About this Guide

Introduction to Global VPN Client
• Global VPN Client Overview
• Global VPN Client Features
• Global VPN Client Enterprise
• About this Guide
• Text Conventions
• Message Icons
Global VPN Client Overview
The SonicWall™ Global VPN Client creates a Virtual Private Network (VPN) connection between your computer and the corporate network to maintain
the confidentiality of private data. The Global VPN Client provides an easy-to-use solution for secure, encrypted access through the Internet for remote
Custom developed by SonicWall, the Global VPN Client combines with GroupVPN on SonicWall Internet Security Appliances to dramatically streamline
VPN deployment and management. Using SonicWall’s Client Policy Provisioning technology, the SonicOS administrator establishes the VPN connections
policies for the Global VPN Clients. The VPN configuration data is transparently downloaded from the SonicWall VPN Gateway (SonicWall Internet
Security Appliance) to Global VPN Clients, removing the burden of provisioning VPN connections from the user.
For configuring your SonicWall security appliance to support Global VPN Clients using SonicOS GroupVPN, see the SonicOS Administration Guide for
the firmware version running on your SonicWall security appliance (your VPN gateway appliance).
• Global VPN Client Features
• Global VPN Client Enterprise
Global VPN Client Features
The SonicWall Global VPN Client delivers a robust IPsec VPN solution with these features:
• Easy to Use - Provides an easy-to-follow Installation Wizard to quickly install the product, an easy-to-follow Configuration Wizard with point-andclick activation of VPN connections, and streamlined management tools to minimize support requirements.
• Multiple Language Support - The Global VPN Client user interface supports English, Simplified Chinese, Japanese, Korean, and Brazilian
Portuguese. The UI automatically displays in the Windows display language.
• Client Policy Provisioning - Using only the IP address or Fully Qualified Domain Name (FQDN) of the SonicWall VPN gateway, the VPN
configuration data is automatically downloaded from the SonicWall VPN gateway via a secure IPsec tunnel, removing the burden from the remote
user of provisioning VPN connections.
• XAUTH Authentication with RADIUS - Provides added security with user authentication after the client has been authenticated via a RADIUS
• VPN Session Reliability - Allows automatic redirect in case of a SonicWall VPN gateway failure. If a SonicWall VPN gateway is down then the
Global VPN Client can go through another SonicWall VPN gateway.
• Multiple Subnet Support - Allows Global VPN Client connections to more than one subnet in the configuration to increase networking flexibility.
• Third-Party Certificate Support - Supports VeriSign, Entrust, Microsoft, and Netscape Certificate Authorities (CAs) for enhanced user
• Tunnel All Support - Provides enhanced security by blocking all traffic not directed to the VPN tunnel to prevent Internet attacks from entering the
corporate network through a VPN connection.
• DHCP over VPN Support - Allows IP address provisioning across a VPN tunnel for the corporate network while allowing WAN DHCP for
Internet Access from the ISP.
• Secure VPN Configuration - Critical Global VPN Client configuration information is locked from the user to prevent tampering.
• AES and 3DES Encryption - Supports 168-bit key 3DES (Data Encryption Standard) and AES (Advanced Encryption Standard) for increased
security. AES requires SonicOS 2.0 or higher on the SonicWall VPN gateway appliance.
• GMS Management - Allows Global VPN Client connections to be managed by SonicWall’s award-winning Global Management System (GMS).
• Multi-Platform Client Support - Supports 32-bit and 64-bit versions of Windows: Windows 10, Windows 8, Windows 8.1, and Windows 7.
• NAT Traversal - Enables Global VPN Client connections to be initiated from behind any device performing NAT (Network Address Translation).
The SonicWall Global VPN Client encapsulates IPsec VPN traffic to pass through NAT devices, which are widely deployed to allow local
networks to use one external IP address for an entire network.
• Automatic Reconnect When Error Occurs - Allows the Global VPN Client to keep retrying a connection if it encounters a problem connecting
to a peer. This feature allows the Global VPN Client to automatically make a connection to a SonicWall VPN gateway that is temporarily disabled,
without manual intervention.
• Ghost Installation for Large Scale Installations - Enables the Global VPN Client’s virtual adapter to get its default address after installation and
then create a ghost image.
