OO S o n i c W ALL Global Security Client Administrator's ...software.sonicwall.com/.../VPNClient/documentation/GSCAdminGuide.pdf · OO S o n i c W ALL Global Security Client Administrator's

COMPREHENSIVE INTERNET SECURITY™

OOS o n i c WALL Global Security Client

Administrator's Guide

SonicWALL Global Security Client Administrator’s Guide Page 1

Table of ContentsPreface ......................................................................................1

Copyright Notice ................................................................................... 1Limited Warranty .................................................................................. 1

About this Guide ........................................................................3Guide Conventions ............................................................................... 3

Icons Used in this Guide ....................................................................................... 3SonicWALL Technical Support ............................................................. 4

SonicWALL Global Security Client ............................................5Global Security Client Features ............................................................ 5How SonicWALL Global Security Client Works .................................... 6

Installing Global Security Client ................................................7Connecting to Your Corporate Network ....................................8

SonicWALL Global VPN Client Enterprise ........................................... 8Creating the VPN Connection Policy .................................................... 9Using the New Connection Wizard ..................................................... 10Enabling Your VPN Connection ......................................................... 14

Entering a Pre-Shared Key ................................................................................. 17Selecting a Certificate ......................................................................................... 17

Disabling a VPN Connection .............................................................. 18SonicWALL Distributed Security Client ...................................19

Standalone and Managed Mode ........................................................ 20Configuring Local Policy ..........................................................21

Security .............................................................................................. 21Protection ........................................................................................................... 22Attacks ................................................................................................................ 22Anti-IP (Anti-IP Spoofing) ................................................................................... 22Anti-MAC (Anti-MAC Spoofing) .......................................................................... 22Stealth (Stealth Mode Browsing) ........................................................................ 22Port Scanner (Port Scan Detection) ................................................................... 23Pre-Start ............................................................................................................. 23NetBIOS Protection ............................................................................................ 23

Advanced Rules ................................................................................. 24Creating a Rule ................................................................................................... 24Modifying Rules .................................................................................................. 25Deleting a Rule ................................................................................................... 26Defining Rule Priority .......................................................................................... 26

Page 2 SonicWALL Global Security Client Administrator’s Guide

Application Rules ................................................................................ 26Adding an Application ......................................................................................... 27Modifying an Application Rule ............................................................................ 27Deleting an Application Rule .............................................................................. 27

NetBIOS Settings ............................................................................... 27Log Settings ....................................................................................... 29Logs .................................................................................................... 30

Event Viewer ...........................................................................31Configuring Log Properties ................................................................. 32Managing Log Files ............................................................................ 32Customizing Log Views ...................................................................... 32Customizing the Event Viewer Window Layout .................................. 32

Configuring Security Policies with the Policy Editor ................33Accessing the Policy Editor (Firmware 6.6.x) ..................................... 34Accessing the Policy Editor (SonicOS 2.1.x) ...................................... 35Getting Help ....................................................................................... 35

Global Security Client>Summary ............................................36Editing a Security Policy ..................................................................... 37Deploying a Security Policy ................................................................ 37

Global Security Client>Groups and Services ..........................38Policy Polling Frequency .................................................................... 38Services .............................................................................................. 38

Configuring the Distributed Security Client .............................39General Settings ................................................................................. 39Security .............................................................................................. 39

Anti-IP (Anti-IP Spoofing) ................................................................................... 40Anti-MAC (Anti-MAC Spoofing) .......................................................................... 40Port Scanner (Port Scan Detection) ................................................................... 40Stealth (Stealth Mode Browsing) ........................................................................ 40Pre-Start ............................................................................................................. 40NetBIOS Protection ............................................................................................ 40

Advanced Rules ................................................................................. 41Specifying the Default Action .............................................................................. 41Adding a Rule ..................................................................................................... 42Modifying or Deleting a Rule .............................................................................. 42

Applications ........................................................................................ 43Allowing or Blocking Applications ....................................................................... 43Deleting and Application ..................................................................................... 43Adding an Application ......................................................................................... 43


Enforcing Distributed Security Client Activation ......................44SonicOS 2.1.x .................................................................................... 45Firmware 6.6.x .................................................................................... 46Global VPN Client Enterprise License Sharing .................................. 47

Global Security Client Licensing .............................................49mySonicWALL.com ............................................................................ 49Activating Global Security Client Licenses on Your SonicWALL ........ 50

Index .......................................................................................51



Preface

Copyright Notice© 2004 SonicWALL, Inc. All rights reserved.Under the copyright laws, this manual or the software described within, can not be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes translating into another language or format.SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein can be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice.

Limited WarrantySonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in anycase commencing not more than ninety (90) days after the original shipment by SonicWALL),and continuing for a period of twelve (12) months, that the product will be free from defectsin materials and workmanship under normal use. This Limited Warranty is not transferableand applies only to the original end user of the product. SonicWALL and its suppliers' entireliability and Customer's sole and exclusive remedy under this limited warranty will beshipment of a replacement product. At SonicWALL's discretion the replacement product maybe of equal or greater functionality and may be of either new or like-new quality. SonicWALL'sobligations under this warranty are contingent upon the return of the defective productaccording to the terms of SonicWALL's then-current Support Services policies.

This warranty does not apply if the product has been subjected to abnormal electrical stress,damaged by accident, abuse, misuse or misapplication, or has been modified without thewritten permission of SonicWALL.


DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALLEXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIESINCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT,SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING, LAW, USAGE,OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENTALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOTBE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTYPERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONSON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOTAPPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOUMAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TOJURISDICTION. This disclaimer and exclusion shall apply even if the express warranty setforth above fails of its essential purpose.

DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF AREPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY. INNO EVENT SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGESWHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OFPROFITS, BUSINESS INTERRUPTION, LOSS OF INFORMATION, OR OTHERPECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT,OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVEDAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITYARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWAREEVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITYOF SUCH DAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer,whether in contract, tort (including negligence), or otherwise, exceed the price paid byCustomer. The foregoing limitations shall apply even if the above-stated warranty fails of itsessential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOWLIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THEABOVE LIMITATION MAY NOT APPLY TO YOU.


About this GuideWelcome to the SonicWALL Global Security Client Administrator’s Guide. This manual provides the information you need to successfully activate, configure, and administer SonicWALL Global Security Client 1.0 running on Windows NT (SP6), Windows 2000 (SP3), Windows XP Home, and Windows XP Professional operating systems as well as the Policy Editor running on the following SonicWALL Internet Security Appliances:• SonicWALL TZ 170 running SonicOS Standard or SonicOS Enhanced 2.1.0.0

(or higher)• SonicWALL PRO Series (2040/3060/4060) running SonicOS Standard

or SonicOS Enhanced 2.1.0.0 (or higher).• SonicWALL Gen3 Products running Firmware 6.6.0.0 (or higher).You should be familiar with the features, functions, and operating characteristics of SonicWALL Internet Security Appliances.

