Dell SonicOS User Manual

SonicOS
Dell SonicWALL GVC 4.9 Release Notes
Global VPN Client
Release Notes

Contents

Release Purpose ........................................................................................................................................................... 1
Pre-Installation Recommendations ............................................................................................................................... 1
Platform Compatibility ................................................................................................................................................... 1
Known Issues ................................................................................................................................................................ 2
Resolved Issues ............................................................................................................................................................ 2
Troubleshooting ............................................................................................................................................................. 3

Release Purpose

Dell SonicWALL Global VPN Client 4.9 provides the f oll owing updates:
Improved support for client machines running Windows 8 and 8.1
Removal of the Office Gateway connection t ype from the New Connection Wizard; this option was used to
create WiFi connections over IPsec, and is not needed with secure wireless access points
Refreshed user interface

Pre-Installation Recommendations

Dell SonicWALL strongly recommends you follow t hese steps before installing the Global VPN Client (GVC) 4.9 client:
Dell SonicWALL GVC encounters run time conflicts when it co-exists with any 3rd party IPsec VPN clients. Uninstall all IPsec VPN clients prior to installing Dell SonicWALL GVC.
For Vista systems, it is required that you updat e device drivers for each Network Adapter card to t he l atest available versions. You can check the NIC vendor Web site for these updates.

Platform Compatibility

Dell SonicWALL GVC 4.9 supports both 32-bit and 64-bit client machines.

Supported Windows Clients:

The following versions of Microsoft Win dows are supported by Dell SonicWALL GVC 4.9:
Windows 8.1
Windows 8.0
Windows 7
Windows Vista
Windows XP
Note: The following operating systems and platforms are not supported:
ARM based devices, including the ARM based Surface tablet
The Preview version of the Windows 8.1 Tablet OS
Windows 2000, Windows NT 4.0, Windows ME , Windows 98, or Windows 95
P/N 232-002319-00 Rev A
2
Dell SonicWALL GVC 4.9 Release Notes
Release Notes

Supported SonicOS Firmware:

Symptom
Condition / Workaround
Issue
The SHA256 and AES-XCBC authentication
Occurs when SHA256 or AES-XCBC is selected
125750 Symptom
Condition / Workaround
Issue
Global VPN Client installation has problems on
Occurs when attempting to install GVC on
None
The Dell SonicWALL GVC 4.9 release is compatible with the following firmware releases:
SonicOS Enhanced 2.0.0.2 and above
SonicOS Standard 2.0.0.2 and above

Supported Dell SonicWALL Appliances:

The Dell SonicWALL GVC 4.9 release supports the f ollowing Dell SonicWALL appliance platforms:
SuperMassive 9000 series
SuperMassive 10,000 series
NSA E-Class series
NSA series
TZ series

Known Issues

The following is a known issue in the Dell SonicWALL GVC 4.9 release.
modes are not supported by Global VPN Client.
on the Dell SonicWALL appliance as the authentication mode.

Resolved Issues

The following issue is resolved in the Dell SonicWALL GV C 4.9 release:
Windows 8 and 8.1.
Windows 8 or 8.1 client machines.
P/N 232-002319-00 Rev A
3
Dell SonicWALL GVC 4.9 Release Notes
Release Notes

Troubleshooting

The following is the troubleshooting procedure f or the Dell SonicWALL GVC 4.9 release:
Trouble Shooting Process for GVC:
P/N 232-002319-00 Rev A
4
Dell SonicWALL GVC 4.9 Release Notes
Release Notes
Note: If you need to debug run time problems after a successful Dell SonicWALL GVC install, refer to the Dell SonicWALL GVC logs to detect the error condition(s). Some problems may also require information from the firewall logs. Reporting Dell SonicWALL GVC run time problems to technical support requires that you submit Dell SonicWALL GVC and/or Firewall logs for analysis.
Detailed troubleshooting processes are explained for the following issues:
Process 1: Debug Install Issue .................................................................................................................................. 4
Process 2: Post-Install Errors .................................................................................................................................... 5
Process 3: TCP Applications on Vista are S l ow ........................................................................................................ 6
Process 4: Cannot Access Certain Destination Networks ........................................................................................ 6
Process 5: Cannot Browse the Internet after G V C Connection is Enabled and Connected ..................................... 7
Process 6: Peer is not Responding to ISAKMP Requests from GVC; Check GVC Logs to Verify ........................... 7
Process 7: Stuck on Authenticating when GVC Connection is Enabled ................................................................... 7
Process 8: Failed to Obtain DHCP Lease for t he V i rt ual Adapter ............................................................................. 8
Process 9: Not Getting a Prompt to Enter a P reS hared Key (PSK) .......................................................................... 9
Process 10: Not Getting a Prompt to Enter XA UTH Credentials .............................................................................. 9

