- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Customizing a Connect Tunnel Initialization File vs. Installing from WorkPlace
03/26/2020 
36 People found this article helpful
45,425 Views
Description
Instructions in Chapter 10 of the Administration Guide explain how to customize an .ini file for installing Connect tunnel, but the file is incomplete: it cannot include certain items—such as authentication type and custom prompts—until a connection has been made to the VPN appliance. This means that first-time users are presented with dimmed authentication prompts unless they install from WorkPlace. There is a workaround explaining how to get the complete configuration file so that the user authentication prompts will not be dimmed. This article describes the differences between the two .ini files.
Resolution
Connect tunnel initialization file: ngsetup.ini
By editing a file named ngsetup.ini, you can customize the Connect tunnel client setup package and preconfigure certain settings, such as the host name or IP address of the appliance, and the realm you want your users to log in to. (If you don't include an .ini file, users are guided through the configuration process by the Setup Wizard.)
1. When the user runs ngsetup_<xx>.exe with the following .ini file, for example, he or she is presented with "Accounting" as the default realm:
[Connectoid 1]
ConnectionName=Aventail VPN Connection
VpnServer=192.168.200.120
StartMenuIcon=1
DesktopIcon=1
UserRealm=Accounting
StatusDlg=1
Taskbar=1
RunAtStartup=0
[InstallSettings]
ProductCode={A2A78788-2792-49BF-AF22-5E9296E568F3}
PackageCode={2D1C06E9-91C7-4BE0-9388-2291D7918D36}
InstallFile=ngclient.msi
UILevel=BASIC
FileSize=963072
ProductVersion=8.90.157
Language=en-US
Installation of the Connect Tunnel client will succeed, but the authentication prompts in the client will be dimmed the first time the user runs the program, as explained above.
2. The client is interrogated and placed in the community that corresponds to its device profile.
3. After a successful login, settings are recorded in the registry on the user's computer: the name of the community into which the device is categorized, for example, and the wording for any customized authentication server prompts.
Installing Connect tunnel from WorkPlace
When Connect tunnel is installed from WorkPlace, its settings are written to the registry using information that the user provides during login. For example, the ngsetup.ini file described above offers a default realm, but it's possible that the user could choose a different realm. When installing from WorkPlace, on the other hand, the realm the user selected is already known, as are any customized login prompts.
During the install process, the following .ini file is temporarily created on the user's device. Its settings are written to the registry and the .ini file is deleted when the browser session is closed. Here are the contents of a sample file—note the addition of the authentication server type (Active Directory), community name, and authentication prompts (all in bold)
-note change "activeDirectoryAuth" with the name of you Active Directory Authentication server :
[Connectoid 1]
ConnectionName="Aventail VPN Connection"
VpnServer="193.169.100.130"
DesktopIcon=1
RunAtStartup=0
CommunityName="Trusted"
UserRealm="Employees"
UserAuth="activeDirectoryAuth"
AuthVersion=2
AuthTitle="IDS_AUTHENTICATION_DIALOG_TITLE",16384
AuthMessage1="IDS_AUTHENTICATION_DIALOG_MESSAGE",16384
AuthField1="IDS_AUTHENTICATION_PROMPT_USERNAME",81921
AuthField2="IDS_AUTHENTICATION_PROMPT_PASSWORD",147458
AuthButtons=35
[InstallSettings]
ProductCode={A2A78788-2792-49BF-AF22-5E9296E568F3}
PackageCode={370755A8-8634-42EF-8C39-D5D835BF92F1}
InstallFile=ngclient.msi
UILevel=BASIC
FileSize=768000
ProductVersion=8.80.191
Language=en-US
The bolded lines above represent the variables that are missing from the ngsetup.ini file in 8.8.0 and 8.8.1.
ISSUE ID:
34423
Related Articles
- How to secure Virtual Office portal from all external access
- NetExtender users fail to get connected throwing an Error Failed to get vpn protocol on firmware 10.2.1.2 or above due to misconfigured protocol
- Is SRA/SMA appliance vulnerable to CVE-2016-2183 and CVE-2016-5915?
YES
NO