Professional Documents
Culture Documents
GSC Admin Guide
GSC Admin Guide
Limited Warranty
SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any
case commencing not more than ninety (90) days after the original shipment by SonicWALL),
and continuing for a period of twelve (12) months, that the product will be free from defects
in materials and workmanship under normal use. This Limited Warranty is not transferable
and applies only to the original end user of the product. SonicWALL and its suppliers' entire
liability and Customer's sole and exclusive remedy under this limited warranty will be
shipment of a replacement product. At SonicWALL's discretion the replacement product may
be of equal or greater functionality and may be of either new or like-new quality. SonicWALL's
obligations under this warranty are contingent upon the return of the defective product
according to the terms of SonicWALL's then-current Support Services policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress,
damaged by accident, abuse, misuse or misapplication, or has been modified without the
written permission of SonicWALL.
Guide Conventions
Conventions used in this guide are as follows:
Convention Use
Alert! Important information that cautions about features affecting Global Security Client
performance, security features, or causing potential problems with your SonicWALL.
Tip! Useful information about security features and configurations of your Global Security
Client.
E-mail: support@sonicwall.com
Alert! Remove any personal firewall product currently running on your computer before installing
the SonicWALL Global Security Client.
Alert! If you have the SonicWALL Global VPN Client installed on your system, you must uninstall
the existing program and reboot before installing the Global Security Client package.
To install the SonicWALL Global Security Client, follow these steps:
1. Click on GSC.msi. The File Download dialog is displayed.
2. Click Open. The SonicWALL Global Security Client Setup Wizard is displayed. Click
Next to continue.
3. In the License Agreement page, select I Agree and then click Next.
4. In the Select Installation Folder page, use the default installation folder or click Browse
to specify a different location. Click Next.
5. In the Confirm Installation page, click Next to install the Global Security Client. The
Global Security Client installation begins.
6. On the SonicWALL Global VPN Client Setup Complete page, you can specify Start
program automatically when users log in or Launch program now, and then click
Finish.
7. In the Installation Complete page, click Close.
8. Click Yes to restart your computer.
This window includes three icons: Event Viewer, Distributed Security Client, and
SonicWALL Global VPN Client. You can also access the Distributed Security Client and
SonicWALL Global VPN Client Enterprise programs from the Windows>Programs menu.
Alert! If you are configuring the Global VPN Client Enterprise for Remote Access, make sure you
have the IP address or FQDN of the remote SonicWALL VPN gateway and an active
Internet connection or dial-up Internet access before using the New Connection Wizard.
Office Gateway - Choose this scenario if you want secure access to a local
SonicWALL SOHO TZW wireless network. When you create an Office Gateway VPN
connection, it appears as the Peer entry of <Default Gateway> in the SonicWALL
Global VPN Client window. You can use this single Office Gateway VPN connection
policy to roam securely across SOHO TZW wireless networks.
Alert! If you are configuring the Global VPN Client Enterprise for Office Gateway, make sure your
wireless card is configured with the correct SSID information to access the SonicWALL
SOHO TZW before using the New Connection Wizard.
2. If the New Connection Wizard does not display, click the New Connection Wizard icon
on the far left side of the toolbar to launch the New Connection Wizard. Click Next.
6. In the Completing the New Connection Wizard page select any of the following
options:
Select Create a desktop shortcut to this connection, if you want to create a shortcut
icon on your desktop for this VPN connection.
Select Enable this connection when the program is launched, if you want to
automatically establish this VPN connection when you launch the SonicWALL Global
VPN Client Enterprise.
7. Click Finish. The new VPN connection policy appears in the SonicWALL Global VPN
Client window.
Note: If you selected Enable this connection when the program is launched in the New
Connection Wizard, the VPN connection is automatically established when you launch the
SonicWALL Global VPN Client Enterprise.
The following steps explain how to enable the VPN connection policy you created in the
previous section.
1. Double-click the SonicWALL Global Security Client icon in the Windows status area to
display the SonicWALL Global Security Client window. You can also launch the
SonicWALL Global VPN Client by choosing Start>Programs>SonicWALL Global VPN
Client.
3. Double-click the VPN connection policy or right-click the VPN connection policy icon and
select Enable from the menu.
5. The VPN gateway prompts you for a username and password for authentication. In the
Enter Username and Password dialog box, type your username and password. Click
OK to continue with establishing your VPN connection.
