Introduction to Global VPN Client • Global VPN Client Overview • Global VPN Client Features • Global VPN Client Enterprise • About this Guide • Text Conventions • Message Icons Global VPN Client Overview The SonicWall™ Global VPN Client creates a Virtual Private Network (VPN) connection between your computer and the corporate network to maintain the confidentiality of private data. The Global VPN Client provides an easy-to-use solution for secure, encrypted access through the Internet for remote users. Custom developed by SonicWall, the Global VPN Client combines with GroupVPN on SonicWall Internet Security Appliances to dramatically streamline VPN deployment and management. Using SonicWall’s Client Policy Provisioning technology, the SonicOS administrator establishes the VPN connections policies for the Global VPN Clients. The VPN configuration data is transparently downloaded from the SonicWall VPN Gateway (SonicWall Internet Security Appliance) to Global VPN Clients, removing the burden of provisioning VPN connections from the user. For configuring your SonicWall security appliance to support Global VPN Clients using SonicOS GroupVPN, see the SonicOS Administration Guide for the firmware version running on your SonicWall security appliance (your VPN gateway appliance). Topics: • Global VPN Client Features • Global VPN Client Enterprise Global VPN Client Features The SonicWall Global VPN Client delivers a robust IPsec VPN solution with these features: • Easy to Use - Provides an easy-to-follow Installation Wizard to quickly install the product, an easy-to-follow Configuration Wizard with point-andclick activation of VPN connections, and streamlined management tools to minimize support requirements. • Multiple Language Support - The Global VPN Client user interface supports English, Simplified Chinese, Japanese, Korean, and Brazilian Portuguese. The UI automatically displays in the Windows display language. • Client Policy Provisioning - Using only the IP address or Fully Qualified Domain Name (FQDN) of the SonicWall VPN gateway, the VPN configuration data is automatically downloaded from the SonicWall VPN gateway via a secure IPsec tunnel, removing the burden from the remote user of provisioning VPN connections. • XAUTH Authentication with RADIUS - Provides added security with user authentication after the client has been authenticated via a RADIUS server. • VPN Session Reliability - Allows automatic redirect in case of a SonicWall VPN gateway failure. If a SonicWall VPN gateway is down then the Global VPN Client can go through another SonicWall VPN gateway. • Multiple Subnet Support - Allows Global VPN Client connections to more than one subnet in the configuration to increase networking flexibility. • Third-Party Certificate Support - Supports VeriSign, Entrust, Microsoft, and Netscape Certificate Authorities (CAs) for enhanced user authentication. • Tunnel All Support - Provides enhanced security by blocking all traffic not directed to the VPN tunnel to prevent Internet attacks from entering the corporate network through a VPN connection. • DHCP over VPN Support - Allows IP address provisioning across a VPN tunnel for the corporate network while allowing WAN DHCP for Internet Access from the ISP. • Secure VPN Configuration - Critical Global VPN Client configuration information is locked from the user to prevent tampering. • AES and 3DES Encryption - Supports 168-bit key 3DES (Data Encryption Standard) and AES (Advanced Encryption Standard) for increased security. AES requires SonicOS 2.0 or higher on the SonicWall VPN gateway appliance. • GMS Management - Allows Global VPN Client connections to be managed by SonicWall’s award-winning Global Management System (GMS). • Multi-Platform Client Support - Supports 32-bit and 64-bit versions of Windows: Windows 10, Windows 8, Windows 8.1, and Windows 7. • NAT Traversal - Enables Global VPN Client connections to be initiated from behind any device performing NAT (Network Address Translation). The SonicWall Global VPN Client encapsulates IPsec VPN traffic to pass through NAT devices, which are widely deployed to allow local networks to use one external IP address for an entire network. • Automatic Reconnect When Error Occurs - Allows the Global VPN Client to keep retrying a connection if it encounters a problem connecting to a peer. This feature allows the Global VPN Client to automatically make a connection to a SonicWall VPN gateway that is temporarily disabled, without manual intervention. • Ghost Installation for Large Scale Installations - Enables the Global VPN Client’s virtual adapter to get its default address after installation and then create a ghost image. • NT Domain Logon Script Support - Allows Global VPN Clients to perform Windows NT domain authentication after establishing a secure IPsec