Guide ConventionsConventions used in this guide are as follows:

Icons Used in this GuideThese special messages refer to noteworthy information, and include a symbol for quick identification:

Alert! Important information that cautions about features affecting Global Security Client performance, security features, or causing potential problems with your SonicWALL.

Tip! Useful information about security features and configurations of your Global Security Client.

Convention Use

Bold Highlights items you can select on the SonicWALL Management Interface.

Italic Highlights a value to enter into a field. For example, “type 192.168.168.168 in the IP Address field.”

Menu Item>Menu Item Indicates a multiple step Management Interface menu choice. For example, “Security Services>Content Filter means select Security Services, then select Content Filter.


Note: Important information on a feature that requires callout for special attention.

SonicWALL Technical SupportFor timely resolution of technical support questions, visit SonicWALL on the Internet at <http://www.sonicwall.com/services/support.html>. Resources are available to help you resolve most technical issues or contact SonicWALL Technical Support.

Phone: (408) 752.752.7819 (North America). For international support phone numbers visit <http://www.sonicwall.com/services/contact.html>

E-mail: [email protected]


SonicWALL Global Security ClientThe SonicWALL Global Security Client combines gateway enforcement, central management, configuration flexibility and software deployment to deliver comprehensive desktop security for remote/mobile workers and corporate networks. It offers administrators the capability to manage a mobile/remote user’s online access, based on corporate policies, to ensure optimal security of the network and maximize network resources. Instant messaging, high-risk Web sites and network file access can all be allowed or disallowed as security and productivity concerns dictate. Different remote/mobile users can be organized into adaptable groups with differing policies at a granular level.SonicWALL Global Security Client delivers a low-maintenance solution to allow network administrators to secure mobile users. Residing on the remote user’s system, the Global Security Client automatically communicates with an organization’s SonicWALL gateway back at the office when an individual logs in to the network. Prior to allowing network access, the gateway administrator automatically updates the Global Security Client with the latest security policies and software updates. No prompting or intervention is necessary by the administrator or the remote user - it’s completely seamless and transparent.Global Security Client protection includes the SonicWALL Distributed Security Client and the SonicWALL Global VPN Client Enterprise combined with centrally managed security policies via the SonicWALL Internet Security Appliance and SonicWALL’s industry-leading Distributed Enforcement Architecture (DEA).

Global Security Client Features• Multi-Pronged Protection - extends the boundaries of security by protecting the

corporate network and remote/mobile workers from malicious attacks that occur over the Internet.

• Enhanced Application Security - provides an additional layer of security by protectingorganizations against legal liabilities that occur when employees accidentally or intentionally run applications from the Internet that have been designated as “untrusted”by the network administrator.

• Policy Management - enables network administrator’s to create, distribute and manageglobal security policies for remote and mobile users from a central location. Once a newpolicy is created, it is seamlessly distributed to every system on the network with noend-user interaction required. Configuration options include specifying the minimumapplication version, policy levels and behavior for clients not in compliance.

• Gateway Enforcement - enforces security policies at the gateway to ensure the end-user’s system is in compliance before being granted access to the network. Userswithout the Global Security Client installed on their systems are redirected to a downloadsite where they must install the client before being granted access.

• Scalable Architecture - features a unique client/gateway enforcement architecture thatdelivers comprehensive security, scaling from the individual telecommuters and mobileusers up to larger, more diverse deployments with a worldwide mobile workforce.


• Low Total Cost of Ownership - addresses the needs of organizations looking to deploycomprehensive desktop security to remote/mobile workers and corporate networks whiledelivering a lower total cost of ownership through automated policy enforcement and software distribution at the gateway.

• Easy-to-Use Local Interface - includes an intuitive user interface that seamlesslyintegrates multiple applications and presents the administrator with a status page andoptional configuration functionality, offering enhanced ease of use.

• Application Reporting - includes application reporting to provide network administratorswith data on the status of the application, as well as the ability to monitor for unusualactivities and perform troubleshooting.

How SonicWALL Global Security Client WorksThe security administrator logs into the SonicWALL gateway to create security policies for all Global Security Clients using the intuitive Policy Editor interface. The Policy Editor allows the security administrator to create, edit, and deploy security policies that are automatically enforced by the SonicWALL gateway. When a remote user logs into the corporate network using the Global VPN Client Enterprise, the SonicWALL gateway seamlessly updates the user’s security policy for the Distributed Security Client to ensure the client is in full compliance with corporate security policies while establishing a secure VPN connection via the Global VPN Client Enterprise.


SonicWALL’s Distributed Enforcement Architecture (DEA) technology enables the policy enforcement capabilities that provide the framework for the Global Security Client’s complete security solution for all remote and network desktops. SonicWALL’s DEA technology enables the automatic installation of new software components, changes the configuration of different components, verifies version information, forces updates of components, informs the user which components do not meet the policy requirements, and provides user authentication for policy enforcement.

Installing Global Security ClientThe SonicWALL Global Security Client package includes the Distributed Security Client and Global VPN Client Enterprise. Global Security Client supports Microsoft Windows NT 4.0 (service pack 6 or later), Windows 2000 (service pack 3 or later) and Windows XP.

Alert! Remove any personal firewall product currently running on your computer before installing the SonicWALL Global Security Client.

Alert! If you have the SonicWALL Global VPN Client installed on your system, you must uninstall the existing program and reboot before installing the Global Security Client package.

To install the SonicWALL Global Security Client, follow these steps:1. Click on GSC.msi. The File Download dialog is displayed.

2. Click Open. The SonicWALL Global Security Client Setup Wizard is displayed. Click Next to continue.

3. In the License Agreement page, select I Agree and then click Next.

4. In the Select Installation Folder page, use the default installation folder or click Browse to specify a different location. Click Next.

5. In the Confirm Installation page, click Next to install the Global Security Client. The Global Security Client installation begins.

6. On the SonicWALL Global VPN Client Setup Complete page, you can specify Start program automatically when users log in or Launch program now, and then click Finish.

7. In the Installation Complete page, click Close.

8. Click Yes to restart your computer.


Connecting to Your Corporate NetworkAfter you install the SonicWALL Global Security Client on your computer, you can easily establish a secure VPN connection to your corporate network. Clicking on the SonicWALL Global Security Client icon on the Windows taskbar status area displays the SonicWALL Global Security Client window.

