Beruflich Dokumente
Kultur Dokumente
Limited Warranty
SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any
case commencing not more than ninety (90) days after the original shipment by SonicWALL),
and continuing for a period of twelve (12) months, that the product will be free from defects
in materials and workmanship under normal use. This Limited Warranty is not transferable
and applies only to the original end user of the product. SonicWALL and its suppliers' entire
liability and Customer's sole and exclusive remedy under this limited warranty will be
shipment of a replacement product. At SonicWALL's discretion the replacement product may
be of equal or greater functionality and may be of either new or like-new quality. SonicWALL's
obligations under this warranty are contingent upon the return of the defective product
according to the terms of SonicWALL's then-current Support Services policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress,
damaged by accident, abuse, misuse or misapplication, or has been modified without the
written permission of SonicWALL.
Guide Conventions
Conventions used in this guide are as follows:
Convention Use
Alert! Important information that cautions about features affecting Global Security Client
performance, security features, or causing potential problems with your SonicWALL.
Tip! Useful information about security features and configurations of your Global Security
Client.
E-mail: support@sonicwall.com
Alert! Remove any personal firewall product currently running on your computer before installing
the SonicWALL Global Security Client.
Alert! If you have the SonicWALL Global VPN Client installed on your system, you must uninstall
the existing program and reboot before installing the Global Security Client package.
To install the SonicWALL Global Security Client, follow these steps:
1. Click on GSC.msi. The File Download dialog is displayed.
2. Click Open. The SonicWALL Global Security Client Setup Wizard is displayed. Click
Next to continue.
3. In the License Agreement page, select I Agree and then click Next.
4. In the Select Installation Folder page, use the default installation folder or click Browse
to specify a different location. Click Next.
5. In the Confirm Installation page, click Next to install the Global Security Client. The
Global Security Client installation begins.
6. In the Installation Complete page, click Close.
7. Click Yes to restart your computer.
This window includes three icons: Event Viewer, Distributed Security Client, and
SonicWALL Global VPN Client. You can also access the Distributed Security Client and
SonicWALL Global VPN Client Enterprise programs from the Windows>Programs menu.
Alert! If you are configuring the Global VPN Client Enterprise for Remote Access, make sure you
have the IP address or FQDN of the remote SonicWALL VPN gateway and an active
Internet connection or dial-up Internet access before using the New Connection Wizard.
• Office Gateway - Choose this scenario if you want secure access to a local
SonicWALL SOHO TZW wireless network. When you create an Office Gateway VPN
connection, it appears as the Peer entry of <Default Gateway> in the SonicWALL
Global VPN Client window. You can use this single Office Gateway VPN connection
policy to roam securely across SOHO TZW wireless networks.
Alert! If you are configuring the Global VPN Client Enterprise for Office Gateway, make sure your
wireless card is configured with the correct SSID information to access the SonicWALL
SOHO TZW before using the New Connection Wizard.
2. If the New Connection Wizard does not display, click the New Connection Wizard icon
on the far left side of the toolbar to launch the New Connection Wizard. Click Next.
6. In the Completing the New Connection Wizard page select any of the following
options:
Select Create a desktop shortcut to this connection, if you want to create a shortcut
icon on your desktop for this VPN connection.
Select Enable this connection when the program is launched, if you want to
automatically establish this VPN connection when you launch the SonicWALL Global
VPN Client Enterprise.
7. Click Finish. The new VPN connection policy appears in the SonicWALL Global VPN
Client window.
Note: If you selected Enable this connection when the program is launched in the New
Connection Wizard, the VPN connection is automatically established when you launch the
SonicWALL Global VPN Client Enterprise.
The following steps explain how to enable the VPN connection policy you created in the
previous section.
1. Double-click the SonicWALL Global Security Client icon in the Windows status area to
display the SonicWALL Global Security Client window. You can also launch the
SonicWALL Global VPN Client by choosing Start>Programs>SonicWALL Global VPN
Client.
3. Double-click the VPN connection policy or right-click the VPN connection policy icon and
select Enable from the menu.
5. The VPN gateway prompts you for a username and password for authentication. In the
Enter Username and Password dialog box, type your username and password. Click
OK to continue with establishing your VPN connection.
1. Type your Pre-Shared Key in the Pre-shared Key field. The Pre-Shared Key is masked
for security purposes.
2. If you want to make sure you’re entering the correct Pre-Shared Key, check Don’t hide
the pre-shared key. The Pre-Shared Key you enter appears unmasked in the
Pre-shared Key field.
3. Click OK.
Selecting a Certificate
If the SonicWALL VPN Gateway requires a Digital Certificate to establish your identity for the
VPN connection, the Select Certificate dialog box appears. This dialog box lists all the
available certificates installed on your Global VPN Client Enterprise. Select the certificate
from the menu, then click OK. If you have a certificate that has not been imported into the
Global VPN Client Enterprise using Certificate Manager, click Import Certificate.