tunnel. The SonicWall VPN gateway passes the logon script as part of the Global VPN Client configuration. This feature allows the VPN user to have access to mapped network drives and other network services. • Dual Processor Support - Enables the Global VPN Client to operate on dual-processor computers. • Group Policy Management - Global VPN Clients access can be customized and restricted to specific subnet access (Requires SonicOS Enhanced). • Hub and Spoke VPN Access - Allows IP addressing from SonicWall VPN gateway’s DHCP Server to Global VPN Client for configuring a different subnet for all remote Global VPN Clients than the subnet of the LAN. Makes hub-and-spoke VPN access simpler. When a Global VPN Client successfully authenticates with the central site, it receives a virtual IP address that also grants it access to other trusted VPN sites. • Default VPN Connections File - Enables the SonicOS administrator to configure and distribute the corporate VPN connections with the Global VPN Client software to streamline VPN client deployment. • Single VPN Connection to any SonicWall Secure Wireless Appliance for Roaming - Allows users to use a single VPN connection to access the networks of multiple SonicWall Secure Wireless appliances. • Automatic Configuration of Redundant Gateways from DNS - When an IPsec gateway domain name resolves to multiple IP addresses, the Global VPN Client uses the IP addresses in the list as failover gateways. • Tunnel State Display Enhancement - The Global VPN Client provides information about the state of VPN tunnels. In addition to the states of enabled, disabled, and connected, the Global VPN Client indicates when tunnels are authenticating, provisioning, and connecting. • Tunnel Status Pop-Up Window - The Global VPN Client alerts users when tunnels are connected or disconnected by displaying a small pop-up window. • Smart Card and USB Token Authentication - The Global VPN Client is integrated with the Microsoft Cryptographic Application Program (MS CryptoAPI or MSCAPI), which enables the Global VPN Client to support user authentication using digital certificates on Smart cards and USB tokens. • NAT-T RFC 3947 Support - Allows for automatic detection of NAT along the path between two IKE peers during IKE Phase 1 negotiation. On detection of NAT in middle, packets are UDP encapsulated using port 4500. • DNS Redirect - DNS queries to DNS suffix associated with Virtual Adapter are not sent on the physical adapter. • Tunnel All Support Enhancement - Provides the ability to route clear traffic to directly connected network interfaces that are configured with the Route All policy, which is generally used in the WLAN zone. • Program Auto-Start on VPN Connection - Automatically launches a program, with optional arguments, when successful VPN connections are established, as specified in the Connection Properties dialog. Global VPN Client Enterprise Global VPN Client Enterprise provides the same functionality as the Global VPN Client with the added feature of license sharing. About this Guide The SonicWall Global VPN Client Administration Guide provides complete documentation on installing, configuring, and managing the SonicWall Global VPN Client. This guide also provides instructions for SonicWall Global VPN Client Enterprise. For configuring your SonicWall security appliance to support Global VPN Clients using SonicOS GroupVPN, see the SonicOS Administration Guide for the firmware version running on your SonicWall security appliance (your VPN gateway appliance). Topics: • Text Conventions • Message Icons Text Conventions Convention Use Bold Highlights items you can select on the Global VPN Client interface or the SonicOS management interface. Menu Item > Menu Item Indicates a multiple step menu choice. For example, “select File > Open” means “select the File menu, and then select the Open item from the File menu. Screen Text Indicates text as you would see it on a computer screen or would enter on a command line. For example, myDevice> show alerts Message Icons These special messages refer to noteworthy information, and include a symbol for quick identification: WARNING: Important information that warns about a potential for property damage, personal injury, or death CAUTION: Important information that cautions about features affecting firewall performance, security features, or causing potential problems with your SonicWall appliance. TIP: Useful information about security features and configurations on your SonicWall appliance. IMPORTANT: Important information on a feature that requires callout for special attention. NOTE: Supporting information on a feature. MOBILE: Useful information about mobile apps for your SonicWall appliance. VIDEO: Links to videos containing further information about a feature on your SonicWall appliance.