1. Type your Pre-Shared Key in the Pre-shared Key field. The Pre-Shared Key is masked
for security purposes.
2. If you want to make sure youre entering the correct Pre-Shared Key, check Dont hide
the pre-shared key. The Pre-Shared Key you enter appears unmasked in the
Pre-shared Key field.
3. Click OK.
Selecting a Certificate
If the SonicWALL VPN Gateway requires a Digital Certificate to establish your identity for the
VPN connection, the Select Certificate dialog box appears. This dialog box lists all the
available certificates installed on your Global VPN Client Enterprise. Select the certificate
from the menu, then click OK. If you have a certificate that has not been imported into the
Global VPN Client Enterprise using Certificate Manager, click Import Certificate.
Note: See the SonicWALL Global VPN Client Administrators Guide located at
<http://www.sonicwall.com/services/documentation.html> for more information on using
the Certificate Manager.
In the SonicWALL Distributed Security Client window are the two default policies for the
Distributed Security Client:
Local policy - This policy is enabled when the Distributed Security Client is in
Standalone mode with no VPN connection enabled. This policy can be modified at any
time.
Distributed policy - This policy is enabled when the Distributed Security Client is in
Managed mode. In Managed mode, the firewall policies are controlled by the
SonicWALL Policy Editor and cannot be modified by the user.
The currently enforced policy is noted as Enabled in the Status column of the SonicWALL
Distributed Security Client window. Clicking the Properties button on the toolbar or
choosing View>Properties displays the properties for the currently enforced security policy.
If the Distributed policy is enabled, the Distributed Security Client security policy is
managed from the SonicWALL gateway. If the Local policy is enabled, the security policy
settings are available for local configuration by the user for use when no VPN connection is
enabled.
Alert! These settings are configurable only if the Standalone policy is enabled. Otherwise, these
settings are managed by the Policy Editor on the SonicWALL gateway and the settings in
the Distributed Security Client Properties window are dimmed.
Security
Selecting Security displays the configurable security settings for the SonicWALL Distributed
Security Client. After making any security setting changes, click the Apply button to save
your changes.
Creating a Rule
To create a firewall filter rule, you must first specify the kind of traffic that should be affected
by the rule. There are several different characteristics of traffic, each of which you can use to
specify the kind of traffic that you want to control.
Note: You can create an unlimited number of advanced rules for the Local policy as well as the
Distributed policy from the Policy Editor.
To create a new rule, follow these steps:
2. Enter a name for your rule in the Rule field. This is the name displayed in the Rules list.
3. Configure the following settings to specify the characteristics of the traffic.
Action - Select Block to block the specified traffic or Allow to allow the specified traffic.
Direction - Select one of the traffic direction options: Inbound or Outbound.
Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP.
Details - Specify the port number(s), and IP address(es). To enter a range, separate the
first and last port numbers or IP addresses with a comma; for example, 59153, 59160.
4. After specifying your rule settings, click OK.
5. Click Apply to save your changes.
Modifying Rules
To modify a rule, follow these steps:
1. Select the rule in the Rules list
2. Click Edit. The Edit Advanced Rule dialog box is displayed. This dialog box includes the
same settings as the New Advanced Rule dialog box.
3. Modify any of the following settings to specify the characteristics of the traffic.
Action - Select Block to block the specified traffic or Allow to allow the specified traffic.
Direction - Select one of the traffic direction options: Inbound or Outbound.
Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP.
Details - Specify the port number(s), and IP address(es). To enter a range, separate the
first and last port numbers or IP addresses with a comma; for example, 59153, 59160.
4. Click OK.
5. Click Apply.
Application Rules
The Application Rules page allows you to configure security settings for each application on
your application list by setting certain restrictions on which IPs and Ports an application can
use.
NetBIOS Settings
The NetBIOS Settings page displays the network interfaces on your computer recognized
and protected by the Distributed Security Client. The SonicWALL Virtual Adapter entry is
the interface for the SonicWALL Global VPN Client Enterprise application.
The Event Viewer window provides access to the following Global Security Client event logs:
Application - Contains events logged by applications or programs.
Security - Records events such as valid and invalid logon attempts, as well as events
related to resource use such as creating, opening, or deleting files or other objects.
System - Contains events logged by Windows system components. For example, the
failure of a driver or other system component to load during startup is recorded in the
system log. Records all operational changes, such as the starting and stopping of
services, detection or network applications, software configuration modifications, and
software execution errors. This log is especially useful for troubleshooting.