• NT Domain Logon Script Support - Allows Global VPN Clients to perform Windows NT domain authentication after establishing a secure IPsec
tunnel. The SonicWall VPN gateway passes the logon script as part of the Global VPN Client configuration. This feature allows the VPN user to
have access to mapped network drives and other network services.
• Dual Processor Support - Enables the Global VPN Client to operate on dual-processor computers.
• Group Policy Management - Global VPN Clients access can be customized and restricted to specific subnet access (Requires SonicOS
• Hub and Spoke VPN Access - Allows IP addressing from SonicWall VPN gateway’s DHCP Server to Global VPN Client for configuring a
different subnet for all remote Global VPN Clients than the subnet of the LAN. Makes hub-and-spoke VPN access simpler. When a Global VPN
Client successfully authenticates with the central site, it receives a virtual IP address that also grants it access to other trusted VPN sites.
• Default VPN Connections File - Enables the SonicOS administrator to configure and distribute the corporate VPN connections with the Global
VPN Client software to streamline VPN client deployment.
• Single VPN Connection to any SonicWall Secure Wireless Appliance for Roaming - Allows users to use a single VPN connection to access
the networks of multiple SonicWall Secure Wireless appliances.
• Automatic Configuration of Redundant Gateways from DNS - When an IPsec gateway domain name resolves to multiple IP addresses, the
Global VPN Client uses the IP addresses in the list as failover gateways.
• Tunnel State Display Enhancement - The Global VPN Client provides information about the state of VPN tunnels. In addition to the states of
enabled, disabled, and connected, the Global VPN Client indicates when tunnels are authenticating, provisioning, and connecting.
• Tunnel Status Pop-Up Window - The Global VPN Client alerts users when tunnels are connected or disconnected by displaying a small pop-up
• Smart Card and USB Token Authentication - The Global VPN Client is integrated with the Microsoft Cryptographic Application Program (MS
CryptoAPI or MSCAPI), which enables the Global VPN Client to support user authentication using digital certificates on Smart cards and USB
• NAT-T RFC 3947 Support - Allows for automatic detection of NAT along the path between two IKE peers during IKE Phase 1 negotiation. On
detection of NAT in middle, packets are UDP encapsulated using port 4500.
• DNS Redirect - DNS queries to DNS suffix associated with Virtual Adapter are not sent on the physical adapter.
• Tunnel All Support Enhancement - Provides the ability to route clear traffic to directly connected network interfaces that are configured with the
Route All policy, which is generally used in the WLAN zone.
• Program Auto-Start on VPN Connection - Automatically launches a program, with optional arguments, when successful VPN connections are
established, as specified in the Connection Properties dialog.
Global VPN Client Enterprise
Global VPN Client Enterprise provides the same functionality as the Global VPN Client with the added feature of license sharing.
About this Guide
The SonicWall Global VPN Client Administration Guide provides complete documentation on installing, configuring, and managing the SonicWall Global
VPN Client. This guide also provides instructions for SonicWall Global VPN Client Enterprise.
For configuring your SonicWall security appliance to support Global VPN Clients using SonicOS GroupVPN, see the SonicOS Administration Guide for
the firmware version running on your SonicWall security appliance (your VPN gateway appliance).
• Text Conventions
• Message Icons
Text Conventions
Highlights items you can select on the Global VPN Client
interface or the SonicOS management interface.
Menu Item > Menu Item
Indicates a multiple step menu choice. For example,
“select File > Open” means “select the File menu, and
then select the Open item from the File menu.
Screen Text
Indicates text as you would see it on a computer screen or
would enter on a command line. For example, myDevice>
show alerts
Message Icons
These special messages refer to noteworthy information, and include a symbol for quick identification:
WARNING: Important information that warns about a potential for property damage, personal
injury, or death
CAUTION: Important information that cautions about features affecting firewall performance,
security features, or causing potential problems with your SonicWall appliance.
TIP: Useful information about security features and configurations on your SonicWall appliance.
IMPORTANT: Important information on a feature that requires callout for special attention.
NOTE: Supporting information on a feature.
MOBILE: Useful information about mobile apps for your SonicWall appliance.
VIDEO: Links to videos containing further information about a feature on your SonicWall