This window includes three icons: Event Viewer, Distributed Security Client, and SonicWALL Global VPN Client. You can also access the Distributed Security Client and SonicWALL Global VPN Client Enterprise programs from the Windows>Programs menu.

SonicWALL Global VPN Client EnterpriseThe SonicWALL Global VPN Client Enterprise creates a Virtual Private Network (VPN)connection between your computer and the corporate network to maintain the confidentialityof private data. The Global VPN Client Enterprise provides an easy-to-use solution forsecure, encrypted access through the Internet or corporate dial-up facilities for remote users,as well as secure wireless networking for SonicWALL SOHO TZW clients using SonicWALL’sWiFiSec technology.

The Global VPN Client Enterprise is built on the SonicWALL Global VPN Client with theadded feature of allowing organizations to share a group of Global VPN Clients acrossmultiple VPN gateways that are contained within a single license sharing group.


Note: See the SonicWALL Global VPN Client 2.1 Administrator’s Guide located at <http://www.sonicwall.com/services/documentation.html> for complete information on installing, configuring, and managing the Global VPN Client.

Custom developed by SonicWALL, the Global VPN Client Enterprise combines withGroupVPN on SonicWALL Internet Security Appliances to dramatically streamline VPNdeployment and management. Using SonicWALL’s Client Policy Provisioning technology, theSonicWALL administrator establishes the VPN connections policies for the Global VPNClients. The VPN configuration data is transparently downloaded from the SonicWALL VPNGateway (SonicWALL Internet Security Appliance) to Global VPN Clients, removing theburden of provisioning VPN connections from the user.

Creating the VPN Connection PolicyThe New Connection Wizard quickly guides you through the process of locating the sourceof your configuration information and automatically downloads the VPN configurationinformation over a secure IPSec VPN tunnel. You can configure your Global VPN ClientEnterprise for two VPN connection scenarios:

• Remote Access - Choose this scenario if you want secure access to a remote VPNgateway from any wired or wireless network. The most common use of this scenario iswhen you are at home or on the road and want access to the corporate network. Youenter the IP address or Fully Qualified Domain Name (FQDN), for examplegateway.yourcompany.com, of the VPN gateway and the Global VPN Client Enterpriseautomatically downloads the VPN connection policy from the remote SonicWALL VPNgateway.

Alert! If you are configuring the Global VPN Client Enterprise for Remote Access, make sure you have the IP address or FQDN of the remote SonicWALL VPN gateway and an active Internet connection or dial-up Internet access before using the New Connection Wizard.

• Office Gateway - Choose this scenario if you want secure access to a local SonicWALL SOHO TZW wireless network. When you create an Office Gateway VPN connection, it appears as the Peer entry of <Default Gateway> in the SonicWALLGlobal VPN Client window. You can use this single Office Gateway VPN connectionpolicy to roam securely across SOHO TZW wireless networks.

Alert! If you are configuring the Global VPN Client Enterprise for Office Gateway, make sure your wireless card is configured with the correct SSID information to access the SonicWALL SOHO TZW before using the New Connection Wizard.


Using the New Connection Wizard1. Double-click the SonicWALL Global VPN Client icon in the SonicWALL Global Security

window or choose Start>Programs>SonicWALL Global VPN Client. The first time youopen the SonicWALL Global VPN Client, the New Connection Wizard automaticallylaunches.

2. If the New Connection Wizard does not display, click the New Connection Wizard iconon the far left side of the toolbar to launch the New Connection Wizard. Click Next.


3. In the Choose Scenario page, select Remote Access or Office Gateway and then clickNext. Click on View Scenario to view a diagram of each type of VPN connection.


4. If you selected Remote Access in the Choose Scenario page, the Remote Accesspage is displayed. Type the IP address or FQDN of the gateway in the IP Address orDomain Name field. The information you type in the IP Address or Domain Name fieldappears in the Connection Name field. If you want a different name for your connection,type the new name for your VPN connection policy in the Connection Name field. ClickNext.


5. If you selected Office Gateway in the Choose Scenario page, the Completing the NewConnection Wizard page is displayed.

6. In the Completing the New Connection Wizard page select any of the followingoptions:

Select Create a desktop shortcut to this connection, if you want to create a shortcuticon on your desktop for this VPN connection.

Select Enable this connection when the program is launched, if you want toautomatically establish this VPN connection when you launch the SonicWALL GlobalVPN Client Enterprise.

7. Click Finish. The new VPN connection policy appears in the SonicWALL Global VPNClient window.


Enabling Your VPN ConnectionEnabling your VPN connection is easy and seamless using the Global VPN Client Enterprise.When you enable a VPN connection, the Distributed Security Client is automatically launchedin Managed mode on your desktop. Because both your Global VPN Client Enterprise andDistributed Security Client policies are configured and managed by the SonicWALL gateway,you do not need to do any configuration of your Global Security Client before making yourVPN connection.

Note: If you selected Enable this connection when the program is launched in the New Connection Wizard, the VPN connection is automatically established when you launch the SonicWALL Global VPN Client Enterprise.

The following steps explain how to enable the VPN connection policy you created in the previous section.1. Double-click the SonicWALL Global Security Client icon in the Windows status area to

display the SonicWALL Global Security Client window. You can also launch theSonicWALL Global VPN Client by choosing Start>Programs>SonicWALL Global VPNClient.


2. Double-click the SonicWALL Global VPN Client icon in the SonicWALL Global Security Global window. The SonicWALL Global VPN Client window is displayed.

3. Double-click the VPN connection policy or right-click the VPN connection policy icon andselect Enable from the menu.


4. Depending on the attributes for the VPN connection policy, the Enter Pre-Shared Keyor the Select Certificate dialog box may appear. See “Entering a Pre-Shared Key” onpage 17 or “Selecting a Certificate” on page 17 for instructions.

5. The VPN gateway prompts you for a username and password for authentication. In theEnter Username and Password dialog box, type your username and password. ClickOK to continue with establishing your VPN connection.


Entering a Pre-Shared KeyIf no default Pre-Shared Key is used, you must have a Pre-Shared Key provided by thegateway administrator in order to make your VPN connection. If the default Pre-Shared Keyis not included as part of the connection policy download or file, the Enter Pre-Shared Keydialog box appears to prompt you for the Pre-Shared key before establishing the VPNconnection.

1. Type your Pre-Shared Key in the Pre-shared Key field. The Pre-Shared Key is maskedfor security purposes.

2. If you want to make sure you’re entering the correct Pre-Shared Key, check Don’t hidethe pre-shared key. The Pre-Shared Key you enter appears unmasked in the Pre-shared Key field.