SonicWALL Global Security Client - Displays Global Security Client events
categorized as Information, Error, Success Audit or Warning.
Note: The Application, Security, and System Event Viewer functions are part of the Windows
operating system. See your Windows documentation for more information on the Event
Viewer.
Note: You can create only a single security policy for all your Global Security Clients.
Tip! The Policy Editor settings are the same for SonicWALL Appliances running SonicOS 2.1.x
or Firmware 6.6.x.
Alert! The Policy Editor button appears only if you have activated your Global Security Client
licenses. See Global Security Client Licensing on page 49 for more information.
Getting Help
Clicking the ? on the top right of the SonicWALL Management Interface page displays online
help for the page.
Services
The Services section lists the available services for the Global Security Client with access to
the configuration options for the service. Clicking on the Edit icon in the Configure column
for Distributed Security Client allows you to configure security policies enforced by the Policy
Editor for Distributed Security Clients on the remote desktops.
General Settings
The Version menu allows you to define what version of the Distributed Security Client the
client must be running to allow remote access. You can choose a specific version or latest
from the Version menu.
Security
The Security section allows you to specify the Distributed Security Client security features to
enforce on your clients. These settings correspond to those that are listed in the desktop
Distributed Security Client client when it is in Standalone mode.
Each Security feature has a default setting, but you can specify Enable or Disable for each
Security feature in the Action column to make any changes to your Distributed Security
Client policy.
Advanced Rules
The Advanced Rules section allows you specify rules for special Distributed Security Client
filtering. You create new rules by clicking on the Add button. You can arrange the order of
rules in the Advanced Rules table by clicking on the Up or Down links in the Configure
column.
Note: See your SonicWALL Administrators Guide for complete GroupVPN configuration
instructions.
Firmware 6.6.x
To require and enforce the Distributed Security Client policy on the Global VPN Client
Enterprise users desktop before allowing a VPN connection, follow these steps to configure
the GroupVPN policy on your SonicWALL
1. Select the VPN>Configure page in the SonicWALL Management Interface.
2. Click the Client Settings button. The VPN Client Settings window is displayed.
Alert! SonicWALLs with currently active licenses cannot be added to the License Sharing Group.
To share previously activated licenses among multiple SonicWALLs, contact SonicWALL
technical support.
You can also remove a SonicWALL appliance or redistribute the number of licenses between
the SonicWALL appliances. To remove a SonicWALL appliance, click Remove next to the
mySonicWALL.com
mySonicWALL.com delivers a convenient, one-stop resource for registration, activation, and
management of your SonicWALL products and services. Your mySonicWALL.com account
provides a single profile to do the following:
Register your SonicWALL Internet Security Appliances
Purchase/Activate SonicWALL Security Services and Upgrades
Receive SonicWALL firmware and security service updates and alerts
Manage (change or delete) your SonicWALL security services
Access SonicWALL Technical Support
Creating a mySonicWALL.com account is easy and FREE. Simply complete an online
registration form. Once your account is created, you can register SonicWALL Internet
Security Appliances and activate any SonicWALL Security Services associated with the
SonicWALL.
Your mySonicWALL.com account is accessible from any Internet connection with a Web
browser using the HTTPS (Hypertext Transfer Protocol Secure) protocol to protect your
sensitive information. You can also access mySonicWALL.com license and registration
services directly from the SonicWALL management interface for increased ease of use and
simplified services activation.
If you activated Global Security Client at mySonicWALL.com, the Global Security Client,
activation is automatically enabled on your SonicWALL within 24-hours or you can click the
Synchronize button on the Security Services>Summary page to update your SonicWALL.
Note: Each Activation Key activates both the Global VPN Client Enterprise and Distributed
Security Client licenses. You enter the Activation Key for the Distributed Security Client and
the Global VPN Client Enterprise license is automatically added.
3. Click Upgrade in the Manage Service column for Distributed Security Client in the
Manage Services Online table.
4. Type the Activation Key in the New License Key field for each Global Security Client
(Distributed Security Client and Global VPN Client Enterprise).
5. Click Submit. Your Global Security Clients are activated. The number of Global VPN
Client Enterprise and Distributed Security Client licenses appear in the Count column of
the Manage Services Online table on the System>Licenses page. The expiration date
for the Distributed Security Client is displayed in the Expiration column.
2002 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be
trademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.
P/ N 232- 000510- 00
Rev A 03/ 04