Process 1: Debug Install Iss ue

Note: If Dell SonicWALL GVC was an upgrade install, then first uninstal l GVC, reboot your com puter and then run setup again. If you encounter an error, foll ow the trouble shoot ing instructions:

1. Blue Screen during Install Process:

If you get a blue screen after the upgrade to GVC 4.9, provide t he following file %SystemRoot%\Minidump.dmp (%SystemRoot% is usually C:\Windows) to Tech support in order to troubleshoot further.
For someone who can reproduce the symptom, choosing 'Kernel memory dump' could be of even more help as it should have more information. To get detail ed m emory dump need to set the following;
Start > Computer, right-click on Computer and select Properties. Choose Advanced System Settings and then choose Settings under Startup and Recovery. The settings are under the System Failure section. The dump file will by default be written to the “%SystemRoot%\MEMORY.DMP” file.

2. Global VPN Client install fails due to the following error:

This error could happen in the following case s:
Installing Dell SonicWALL GVC without a reboot af ter GVC uninstall.
Hard reset during the install operation.
Dell SonicWALL GVC install is an upgrade from an e arli er GVC Beta version.
P/N 232-002319-00 Rev A
5
Dell SonicWALL GVC 4.9 Release Notes
Release Notes
Reboot your computer and then run setup again. If it still results in the same error, then do t he following:
A. Right-click on the Command Prompt icon and select Run as Administrator. B. Change directory to %SystemRoot%\system32\drivers (%SystemRoot% is C:\Windows). C. Type net stop SWIPsec.sys. You may see either success or failure returned. D. Rename SWIPsec.sys to SWIPsec.sys.bak (if SWIPsec.sys exists in this directory).
Now run setup again and install Dell SonicWALL GVC.

3. GVC Install is stuck while installing the SonicWALL Virtual Adapter:

You may have to do a hard reset if the installatio n i s stuck during the install of the Virtual Adapter. After power up, uninstall Dell SonicWALL GVC and reboot your computer. Now verify that SonicWALL Virt ual Adapter does not exist. Go to Start > Control Panel > Network and Internet > Network and S hari ng Ce nter > Manage Network Connections page. If it still exists after the Dell SonicWALL GVC uninstall, it is most likely due to registry corruption during the hard reset.
Manually uninstall SonicWALL Virtual Adapter as fol lows:
A. Go to Start > Computer, right-click on Computer and select Properties. B. Choose Device Manager and then choose Network adapters. C. Right-click SonicWALL VPN Adapter and uninstall this adapter. D. Select the Delete the driver software for this device checkbox. E. Change to the %SYSTEMROOT%\System32\Drivers directory and delete SWVNIC.SYS. F. Reboot your machine. G. After power up, install Dell SonicWALL GVC again.

4. Dell SonicWALL GVC Install fails due to following error:

“SWGVCSVC Module has Stopped Working” This error indicates that the installer failed to i nst al l Dell SonicWALL services. Run Dell SonicWALL GV C
installer for the second time.

Process 2: Post-Install Errors

These problems are seen after the successf ul i nst al l :
Blue Screen
Failed to run Dell SonicWALL service.

Blue Screen:

Network Adapter Card drivers: Check if you are using the latest driver for each Network Adapter card
installed on your computer. If it is not, t hen you have to first upgrade to this latest version of t he driver and then run Dell SonicWALL GVC again.
Trend Micro firewall: If you have installed this client based firewall, then check to make sure it is the latest version from the Vendor Website. If it i s and you are still getting Blue screen, then disable the Trend Micro Common firewall driver binding from the prop ert i es of the Virtual adapter. On Vista, go to Start > Control
Panel > Network and Internet > View net work sta tus and tasks > Manage network connections. Select SonicWALL Virtual adapter and right-click to select properties an d then disable Trend Micro Common firewall driver binding.
If the blue screen still persists, then you need to provide the following to tech support for further investigation:
After the upgrade to SonicWALL GVC 4.9, if you get a blue screen, provide the following file %SystemRoot%\Minidump (%SystemRoot% is usually C:\Windows) to Tech support in order to troubleshoot further.
P/N 232-002319-00 Rev A
6
Dell SonicWALL GVC 4.9 Release Notes
Release Notes
For someone who can reproduce the symptom, choosing 'Kernel memory dump' could be of even m ore help as it should have more information. To get detailed memory dump need to set the following:
Start > Computer, right-click on Computer and select Properties. Choose Advanced system settings and then choose Settings under 'Startup and Recovery'. The settings are under the 'System failure' section. The dump file will by default be writ ten to the %SystemRoot%\MEMORY.DMP file.

