After upgrading Mobile Conncet ver5.0.10, iPad device failed to connect for SSLVPN

03/14/2022 2 People found this article helpful 31,562 Views

Download

Print

Translations

• Japanese

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

With iPad devices over ver15, in SMA1000 series EPC device check is failed and as a result VPN connection is not established.

This issue is specific in Mobile Connect 5.0.10 and only seen to connect SMA1000 series appliance. It is not depended on the firmware of SMA1000 appliances.

Please note that SMA100 series and Firewall appliances are not affected.

Since it depend on iPad OS, iphone devices are able to connect to SMA1000 appliance successfully.

Cause

The defect is the connection module of Mobile Connect 5.0.10 working on iPad OS in SMA1000 series.

Resolution

SonicWall is preparing for the fixed version release of Mobile Connect instantly but following the process of App Store need a considerable number of days to get the fixed one.

Since there is no complete work around to avoide the issue, please not to update Mobile Connect ver 5.0.10.

In case you have already upgraded its firmware to 5.0.10, in order to mitigate the impact please create the new realm to bypass EPC check only from iPad devices as a temporarly work around.

1. Create new realm for iPad deveices. Click "New realm" from "User Access" > "Realm"

2. Set any name and select the same authentication server.

3. Click "Next" button and configure communities to put the iPad connected user in it.

4. Configure as the same "Tunnel Access" as the existing realm and click "Finish" to create the new realm with the the created commutiy in #3.

5. In case you have community for any user please delete it and confirm the realm has only for iPad user community.

6. Navigate "User Access" > "End Point Control" then click edit button to create new profiles.

7. Click "+" icon and create for each devices such "Windows", "Mac OS", "Linux", "iOS" and "ChromeOS". The following procedure is for Windows as reference.

Create the new profile just only "Client platform" in it and save it.

8. The same procedure is perfromed other devices as well

9. After preparing for device profiles, navigate "User Access" > "End Point Control" and click edit button of zones.

10. Create new "Deny zone" with "+" icon.

11. Save the device zone to add created profiles in "In Use" column.

12. Next create a device zone for iPad devices. This time select "Device zone" and put nothing in "In Use" column.

13. Navigate "User Access" > "Realm", click "Default zone" and put each zones in both Deny zone and Device zone.

14. Navigate "Security Administration" > "Access Control" and click "+" icon and permit to connect from iPad devices.

Set the "Action" as "Permit", "Direction" as "User", "From" as "the commuity for iPad devices", "Device zones" as "created device zone".

Noted that in "To" field set any resouces to access from iPad devices.

15. At last perform pending change and confirm iPad devces is successfully connecting to the new realm for SMA1000 appliances.

ISSUE ID:

Related Articles

• CT with Device Guard is stuck on Identifying when GVC Client is installed
• SMA1000: CT compatibility with 3rd party VPN clients like GVC, Citrix and Fortinet
• How can I upgrade firmware in SMA 1000 series appliance?

Categories

• Secure Mobile Access > SMA 1000 Series