3. Click OK.

Selecting a CertificateIf the SonicWALL VPN Gateway requires a Digital Certificate to establish your identity for theVPN connection, the Select Certificate dialog box appears. This dialog box lists all theavailable certificates installed on your Global VPN Client Enterprise. Select the certificatefrom the menu, then click OK. If you have a certificate that has not been imported into theGlobal VPN Client Enterprise using Certificate Manager, click Import Certificate.

Note: See the SonicWALL Global VPN Client Administrator’s Guide located at <http://www.sonicwall.com/services/documentation.html> for more information on using the Certificate Manager.


Disabling a VPN ConnectionDisabling a VPN connection terminates the VPN tunnel. Right-click the VPN connectionpolicy in the SonicWALL Global VPN Client window, and select Disable.


SonicWALL Distributed Security ClientThe SonicWALL Distributed Security Client provides a full stateful packet inspection firewall on the desktop as well as IDS/IDP capabilities to detect port scans, IP spoof attempts, MAC spoof attempts, and operate in stealth mode.Double-click the Distributed Security Client icon in the SonicWALL Global Security Client window or select SonicWALL Global Security Client from the Windows Start>Programs menu to display the SonicWALL Distributed Security Client window.

In the SonicWALL Distributed Security Client window are the two default policies for the Distributed Security Client:• Local policy - This policy is enabled when the Distributed Security Client is in

Standalone mode with no VPN connection enabled. This policy can be modified at anytime.

• Distributed policy - This policy is enabled when the Distributed Security Client is inManaged mode. In Managed mode, the firewall policies are controlled by theSonicWALL Policy Editor and cannot be modified by the user.

The currently enforced policy is noted as Enabled in the Status column of the SonicWALL Distributed Security Client window. Clicking the Properties button on the toolbar or choosing View>Properties displays the properties for the currently enforced security policy.If the Distributed policy is enabled, the Distributed Security Client security policy is managed from the SonicWALL gateway. If the Local policy is enabled, the security policy settings are available for local configuration by the user for use when no VPN connection is enabled.


Standalone and Managed ModeThe Distributed Security Client operates in two modes based on whether the Local policy or Distributed policy is enabled: • Standalone mode - This is the local policy on the client that is in place when the client is

not connected to the SonicWALL VPN gateway via the Global VPN Client Enterprise. InStandalone mode, the Distributed Security Client local policy can be configured by theuser. When the Distributed Security Client is in Standalone mode, Standalone isdisplayed in the SonicWALL Distributed Security Client window status bar.

• Managed mode - This is the policy pushed down from and enforced at the SonicWALLgateway while the VPN tunnel is established. When the Distributed Security Client is inManaged mode as part of a VPN connection to the SonicWALL gateway, all firewallconfiguration options are under the control of the SonicWALL gateway. These firewallpolicies are configured using the SonicWALL Policy Editor. The local user cannotconfigure any of the Distributed Security Client settings. When the Distributed SecurityClient is in Managed mode, Managed is displayed in the SonicWALL Distributed SecurityClient window status bar.


Configuring Local PolicyThe Local policy of Distributed Security Client can be configured by the user. This allows you to define the firewall policy for your desktop when the Global VPN Client Enterprise is not connected to your corporate network. The following explains the configuration options available to Distributed Security Client users in Standalone mode.To display the Local policy firewall settings, select Local policy and click the Properties button on the SonicWALL Distributed Security Client window toolbar, or choose View>Properties. The Distributed Security Client Properties window is displayed with five tabs: Security, Advanced Rules, Application Rules, NetBIOS Settings, and Log Settings.

Alert! These settings are configurable only if the Standalone policy is enabled. Otherwise, these settings are managed by the Policy Editor on the SonicWALL gateway and the settings in the Distributed Security Client Properties window are dimmed.

SecuritySelecting Security displays the configurable security settings for the SonicWALL Distributed Security Client. After making any security setting changes, click the Apply button to save your changes.


ProtectionThe Protection settings define the security level provided by the Distributed Security Client.• Allow All - Permits the transmission of all network traffic, including the Internet, to and

from your computer system via network connections. The Allow All setting still logs alltraffic that enters or exits your system.

• Block All - Prevents all information entering or leaving your computer from any outsidesource. All network traffic is blocked from entering or leaving your computer.

• Normal - A configurable security setting that automatically blocks applications fromaccessing to your computer except those specified in the Advanced Rules andApplication Rules pages of the Distributed Security Client Properties window.

AttacksThe Attacker Seal enables the Active Response feature, which blocks all communication from a source host once an attack is detected. For instance, if the Distributed Security Client detects a DOS attack originating from an IP address, it blocks any and all traffic from that IP for the duration specified in the Seconds field.

Anti-IP (Anti-IP Spoofing)IP spoofing is a process used by hackers to hijack a communication session between two computers. A hacker can send a data packet that causes Computer A to drop the communication. Then, pretending to be Computer A, the hacker can communicate with Computer B, thus hijacking a communication session and attempting to attack Computer B.Anti-IP spoofing foils most IP spoofing attempts by randomizing the sequence numbers of each communication packet, preventing a hacker from anticipating a packet and intercepting it.

Anti-MAC (Anti-MAC Spoofing)Like IP spoofing, hackers can use MAC spoofing to attempt to hijack a communication session between two computers in order to hack one of the machines. MAC (media access control) addresses are hardware addresses that identify computers, servers, routers, etc. When Computer A wishes to communicate with Computer B, it may send an ARP (Address Resolution Protocol) packet to the computer. The Anti-MAC spoofing feature blocks any ARP packets sent to your computer. This way, hackers attempting to determine your MAC address will be blocked from doing so. If you request an ARP packet, SonicWALL Distributed Security Client will allow it.

Stealth (Stealth Mode Browsing)Stealth mode refers to a computer that is hidden from other computers while on a network. A computer on the Internet, for example, if in stealth mode cannot be detected by port scans or communication attempts, such as ping. If you enable the Stealth feature, your computer will be invisible to other computers on any network you’re connected to.


Port Scanner (Port Scan Detection)Port scanning is a popular method that hackers use to determine which of your computer’s ports are open to communication. Ports are dynamically blocked in the Distributed Security Client, and are protected from hacking attempts. The Port Scanner feature detects if someone is scanning your ports, and notifies you. If disabled, Distributed Security Client does not detect scans or notify you of scans but still protects your ports from hacking attempts.

