SMA 1000: How to manage Macintosh Connect Tunnel client profiles?
Description
In many network environments, various Mobile Device Management (MDM) tools are used to manage the applications installed on Apple Macintosh computers. When pushing Connect Tunnel to these computers, there is normally no configuration pushed with that installation. The result is the user has to enter the IP address or FQDN for the SMA server and then also select or enter the Realm when they first run the Connect Tunnel client.
This configuration information is stored on the Macintosh in a file named profiles.xml.
This is a text file located at ~/Library/Application Support/SonicWALL/AventailConnect/Config/profiles.xml
With the proper profiles.xml file, the MDM can push this profile to the correct location after installing Connect Tunnel. Then when the user first runs Connect Tunnel their access to the SMA is already configured and they need only log in.
Resolution
Here is the format of the profiles.xml file:
Sample contents:
<configuration>
<profiles>
<profile>
<id>1</id> <!—unique identifier for profile -->
<type>0</type> <!—appliance type: 0 - SMA1000 -->
<configtype>0</configtype> <!—config type: 0 – user
profile, 1 – admin profile -->
<name>app181</name> <!—profile name -->
<hostaddress>10.194.22.181</hostaddress> <!—vpn server
-->
<logingroup>TRANS</logingroup> <!—realm name -->
</profile>
</profiles>
</configuration>
Here is the contents of an example profiles.xml file:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configuration>
<profiles>
<profile>
<id>1</id>
<type>0</type>
<configtype>0</configtype>
<name>app181</name>
<hostaddress>10.194.22.181</hostaddress>
<logingroup>TRANS</logingroup>
<username>test</username>
<lastiptype>0</lastiptype>
<lastip>172.27.1.41</lastip>
<guid>wIik4D5TEemJpQAMKezDIA==</guid>
<amid>F1BPT0w9QVYxNDk1MDA3MjAyODU1QlRaAA==</amid>
<autocredtype>1</autocredtype>
<notification>true</notification>
</profile>
<profile>
<id>2</id>
<type>0</type>
<configtype>0</configtype>
<name>app182</name>
<hostaddress>10.194.22.182</hostaddress>
<logingroup>TRANS</logingroup>
<username>test</username>
<lastiptype>0</lastiptype>
<lastip>2.0.0.3</lastip>
<guid>i+RX2kDIEem99wAMKezDIA==</guid>
<amid>F1BPT0w9QVYxNTQ2NTA2OTY0MDY2QUtMAA==</amid>
<autocredtype>1</autocredtype>
<notification>true</notification>
</profile>
<profile>
<id>3</id>
<type>0</type>
<configtype>0</configtype>
<name>test</name>
<hostaddress>10.194.22.197</hostaddress>
<lastiptype>0</lastiptype>
<autocredtype>0</autocredtype>
<notification>true</notification>
</profile>
<profile>
<id>4</id>
<type>0</type>
<configtype>0</configtype>
<name>connect</name>
<hostaddress>connect2.sonicwall.com</hostaddress>
<logingroup>SonicWall Users</logingroup>
<lastiptype>0</lastiptype>
<lastip>10.50.13.12</lastip>
<guid>HGHX1FEmEemSPwAMKezDIA==</guid>
<amid>F1BPT0w9QVYxNTUzMzA1MjU1OTQ3QUNQAA==</amid>
<autocredtype>0</autocredtype>
<notification>true</notification>
</profile>
</profiles>
</configuration>
Note: The Unique Identifiers and IP addresses in this example have been changed from the real profile.
The simplest way to develop the profiles.xml file is to extract one from a Macintosh computer already configured for access to the correct SMA server and Realm.
