SonicWALL none ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.