Note: See the SonicWALL Global VPN Client Administrator’s Guide located at
<http://www.sonicwall.com/services/documentation.html> for more information on using
the Certificate Manager.
In the SonicWALL Distributed Security Client window are the two default policies for the
Distributed Security Client:
• Local policy - This policy is enabled when the Distributed Security Client is in
Standalone mode with no VPN connection enabled. This policy can be modified at any
time.
• Distributed policy - This policy is enabled when the Distributed Security Client is in
Managed mode. In Managed mode, the firewall policies are controlled by the
SonicWALL Policy Editor and cannot be modified by the user.
The currently enforced policy is noted as Enabled in the Status column of the SonicWALL
Distributed Security Client window. Clicking the Properties button on the toolbar or
choosing View>Properties displays the properties for the currently enforced security policy.
If the Distributed policy is enabled, the Distributed Security Client security policy is
managed from the SonicWALL gateway. If the Local policy is enabled, the security policy
settings are available for local configuration by the user for use when no VPN connection is
enabled.
Alert! These settings are configurable only if the Standalone policy is enabled. Otherwise, these
settings are managed by the Policy Editor on the SonicWALL gateway and the settings in
the Distributed Security Client Properties window are dimmed.
Security
Selecting Security displays the configurable security settings for the SonicWALL Distributed
Security Client. After making any security setting changes, click the Apply button to save
your changes.
Creating a Rule
To create a firewall filter rule, you must first specify the kind of traffic that should be affected
by the rule. There are several different characteristics of traffic, each of which you can use to
specify the kind of traffic that you want to control.
Note: You can create a maximum of 32 advanced rules for the Local policy as well as the
Distributed policy from the Policy Editor.
To create a new rule, follow these steps:
2. Enter a name for your rule in the Rule field. This is the name displayed in the Rules list.
3. Configure the following settings to specify the characteristics of the traffic.
Action - Select Block to block the specified traffic or Allow to allow the specified traffic.
Direction - Select one of the traffic direction options: Inbound, Outbound, or Both.
Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP.
Details - Specify the port number(s), and IP address(es). To enter a range, separate the
first and last port numbers or IP addresses with a comma; for example, 59153, 59160.
4. After specifying your rule settings, click OK.
5. Click Apply to save your changes.
Modifying Rules
To modify a rule, follow these steps:
1. Select the rule in the Rules list
2. Click Edit. The Edit Advanced Rule dialog box is displayed. This dialog box includes the
same settings as the New Advanced Rule dialog box.
3. Modify any of the following settings to specify the characteristics of the traffic.
Action - Select Block to block the specified traffic or Allow to allow the specified traffic.
Direction - Select one of the traffic direction options: Inbound, Outbound, or Both.
Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP.
Details - Specify the port number(s), and IP address(es). To enter a range, separate the
first and last port numbers or IP addresses with a comma; for example, 59153, 59160.
4. Click OK.
5. Click Apply.
Application Rules
The Application Rules page allows you to configure security settings for each application on
your application list by setting certain restrictions on which IPs and Ports an application can
use.
Applications listed with a checkbox in the bottom section of the Application Rules page were
discovered by the Distributed Security Client as running. The default configuration is to allow
these applications to run. To block any of these applications, click on the checkbox
associated with the application. Click the Block button to move application (s) up to the
Applications list. Click Apply to save your changes.
NetBIOS Settings
The NetBIOS Settings page displays the network interfaces on your computer recognized
and protected by the Distributed Security Client. The SonicWALL Virtual Adapter entry is
the interface for the SonicWALL Global VPN Client Enterprise application.
The Event Viewer window provides access to the following Global Security Client event logs:
• Application - Contains events logged by applications or programs.
• Security - Records events such as valid and invalid logon attempts, as well as events
related to resource use such as creating, opening, or deleting files or other objects.
• System - Contains events logged by Windows system components. For example, the
failure of a driver or other system component to load during startup is recorded in the
system log. Records all operational changes, such as the starting and stopping of
services, detection of network applications, software configuration modifications, and
software execution errors. This log is especially useful for troubleshooting.
• SonicWALL Global Security Client - Displays Global Security Client events
categorized as Information, Error, Success Audit or Warning.
Note: The Application, Security, and System Event Viewer functions are part of the Windows
operating system. See your Windows documentation for more information on the Event
Viewer.
Note: You can create only a single security policy for all your Global Security Clients.
Tip! The Policy Editor settings are the same for SonicWALL Appliances running SonicOS 2.1.x
or Firmware 6.6.x.
Alert! The Policy Editor button appears only if you have activated your Global Security Client
licenses. See “Global Security Client Licensing” on page 50 for more information.
