Scribd
Upload
87 views

Global VPN Client (GVC) Using SSL Authentication

This document provides instructions for configuring Global VPN Client (GVC) on a SonicWall firewall to use SSL authentication. The key steps are: 1. Enable GVC and select IKE using 3rd Party Certificate for authentication. 2. Import an SSL certificate onto the firewall if one does not already exist. 3. Select the certificate and set filters for peer ID type like email, domain name or distinguished name. 4. Import the same SSL certificate used on the firewall onto client computers to authenticate the GVC connection using SSL.

Uploaded by

Ricardo Martinez
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
87 views

Global VPN Client (GVC) Using SSL Authentication

This document provides instructions for configuring Global VPN Client (GVC) on a SonicWall firewall to use SSL authentication. The key steps are: 1. Enable GVC and select IKE using 3rd Party Certificate for authentication. 2. Import an SSL certificate onto the firewall if one does not already exist. 3. Select the certificate and set filters for peer ID type like email, domain name or distinguished name. 4. Import the same SSL certificate used on the firewall onto client computers to authenticate the GVC connection using SSL.

Uploaded by

Ricardo Martinez
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

View Page online: https://www.sonicwall.

com/es-mx/support/knowledge-base/global-vpn-client-gvc-using-ssl-authentication/170504421747674/

Global VPN Client (GVC) using SSL


Authentication
Description
- Configuration for Global VPN Client (GVC) using SSL Authentication on SonicWall Firewall (UTM)

Resolution
1. Enable GVC on the SonicWall Firewall
- Go to VPN | Settings | Check Enable VPN | Click Enable Next to WAN GroupVPN | Click Accept

2. Click Edit Next to WAN GroupVPN


3. Click General Tab | Change Authentication Method to IKE using 3rd Party Certificate
4. Select Personal Certificate on Gateway Certificate
- This will not work if you do not have a SSL on the SonicWall Firewall (UTM) from a certificate authority
- If Certificate does not exist on the UTM either create new certificate using the following article or export
.pfx file from external device that SSL has been created and import the .pfx file to the UTM:

https://support.SonicWall.com/kb/189791

5. Select Peer ID Type


E-mail ID and Domain Name

- The Email ID and Domain Name types are based on the certificate's Subject Alternative Name field, which
is not contained in all certificates by default
- If the certificate does not contain a Subject Alternative Name field, this filter will not work
- The E-Mail ID and Domain Name filters can contain a string or partial string identifying the acceptable
range required
- The strings entered are not case sensitive and can contain the wild card characters * (for more than 1
character) and ? (for a single character)
- For example, the string *@yourdomain.com when E-Mail ID is selected, would allow anyone with an
email address that ended in yourdomain.com to have access
- The string *subdomain.yourdomain.com when Domain Name is selected, would allow anyone with a
domain name that ended in subdomain.yourdomain.com to have access
Distinguished Name

- Distinguished Name are based on the certificates Subject Distinguished Name field, which is contained in
all certificates by default
- Valid entries for this field are based on country (c=), organization (o=), organization unit (ou=), and /or
commonName (cn=)
- Up to three organizational units can be specified
- The usage is c=*;ou=*;cn=*
- The final entry does not need to contain a semi-colon
- You must enter at least one entry, i.e. c=us

6. If Allow Only Peer Certificates Signed by Gateway Issuer is checked the SSL added to the clients GVC
client will need to be the same as the SSL used on the UTM in the Gateway Certificate Field.
7. Verify Proposals, Advanced and Client settings are set correctly for the settings in your users GVC client.
8. Click OK

9. Open GVC on client computer | Click View | Certificates

10. Select Certificate Group: User Certificates | Click Import


11. Select the certificate (*file can be .cer, .crt, .pem, .der, .pfx, .p12 or .p7b) | Click Open
12. Click OK | Click Close
- GVC connection should now authenticate using SSL

You might also like