Global VPN Client (GVC) using SSL Authentication
06/25/2024 1,251 People found this article helpful 495,801 Views
Description
- Configuration for Global VPN Client (GVC) using SSL Authentication on SonicWall Firewall (UTM)
Resolution
1. Enable GVC on the SonicWall Firewall
- Go to VPN | Settings | Check Enable VPN | Click Enable Next to WAN GroupVPN | Click Accept
2. Click Edit Next to WAN GroupVPN
3. Click General Tab | Change Authentication Method to IKE using 3rd Party Certificate
4. Select Personal Certificate on Gateway Certificate
- This will not work if you do not have a SSL on the SonicWall Firewall (UTM) from a certificate authority
- If Certificate does not exist on the UTM either create new certificate using the following article or export .pfx file from external device that SSL has been created and import the .pfx file to the UTM:
5. Select Peer ID Type
- E-mail ID and Domain Name
- The Email ID and Domain Name types are based on the certificate's Subject Alternative Name field, which is not contained in all certificates by default
- If the certificate does not contain a Subject Alternative Name field, this filter will not work
- The E-Mail ID and Domain Name filters can contain a string or partial string identifying the acceptable range required
- The strings entered are not case sensitive and can contain the wild card characters * (for more than 1 character) and ? (for a single character)
- For example, the string *@yourdomain.com when E-Mail ID is selected, would allow anyone with an email address that ended in yourdomain.com to have access
- The string *subdomain.yourdomain.com when Domain Name is selected, would allow anyone with a domain name that ended in subdomain.yourdomain.com to have access
- Distinguished Name are based on the certificates Subject Distinguished Name field, which is contained in all certificates by default
- Valid entries for this field are based on country (c=), organization (o=), organization unit (ou=), and /or commonName (cn=)
- Up to three organizational units can be specified
- The usage is c=*;ou=*;cn=*
- The final entry does not need to contain a semi-colon
- You must enter at least one entry, i.e. c=us
6. If Allow Only Peer Certificates Signed by Gateway Issuer is checked the SSL added to the clients GVC client will need to be the same as the SSL used on the UTM in the Gateway Certificate Field.
7. Verify Proposals, Advanced and Client settings are set correctly for the settings in your users GVC client.
9. Open GVC on client computer | Click View | Certificates
10. Select Certificate Group: User Certificates | Click Import
11. Select the certificate (*file can be .cer, .crt, .pem, .der, .pfx, .p12 or .p7b) | Click Open
12. Click OK | Click Close
- GVC connection should now authenticate using SSL
Related Articles
Categories