Getting Help
Clicking the ? on the top right of the SonicWALL Management Interface page displays online
help for the page.
Services
The Services section lists the available services for the Global Security Client with access to
the configuration options for the service. Clicking on the Edit icon (SonicOS) or the Edit
button (Firmware 6.6.x) in the Configure column for Distributed Security Client allows you to
configure security policies enforced by the Policy Editor for Distributed Security Clients on the
remote desktops.
General Settings
The Version menu allows you to define what version of the Distributed Security Client the
client must be running to allow remote access. You can choose a specific version or latest
from the Version menu.
Security
The Security section allows you to specify the Distributed Security Client security features to
enforce on your clients. These settings correspond to those that are listed in the desktop
Distributed Security Client client when it is in Standalone mode.
Each Security feature has a default setting, but you can specify Enable or Disable for each
Security feature in the Action column to make any changes to your Distributed Security
Client policy.
Advanced Rules
The Advanced Rules section allows you to specify rules for special Distributed Security
Client filtering. You create new rules by clicking on the Add button. You can arrange the order
of rules in the Advanced Rules table by clicking on the Up or Down links in the Configure
column.
Applications
The Applications section allows the administrator to allow or block specific applications on
the client desktop for use through the VPN connection.
Note: See your SonicWALL Administrator’s Guide for complete GroupVPN configuration
instructions.
Firmware 6.6.x
To require and enforce the Distributed Security Client policy on the Global VPN Client
Enterprise user’s desktop before allowing a VPN connection, follow these steps to configure
the GroupVPN policy on your SonicWALL
1. Select the VPN>Configure page in the SonicWALL Management Interface.
2. Click the Client Settings button. The VPN Client Settings window is displayed.
Alert! SonicWALLs with currently active licenses cannot be added to the License Sharing Group.
To share previously activated licenses among multiple SonicWALLs, contact SonicWALL
technical support.
Alert! SonicWALLs with currently active licenses cannot be added to the License Sharing Group.
To share previously activated licenses among multiple SonicWALLs, contact SonicWALL
technical support.
mySonicWALL.com
mySonicWALL.com delivers a convenient, one-stop resource for registration, activation, and
management of your SonicWALL products and services. Your mySonicWALL.com account
provides a single profile to do the following:
• Register your SonicWALL Internet Security Appliances
• Purchase/Activate SonicWALL Security Services and Upgrades
• Receive SonicWALL firmware and security service updates and alerts
• Manage (change or delete) your SonicWALL security services
• Access SonicWALL Technical Support
Creating a mySonicWALL.com account is easy and FREE. Simply complete an online
registration form. Once your account is created, you can register SonicWALL Internet
Security Appliances and activate any SonicWALL Security Services associated with the
SonicWALL.
Your mySonicWALL.com account is accessible from any Internet connection with a Web
browser using the HTTPS (Hypertext Transfer Protocol Secure) protocol to protect your
sensitive information. You can also access mySonicWALL.com license and registration
services directly from the SonicWALL management interface for increased ease of use and
simplified services activation.
If you activated Global Security Client at mySonicWALL.com, the Global Security Client,
activation is automatically enabled on your SonicWALL within 24-hours or you can click the
Synchronize button on the Security Services>Summary page to update your SonicWALL.
Note: Each Activation Key activates both the Global VPN Client Enterprise and Distributed
Security Client licenses. You enter the Activation Key for the Distributed Security Client and
the Global VPN Client Enterprise license is automatically added.
3. Click Upgrade in the Manage Service column for Distributed Security Client in the
Manage Services Online table.
4. Type the Activation Key in the New License Key field for each Global Security Client
(Distributed Security Client and Global VPN Client Enterprise).
5. Click Submit. Your Global Security Clients are activated. The number of Global VPN
Client Enterprise and Distributed Security Client licenses appear in the Count column of
the Manage Services Online table on the System>Licenses page. The expiration date
for the Distributed Security Client is displayed in the Expiration column.
Firmware 6.6.x
1. In the General>Security Services page of the SonicWALL Management Interface, click
SonicWALL Security Service Subscription in the Security Services Activation
section. The mySonicWALL Login page is displayed.
2. In the mySonicWALL Login page, enter your mySonicWALL.com account username
and password in the User Name and Password fields, then click Submit. The
System>Licenses page is displayed. If your SonicWALL is already connected to your
mySonicWALL.com account, the Manage Services Online page appears.
Note: Each Activation Key activates both the Global VPN Client Enterprise and Distributed
Security Client licenses. You enter the Activation Key for the Distributed Security Client and
the Global VPN Client Enterprise license is automatically added.
© 2004 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be
trademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.
P/ N 232- 000510- 00
Rev A 03/ 04