Pre-StartPre-Start prevents any traffic from entering or leaving your computer during the precious seconds between the time that your computer turns on and the Distributed Security Client is launched. This time frame is a small security hole that can allow unauthorized communication. Enabling Pre-start prevents possible Trojan Horses or other unauthorized applications from communicating with other computers. This includes initial DHCP and NetBIOS traffic so that the agent can obtain an IP address and log on to a domain.

NetBIOS ProtectionNetBIOS Protection blocks all communication from computers located outside of your subnet range. A subnet is a group of computers that connect to the same gateway. If your computer is located on an office network, then other computers in your office are most likely on your subnet. If you connect to the Internet using an ISP, your subnet may be very large. NetBIOS traffic is blocked on UDP ports 88, 137, and TCP ports 135, 139, 445, and 1026.


Advanced RulesThe Advanced Rules page allows you to create and manage firewall filter rules.

Creating a RuleTo create a firewall filter rule, you must first specify the kind of traffic that should be affected by the rule. There are several different characteristics of traffic, each of which you can use to specify the kind of traffic that you want to control.

Note: You can create an unlimited number of advanced rules for the Local policy as well as the Distributed policy from the Policy Editor.

To create a new rule, follow these steps:


1. Click New. The New Advanced Rule dialog box is displayed.

2. Enter a name for your rule in the Rule field. This is the name displayed in the Rules list.

3. Configure the following settings to specify the characteristics of the traffic.

Action - Select Block to block the specified traffic or Allow to allow the specified traffic.

Direction - Select one of the traffic direction options: Inbound or Outbound.

Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP.

Details - Specify the port number(s), and IP address(es). To enter a range, separate the first and last port numbers or IP addresses with a comma; for example, 59153, 59160.

4. After specifying your rule settings, click OK.

5. Click Apply to save your changes.

Modifying RulesTo modify a rule, follow these steps:1. Select the rule in the Rules list

2. Click Edit. The Edit Advanced Rule dialog box is displayed. This dialog box includes the same settings as the New Advanced Rule dialog box.

3. Modify any of the following settings to specify the characteristics of the traffic.

Action - Select Block to block the specified traffic or Allow to allow the specified traffic.

Direction - Select one of the traffic direction options: Inbound or Outbound.

Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP.

Details - Specify the port number(s), and IP address(es). To enter a range, separate the first and last port numbers or IP addresses with a comma; for example, 59153, 59160.

4. Click OK.

5. Click Apply.


Deleting a RuleTo delete a rule, select the rule in the Rules list, and then click the Delete button. Click Apply to save your changes.

Defining Rule PriorityThe first rule in the Rules list supersedes the rule below it. You can rearrange the order of your rules by selecting the rule and then clicking the Up or Down button.

Application RulesThe Application Rules page allows you to configure security settings for each application on your application list by setting certain restrictions on which IPs and Ports an application can use.


Adding an Application1. Select New Application in the Applications list.

2. Click the Browse button to locate the executable application file on your system.

3. Enter trusted IP addresses or IP ranges in the Trusted Host IP Address (es) field. This IP address or range of IP addresses become trusted for this application. This means that anything arriving from this IP address or range of IP addresses are trusted if the traffic is in the form of the specified application.

4. Select Allow or Block from the Action menu to specify whether you want to allow or block the traffic for this application.

5. Enter the TCP and UDP port or port range(es) in the TCP Port and UDP Port fields in the Local and Remote sections that can be utilized for this application.

6. Select Screen Saver On to allow network access to the selected application during screensaver mode.

7. Select ICMP to allow Internet Control Message Protocol.

8. Click Apply to save your changes.

Modifying an Application RuleTo modify an application, select the application in the Applications list, make your changes, and then click Modify. Click Apply to save your changes.

Deleting an Application RuleTo delete an application, select the application in the Application list, and then click Delete. Click Apply to save your changes.

NetBIOS SettingsThe NetBIOS Settings page displays the network interfaces on your computer recognized and protected by the Distributed Security Client. The SonicWALL Virtual Adapter entry is the interface for the SonicWALL Global VPN Client Enterprise application.


The NetBIOS Settings page allows you to enable or disable Windows Browse and Share networking services for each network interface. Check the Enable box to enable the service on the interface or unselect the Enable checkbox to disable the service.


Log SettingsThe Log Settings page allows you to specify the maximum, Security Log, and Traffic Log file size and the days to keep the log file. The default Maximum log file size for all three logs is 512K. The default Days to keep is 30 days. To change any log setting, enter the new Maximum log file size and/or Days to keep values, and then click Apply.


LogsIn the Distributed Security Client, a log is a record of information attempting to enter or exit your computer through your network connection. Logs are an important method for tracking your computer’s activity and interaction with other computers and networks. They are particularly useful in detecting potentially threatening activity, such as port scanning, which is aimed at your computer. To view these logs, click the Logs button on the Distributed Security Client window toolbar and select either Security or Traffic or choose View>Logs. • The Security log records potentially threatening activity directed towards your computer,

such as port scanning, or denial of service attacks. This log is probably the mostimportant log file in the Distributed Security Client.

• The Traffic log records every packet of information that enters or leaves a port on your computer.


Event ViewerDouble-clicking the Event Viewer icon in the SonicWALL Global Security Client window displays the Event Viewer window.

The Event Viewer window provides access to the following Global Security Client event logs:• Application - Contains events logged by applications or programs.• Security - Records events such as valid and invalid logon attempts, as well as events

related to resource use such as creating, opening, or deleting files or other objects. • System - Contains events logged by Windows system components. For example, the

failure of a driver or other system component to load during startup is recorded in thesystem log. Records all operational changes, such as the starting and stopping ofservices, detection or network applications, software configuration modifications, andsoftware execution errors. This log is especially useful for troubleshooting.

• SonicWALL Global Security Client - Displays Global Security Client eventscategorized as Information, Error, Success Audit or Warning.

Note: The Application, Security, and System Event Viewer functions are part of the Windows operating system. See your Windows documentation for more information on the Event Viewer.


Configuring Log PropertiesSelect the Event Log you want to configure, then click the Properties button on the Event Viewer window toolbar or select Action>Properties. The Properties window for the log is displayed.The General tab provides settings for storing and naming the log file, log size, and log actions. The Filter tab provides the settings for defining what log events are captured.These settings are the same for all log event categories, except the options in the Event source menu.

Managing Log FilesThe following are common log file management options available from the Action menu in the Events Viewer window:• Saving Log Files - You can save a log file by selecting the event log, then choosing

Action>Save Log File As. Navigate to where you want to store the log file, enter a namefor your log file in the File name field, then click Save. The file is saved with the .evtfilename extension.