Failed to run SonicWALL Service:

Open a DOS command prompt window by right-cli cking on the icon and select ‘Run as administrator’. Change directory to Dell SonicWALL GVC install directory, (Usually \Program Files\SonicWALL\SonicWALL Gl obal VPN Client) and type the following commands.
Net stop SWGVCSVC
Net start SWGVCSVC

Process 3: TCP Applicatio ns on Vista are Slow

The issue is caused by Windows Scaling being handled incorrectly by the firewall device. To manually disable windows scaling, run the following command from the command prompt:
netsh interface tcp set global autotuning=disabled” Refer to the following URL for more information on this problem:
http://support.microsoft.com/kb/934430

Process 4: Cannot Access Certain Destination Networks

1. From Dell SonicWALL GVC menu select, File > Properties > Status tab. In the connection section, select the Details button. Verify the destination network you are tryi ng to reach, exists in the Destination Proxy I Ds list .
The information is user specific and can be controll ed in the Group VPN Policy on the firewall. This verification can also be done from a Dell SonicWALL GVC report and can be found under the following heading:
i. Destination Networks
ii. --------------------
iii. 192.168.0.0/255.255.255.0/BOOTPS: Phase 2 Complete
iv. 192.168.0.0/255.255.255.0/Any: Idle
This destination proxy ID list is generated on a per user basis so it is possible the user access list is missing the required destination networks.
2. If Step 1 is verified and it still fails, then verify the route to and from the destination network is correct on the firewall side. This may require a packet captu re either on the Dell SonicWALL appliance or an external pac ket capture on the host you are trying to reach.
P/N 232-002319-00 Rev A
7
Dell SonicWALL GVC 4.9 Release Notes
Release Notes

Process 5: Cannot Browse the Internet after GVC Connection is Enabled and Connected

Generate Dell SonicWALL GVC report (Help->Generate Report menu) and verify if the policy is a tunnel all policy. Check that the default route points to the correct interface. If the policy is tunnel all, then a packet capture on the Dell SonicWALL appliance should provide information if the packet is dropped at the fi rewall due to an incorrectly configured or unavailable rule to route the Internet packets. In order to help trace this, start a continuous ping from SonicWALL GVC client to 4.2.2.2 and use the packet capture utility on the firewall to trace the packet destination.

Process 6: Peer is not Responding to ISAKMP Requests from GVC; Check GVC Logs to Verify

1. Verify host running Dell SonicWALL GVC application has Internet connectivity and can browse the Internet. If not, then fix this problem and then go to Step B.
2. Verify the Peer gateway is running and the <zon e> Group VPN policy is enabled. If you have other Dell SonicWALL GVC clients connecting to the same firewall on the same interface of the firewall, then this is not a problem. Go to Step C.
3. Dell SonicWALL GVC works from certain location s and this error message only shows up when you are be hind certain NAT device. There are two possible scenarios.
NAT device is blocking IKE traffic from Dell SonicWALL GVC (Vista OS) since it is not using defined UDP source port (500) for IKE. This is currently onl y a problem with GVC running on Vista. In order for Dell SonicWALL GVC to use the defined IKE source p ort, start GVC by right-clicking on the icon and then select ‘Run as administrator’. If GVC still cannot con nect, then go to Step D
4. It is possible that this NAT device is blocking IK E traffic and so requires a rule (policy) to allow IKE packets from Dell SonicWALL GVC.
To verify if the IKE traffic from SonicWALL GVC is reaching the Peer gateway, use the event logs (Network Debug Category enabled) or packet capture on the Dell Soni cWALL appliance. If the Peer gateway does not get the IKE packets, then it is the NAT device in the m i ddl e or ISP that is dropping the IKE packets. Consult the NAT device manual or ISP to troubleshoot this problem.