• Exporting a Log - You can export a log file as a text file by choosing Action>ExportList. Select the text formatting options from the Save as type menu, and click Save. Youcan also click on the Export List button on the toolbar.

• Renaming a Log - You can rename a log file by choosing Action>Rename.• Clearing a Log - You can clear a log of all events by choosing Action>Clear all Events.• Opening a Log File - To open an existing log file, choose Action>Open Log File.• Refreshing a Log - You can refresh a log by choosing Action>Refresh or clicking the

Refresh button on the toolbar.

Customizing Log ViewsThe View menu in the Event Viewer window provides the following options for changing the way logs are displayed.• Add/Remove Columns - Allows you to define the columns displayed for the log and in

what order they are displayed.• All Records - Displays all records captured by the log.• Filter - Displays the Filter tab in the Properties window for specifying the event types

captured by the log.• Newest First - Displays the most recent events at the top of the Event Viewer.• Oldest First - Displays the oldest events at the top of the Event Viewer.• Find- Allows you to search the log for a specific event.

Customizing the Event Viewer Window LayoutChoosing View>Customize allows you to customize the layout of the Event Viewer window.


Configuring Security Policies with the Policy EditorThe Policy Editor and Policy Server architecture introduces the ability to configure client policies through the SonicWALL Internet Security Appliance. The SonicWALL Administrator defines the remote Distributed Security Client security policies from the Policy Editor.These security policies are enforced by the SonicWALL to ensure the remote desktop is secured by the Distributed Security Client before allowing the VPN connection via the Global VPN Client Enterprise.

Note: You can create only a single security policy for all your Global Security Clients.

Tip! The Policy Editor settings are the same for SonicWALL Appliances running SonicOS 2.1.x or Firmware 6.6.x.


Accessing the Policy Editor (Firmware 6.6.x)To access the Policy Editor in the SonicWALL Management Interface:1. Select General>Security Services.

2. Click the Activate your SonicWALL Security Service Subscription link. The mySonicWALL.com Login page is displayed.

3. Enter your mySonicWALL.com account username and password in the User Name and Password fields, then click Submit.

4. Click the Edit Policy button below the Manage Services Online table. The Global Security Client>Summary page is displayed.


Accessing the Policy Editor (SonicOS 2.1.x)To access the Policy Editor in the SonicWALL Management Interface:1. Select System>Licenses.

2. Click the To Activate, Upgrade, or Renew services, click here link. The mySonicWALL.com Login page is displayed.

3. Enter your mySonicWALL.com account username and password in the User Name and Password fields, then click Submit.

4. Click the Edit Policy button below the Manage Services Online table. The Global Security Client>Summary page is displayed.

Alert! The Policy Editor button appears only if you have activated your Global Security Client licenses. See “Global Security Client Licensing” on page 49 for more information.

Getting HelpClicking the ? on the top right of the SonicWALL Management Interface page displays online help for the page.


Global Security Client>SummaryThe Global Security Client>Summary page includes the Active Policy and Policy Being Edited sections. The Deployed Policy section shows the current active/deployed policy, its version and date.The Policy Being Edited section shows the policy being edited as well as the policy Version number and Last Modified Date of the policy. Changes can be made to policy without deploying it until you click Deploy.


Clicking the View buttons show the policy template in XML format that is a read-only version. You can view the current active version by clicking the View button under the Active Policy table. You can view the policy being edited by clicking the View button under the Policy Being Edited.

Editing a Security PolicyClicking the Edit button in the Policy Being Edited section of the Global Security Client>Summary page access the settings for configuring a policy.

Deploying a Security PolicyOnce you have configured the security policy for the Distributed Security Clients, you can deploy the policy by clicking Deploy. To make the newly deployed policy take effect immediately, do a synchronization by selecting the Security Services>Summary page, and then clicking the Synchronize button in the Security Services Settings section.


Global Security Client>Groups and ServicesClicking the Edit button in the Policy Being Edited table displays the Groups and Services page.

Policy Polling FrequencyPolicy Polling Frequency defines the frequency the SonicWALL checks the policy on all clients. The default value is 60 minutes. After you deploy a policy and click on the Synchronize button in the Security Services Settings section, the new policy is obtained by all connected Global Security Clients according to the value in the Policy Polling Frequency field.

ServicesThe Services section lists the available services for the Global Security Client with access to the configuration options for the service. Clicking on the Edit icon in the Configure column for Distributed Security Client allows you to configure security policies enforced by the Policy Editor for Distributed Security Clients on the remote desktops.


Configuring the Distributed Security ClientClicking the Notepad icon for Distributed Security Client in the Services table on the Groups and Services page, displays the Distributed Security Client page. This page includes the settings for configuring the client Distributed Security Client policy enforcement options.

General SettingsThe Version menu allows you to define what version of the Distributed Security Client the client must be running to allow remote access. You can choose a specific version or latest from the Version menu.

SecurityThe Security section allows you to specify the Distributed Security Client security features to enforce on your clients. These settings correspond to those that are listed in the desktop Distributed Security Client client when it is in Standalone mode.Each Security feature has a default setting, but you can specify Enable or Disable for each Security feature in the Action column to make any changes to your Distributed Security Client policy.


Anti-IP (Anti-IP Spoofing) IP Spoofing is a process used by hackers to hijack a communication session between two computers. A hacker can send a data packet that causes Computer A to drop the communication. Then, pretending to be Computer A, the hacker can communicate with Computer B, thus hijacking a communication session and attempting to attack Computer B. Anti-IP spoofing foils most IP spoofing attempts by randomizing the sequence numbers of each communication packet, preventing a hacker from anticipating a packet and intercepting it.

Anti-MAC (Anti-MAC Spoofing)Anti-MAC Spoofing is like IP spoofing, hackers can use MAC spoofing to attempt to hijack a communication session between two computers in order to hack one of the machines. MAC (media access control) addresses are hardware addresses that identify computers, servers, routers, etc. When Computer A wishes to communicate with Computer B, it may send an ARP (Address Resolution Protocol) packet to the computer. The anti-MAC spoofing feature blocks any ARP packets sent to your computer. This way, hackers attempting to determine your MAC address will be blocked from doing so. If you request an ARP packet, SonicWALL Global Security Client will allow it.

Port Scanner (Port Scan Detection)Port scanning is a popular method that hackers use to determine which of your computer’s ports are open to communication. Ports are dynamically blocked in Global Security Client, and are protected from hacking attempts. This feature detects if someone is scanning your ports, and notifies you. If disabled, Global Security Client will not detect scans or notify you of them but will still protect your ports from hacking attempts.

Stealth (Stealth Mode Browsing)Stealth mode is a term used to describe a computer that is hidden from other computers while on a network. A computer on the Internet, for example, if in stealth mode cannot be detected by port scans or communication attempts, such as ping. If you enable this feature, your computer will be invisible to other computer on any network you’re connected to.

Pre-StartPre-Start prevents any traffic from entering or leaving your computer during the precious seconds between the time that you machine turns on and the Distributed Security Client is launched. This time frame is a small security hole that can allow unauthorized communication. Enabling this feature prevents possible Trojan Horses or other unauthorized applications from communicating with other computers.

NetBIOS ProtectionNetBIOS Protection blocks all communication from computers located outside of your subnet range. A subnet is a group of computers that connect to the same gateway. If your computer is located on an office network, then other computers in your office are most likely on your subnet. If you connect to the Internet using and ISP, your subnet may be very large. NetBIOS traffic is blocked on UDP ports 88, 137, and TCP ports 135, 139, 445, and 1026.


Alert! Because this option can interfere with the functioning of Windows applications, it is recommended that only users who have a firm understanding of Windows and DLLs enable this feature.

Advanced RulesThe Advanced Rules section allows you specify rules for special Distributed Security Client filtering. You create new rules by clicking on the Add button. You can arrange the order of rules in the Advanced Rules table by clicking on the Up or Down links in the Configure column.

Specifying the Default ActionThe Default Action menu allows you to select the default security level of the SonicWALL Distributed Security Client. You can choose one of the following options:• Normal - A configurable security setting that automatically blocks applications from

accessing to your computer except those specified in Advanced Rules and ApplicationRules.

• Block All - Prevents all information entering or leaving your computer from any outsidesource. All network traffic is blocked from entering or leaving your computer.

• Allow All - Permits the transmission of all network traffic, including the Internet, to andfrom your computer system via network connections. The Allow All setting still logs alltraffic that enters or exits your system.


Adding a Rule1. Click the Add button. The Advanced Rule window is displayed.

2. Enter the new rule name in the Name field.

3. Select the Protocol option (TCP, UDP, or ICMP) from the Protocol menu.

4. Specify the local and/or remote port number or range in the Port/Type field. Separate the beginning and ending port numbers in a range with a comma.

5. Enter the IP address or IP address range in the IP field.

6. Select Inbound, Outbound or Both from the Direction menu.

7. Select Allow or Block from the Action menu to specify the traffic direction of the filter action.

8. Click Apply. The new rule is displayed in the Advanced Rules table in the Global Distributed Security Client page

The Advanced Rules table displays all your added rules by Name, Protocol, Port/Type, IP, Type, Direction, and Action.

Modifying or Deleting a RuleClicking the Notepad icon in the Configure column allows you to edit the rule.Clicking the Trashcan icon in the Configure column deletes the rule.


ApplicationsThe Applications section allows the administrator to allow or block specific applications on the client desktop for use through the VPN connection.

Allowing or Blocking ApplicationsThe Applications table displays a set of default common applications that you can Allow or Block in the Action column.

Deleting and ApplicationYou can delete an application by clicking the Trashcan icon in the Delete column.

Adding an ApplicationYou can add additional applications to block or allow. To add an application, follow these steps:1. Enter the executable filename for the application in the Executable field.

2. Enter an optional description of the application in the Description field.

3. Click the Add Application button. The application is added to the Applications table.

4. Specify Allow or Block in the Action column of the Applications table.

5. Click Apply.


Enforcing Distributed Security Client ActivationFor VPN connections from SonicWALL Global VPN Client Enterprise clients, you configure the GroupVPN settings on the SonicWALL Gateway. To enforce the use of the Distributed Security Client in conjunction with the Global VPN Client Enterprise client, you enable the Require Distributed Security Client Activation to enforce the Distributed Security Client for the specified VPN connection.

Note: See your SonicWALL Administrator’s Guide for complete GroupVPN configuration instructions.


SonicOS 2.1.xTo require and enforce the Distributed Security Client policy on the Global VPN Client Enterprise user’s desktop before allowing a VPN connection, follow these steps to configure the GroupVPN policy on your SonicWALL:1. Select the VPN>Settings page in the SonicWALL Management Interface.

2. Click the Notepad icon for GroupVPN in the VPN Policies table. The VPN Policy window is displayed.

3. Click the Client tab.

4. Check Require Distributed Security Client for this Connection.

5. Click OK.


Alert! If the Global Security Client is not activated on your SonicWALL, you cannot enable Require Distributed Security Client, and an error message is displayed.

If a Global VPN Client Enterprise user without the SonicWALL Distributed Security Client activated attempts to make a VPN connection to a SonicWALL VPN Gateway with the Require Distributed Security Client Activation enabled, the error message “Distributed Security Client is not running. Unable to connect. “is displayed.

Firmware 6.6.xTo require and enforce the Distributed Security Client policy on the Global VPN Client Enterprise user’s desktop before allowing a VPN connection, follow these steps to configure the GroupVPN policy on your SonicWALL1. Select the VPN>Configure page in the SonicWALL Management Interface.

2. Click the Client Settings button. The VPN Client Settings window is displayed.

3. Check Require Distributed Security Client for this Connection.

4. Click OK.

5. Click Update.


Global VPN Client Enterprise License Sharing License Sharing allows you to distribute the Global VPN Client Enterprise among multipleSonicWALL gateways. License sharing assigns a License Sharing Group (LSG) to aSonicWALL from which this feature is activated. You can then add other SonicWALLs to theLSG, by their serial numbers and assign them Global VPN Client Enterprise licenses from thepool of remaining available licenses in the LSG. To set up a License Sharing Group for the Global VPN Client Enterprise, follow these steps:1. In the System>Licenses page of the SonicWALL Management Interface, click the click

here in To Activate, Upgrade, or Renew services click here in the Manage SecurityServices Online. The mySonicWALL Login page is displayed

2. Enter your mySonicWALL.com account username and password in the User Name and Password fields, then click Submit. The System>Licenses page is displayed. If your SonicWALL is already connected to your mySonicWALL.com account, the System>Licenses page appears.

3. Click Share in the Manage Service column for Global VPN Client Enterprise in the Manage Services Online table.

4. Click the Share button.

5. Type the serial number of the SonicWALL that you want to share licenses from in thePlease enter serial number of the appliance, you want to add to your LicenseSharing Group field.

6. Click Submit. The SonicWALL is added as the Group Creator to the License SharingGroup.

Tip! The SonicWALL appliance must be registered at <http://www.mysonicwall.com> before it can be added to the License Sharing Group.

7. To add a SonicWALL that you want to distribute licenses, enter the SonicWALL serialnumber in the Appliance SN field and click Add. The SonicWALL is added to the LicenseSharing Group.