Process 7: Stuck on Authenticat i ng when GVC Connection is Enabled

Important: Check Dell SonicWALL GVC logs to get the state of the connection progress. Most likely causes:
Group VPN Configuration error on the Firewall. Check if the user has VPN access list assigned. (With or Without XAUTH this is required)
Dell SonicWALL GVC logs show Phase 2 error. Thi s sho ul d never happen with Dell SonicWALL GVC. Delete the connection and create a new one and then try to connect again. The user has to enter the preshared key if the firewall GroupVPN setting “Use Default Key for Simple Client Provisioning” is not enabled. They will also enter their XAUTH credentials as they normally do on new connections, if the firewall XAUT H checkbox is on for GroupVPN
Dell SonicWALL GVC logs shows Phase 2 error. This should never happen with Dell SonicWALL GVC. Delete the connection and create a new one and then try to connect again. The user has to enter their XAUTH credentials and the preshared key if default prov i sioning key is not enabled.
Check if the firewall has license for Dell SonicWALL GVC c onnection. If it has, then check if the number of concurrent GVC connections does not exceed t he l icensed number.
P/N 232-002319-00 Rev A
8
Dell SonicWALL GVC 4.9 Release Notes
Release Notes

Process 8: Failed to Obtain DH CP Lease for the Virtual Adapter

Note: Try a reboot first. If that does not help follow these steps:
rd
1. Verify that no 3 clients (including Dell SonicWALL GVC), reboot, and then install GVC agai n.
2. Dell Wireless WLAN 4.10+ wireless network driver includes VLAN Priority Support which conflicts with getting a DHCP lease for the SonicWALL Virtual Adapter. Check if VLAN Priority Support is enabled. If i t is, disable it by performing the following steps:
A. Right-click My Computer on the desktop and click Properties.
NOTE: If there is no My Computer icon on the desktop, click Start and right-click My Computer on
the right column of the Start menu. B. When the System Properties window appears, click the Hardware tab and click Device Manager. C. When the Device Manager window appears, click the <+> next to Network Adapters and double-click
Dell Wireless WLAN Adapter. D. When the Dell Wireless WLAN Adapter Properties window appears, click the Advanced tab. E. Scroll down to VLAN Priority Support and click to highlight. F. Select Disable from the drop-down menu under the Value: field. G. Click OK to close the Dell Wireless WLAN Adapter Properties window. H. Click the X button in the upper right-hand corner of the Device Manager window to close it.
1. Verify DNE binding is enabled for the SonicWALL Virtual Adapter. Go to Start > Control P anel > Network and Internet > Network and Sharing Center > M ange network connections page. Select SonicWALL Virtual Adapter and right-click on properties. On the properti es page verify Deterministic Network Enhance r binding is enabled.
party IPsec VPN clients are installed on your computer. Uninstall any existing IPsec VPN
2. If this is a new setup, verify configuration on t he firewall. Enable Network Debug category logs to show the DHCP transaction messages. Based on the logs you can determine if the DHCP request is re ceiv ed from the client and if the DHCP server responded to this requ est . If it is an already working setup, and only Soni cWALL GVC on Vista is having this problem, then go to step B .
3. If you are running a client-based software firewall on the Vista machine, check if the version is V ist a compatible. If it is not, then upgrade to the latest version. If it does not work after the upgrade, t hen add a rule to allow TCP/UDP port 67/68. If this does not fix the problem, then go to step C.
Note: There were numerous problems reported with Norton Internet Security Suite. If you have this software installed, then the final try is to uninstall Norton and reboot your computer and then try again
4. Disable the software firewall completely and then try again. If this does not work, then go to S tep E.
5. Change the default setting for this connection f or NAT Traversal from Automatic to Disabled. To select the connection, go to File > properties > Peer > Edit t ab to change this setting.
P/N 232-002319-00 Rev A
9
Dell SonicWALL GVC 4.9 Release Notes
Release Notes

Process 9: Not Getting a Prompt to Enter a Pr e Sh ared K ey (P SK)

This could happen due to process 6 error conditi on above. If that is not the case, then PSK prompt is only available if the Simple provisioning key is not enabl ed on the <zone> Group VPN Policy. After the PSK is entered for the first time, it is saved in the encrypted configuration file. Unless the PSK in Group VPN policy is changed the PSK is never prompted again.

Process 10: Not Getting a Prompt to Enter XAUTH Credentials

This could happen due to process 6 error conditi on above. If that is not the case, then XAUTH prompt is only available if it is enabled on the <zone> GroupVPN Policy . XAUTH credentials are allowed to be cached in the encrypted configuration file only it is allowed on the <zone> Group VPN policy.
______________________ Last updated: 1/2/2014
P/N 232-002319-00 Rev A
Loading...