8. To distribute licenses between the SonicWALLs, type the number of licenses you wantto share for the second SonicWALL into the Licenses field, and click Update. Repeat foreach SonicWALL appliance. The distributed number of licenses is displayed for eachSonicWALL.

Alert! SonicWALLs with currently active licenses cannot be added to the License Sharing Group. To share previously activated licenses among multiple SonicWALLs, contact SonicWALL technical support.

You can also remove a SonicWALL appliance or redistribute the number of licenses between the SonicWALL appliances. To remove a SonicWALL appliance, click Remove next to the


SonicWALL serial number. To redistribute licenses, type the new number of licenses into the License field and click Update. Repeat for each SonicWALL appliance. The License Availability information changes as you change the license distribution or add more SonicWALLs.


Global Security Client LicensingThe SonicWALL Global Security Client allows you to install the Global VPN Client Enterprise and Distributed Security Client. SonicWALL Global VPN Client Enterprise is licensed on a per connection basis. That means a 5 pack of Global Security Client gives the customer 5 concurrent Global VPN Client Enterprise connections on the SonicWALL. SonicWALL Distributed Security Client licensing is licensed on a per client basis. A 5 pack of Global Security Client allows you to install Distributed Security Client on 5 computers. The Distributed Security Client license is for subscription.If you do not have SonicWALL Global Security Client activated on your SonicWALL, you must purchase Global Security Client from a SonicWALL reseller or your mySonicWALL.com account (limited to customers in the USA and Canada only).

mySonicWALL.commySonicWALL.com delivers a convenient, one-stop resource for registration, activation, and management of your SonicWALL products and services. Your mySonicWALL.com account provides a single profile to do the following:

• Register your SonicWALL Internet Security Appliances• Purchase/Activate SonicWALL Security Services and Upgrades• Receive SonicWALL firmware and security service updates and alerts• Manage (change or delete) your SonicWALL security services• Access SonicWALL Technical SupportCreating a mySonicWALL.com account is easy and FREE. Simply complete an online registration form. Once your account is created, you can register SonicWALL Internet Security Appliances and activate any SonicWALL Security Services associated with the SonicWALL.

Your mySonicWALL.com account is accessible from any Internet connection with a Web browser using the HTTPS (Hypertext Transfer Protocol Secure) protocol to protect your sensitive information. You can also access mySonicWALL.com license and registration services directly from the SonicWALL management interface for increased ease of use and simplified services activation.

If you activated Global Security Client at mySonicWALL.com, the Global Security Client, activation is automatically enabled on your SonicWALL within 24-hours or you can click the Synchronize button on the Security Services>Summary page to update your SonicWALL.


Activating Global Security Client Licenses on Your SonicWALLIf you have the Activation Key for your SonicWALL Global Security Client and a mySonicWALL.com account, use the following steps to activate the Global Security Client from the SonicWALL Internet Security Appliance management interface.1. In the System>Licenses page of the SonicWALL Management Interface, click the click

here in To Activate, Upgrade, or Renew services click here in the Manage SecurityServices Online.

2. In the mySonicWALL Login page, enter your mySonicWALL.com account username and password in the User Name and Password fields, then click Submit. The System>Licenses page is displayed. If your SonicWALL is already connected to your mySonicWALL.com account, the System>Licenses page appears.

Note: Each Activation Key activates both the Global VPN Client Enterprise and Distributed Security Client licenses. You enter the Activation Key for the Distributed Security Client and the Global VPN Client Enterprise license is automatically added.

3. Click Upgrade in the Manage Service column for Distributed Security Client in the Manage Services Online table.

4. Type the Activation Key in the New License Key field for each Global Security Client (Distributed Security Client and Global VPN Client Enterprise).

5. Click Submit. Your Global Security Clients are activated. The number of Global VPN Client Enterprise and Distributed Security Client licenses appear in the Count column of the Manage Services Online table on the System>Licenses page. The expiration date for the Distributed Security Client is displayed in the Expiration column.


IndexAAdvanced Rules 24

Creating a Rule 24Deleting a Rule 26Modifying a Rule 25

Application RuleDeleting 27

Application Rules 26Adding an Application 27Deleting 27Modifying an Application 27

CConfiguring the Local Policy 21Creating a VPN Connection 9DDisabling a VPN Connection 18Distributed Security Client 19

Distributed Policy 19Local Policy 19Managed Mode 20Standalone Mode 20

EEnabling a VPN Connection

Pre-Shared Secret 17Selecting a Certificate 17

Enforcing Distributed Security Client Activation 44Event Viewer

Customizing Log Views 32Events Viewer 31

Application Log 31Configuring Log Properties 32Customizing Event Viewer Window Layout 32Managing Log Files 32Security Log 31SonicWALL Global VPN Client Log 31System Log 31


GGlobal Security Client

About 5Activating Licenses 50Distributed Enforcement Architecture 7Features 5How it Works 6Licensing 49

Global VPN Client Enterprise 8Default Gateway 9Enabling a VPN Connection 14License Sharing 47New Connection Wizard 9Office Gateway 9Remote Access 9SSID 9

IInstalling Global Security Client 7LLog Settings 29

Security Log 29Traffic Log 29

Logs 30NNetBIOS Settings 27

Browse 28Share 28SonicWALL Virtual Adapter 27

PPolicy Editor 33

Accessing in Firmware 6.6.0.x 34Accessing in SonicOS 35Adding a Rule 42Adding an Application 43Allowing or Blocking an Application 43Configuring Distributed Security Client Policy 39Deploying a Security Policy 37Editing a Security Policy 37Enable/Disable Security Features 39Groups and Services 38Policy Polling Frequency 38Specifying Default Action 41Summary 36Version Control 39


SSecurity 21

Anti-IP Spoofing 22Anti-MAC Spoofing 22Attacker Seal 22NetBIOS Protection 23Port Scanner 23Pre-Start 23Protection Settings

Allow All 22Block All 22Normal 22

Stealth Mode Browsing 22

© 2002 SonicWALL, I n c . SonicWALL is a registered trademark of SonicWALL, I n c . Other product and company names mentioned herein may bet rademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.

T: 408.745.9600F: 408.745.9300

www.sonicwall.comSonicWALL,Inc.1143 Borregas AvenueSunnyvale,CA 94089-1306

P/ N 232- 000510- 00Rev A 03/ 04

Documents

OO S o n i c W ALL Global Security Client Administrator's ...software.sonicwall.com/.../VPNClient/documentation/GSCAdminGuide.pdf · OO S o n i c W ALL Global Security Client Administrator's