- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Customizing a Connect Tunnel Initialization File vs. Installing from WorkPlace
03/26/2020 
37 People found this article helpful
199,408 Views
Description
Instructions in Chapter 10 of the Administration Guide explain how to customize an .ini file for installing Connect tunnel, but the file is incomplete: it cannot include certain items—such as authentication type and custom prompts—until a connection has been made to the VPN appliance. This means that first-time users are presented with dimmed authentication prompts unless they install from WorkPlace. There is a workaround explaining how to get the complete configuration file so that the user authentication prompts will not be dimmed. This article describes the differences between the two .ini files.
Resolution
Connect tunnel initialization file: ngsetup.ini
By editing a file named ngsetup.ini, you can customize the Connect tunnel client setup package and preconfigure certain settings, such as the host name or IP address of the appliance, and the realm you want your users to log in to. (If you don't include an .ini file, users are guided through the configuration process by the Setup Wizard.)
1. When the user runs ngsetup_<xx>.exe with the following .ini file, for example, he or she is presented with "Accounting" as the default realm:
[Connectoid 1]
ConnectionName=Aventail VPN Connection
VpnServer=192.168.200.120
StartMenuIcon=1
DesktopIcon=1
UserRealm=Accounting
StatusDlg=1
Taskbar=1
RunAtStartup=0
[InstallSettings]
ProductCode={A2A78788-2792-49BF-AF22-5E9296E568F3}
PackageCode={2D1C06E9-91C7-4BE0-9388-2291D7918D36}
InstallFile=ngclient.msi
UILevel=BASIC
FileSize=963072
ProductVersion=8.90.157
Language=en-US
Installation of the Connect Tunnel client will succeed, but the authentication prompts in the client will be dimmed the first time the user runs the program, as explained above.
2. The client is interrogated and placed in the community that corresponds to its device profile.
3. After a successful login, settings are recorded in the registry on the user's computer: the name of the community into which the device is categorized, for example, and the wording for any customized authentication server prompts.
Installing Connect tunnel from WorkPlace
When Connect tunnel is installed from WorkPlace, its settings are written to the registry using information that the user provides during login. For example, the ngsetup.ini file described above offers a default realm, but it's possible that the user could choose a different realm. When installing from WorkPlace, on the other hand, the realm the user selected is already known, as are any customized login prompts.
During the install process, the following .ini file is temporarily created on the user's device. Its settings are written to the registry and the .ini file is deleted when the browser session is closed. Here are the contents of a sample file—note the addition of the authentication server type (Active Directory), community name, and authentication prompts (all in bold)
-note change "activeDirectoryAuth" with the name of you Active Directory Authentication server :
[Connectoid 1]
ConnectionName="Aventail VPN Connection"
VpnServer="193.169.100.130"
DesktopIcon=1
RunAtStartup=0
CommunityName="Trusted"
UserRealm="Employees"
UserAuth="activeDirectoryAuth"
AuthVersion=2
AuthTitle="IDS_AUTHENTICATION_DIALOG_TITLE",16384
AuthMessage1="IDS_AUTHENTICATION_DIALOG_MESSAGE",16384
AuthField1="IDS_AUTHENTICATION_PROMPT_USERNAME",81921
AuthField2="IDS_AUTHENTICATION_PROMPT_PASSWORD",147458
AuthButtons=35
[InstallSettings]
ProductCode={A2A78788-2792-49BF-AF22-5E9296E568F3}
PackageCode={370755A8-8634-42EF-8C39-D5D835BF92F1}
InstallFile=ngclient.msi
UILevel=BASIC
FileSize=768000
ProductVersion=8.80.191
Language=en-US
The bolded lines above represent the variables that are missing from the ngsetup.ini file in 8.8.0 and 8.8.1.
ISSUE ID:
34423
Related Articles
- Printer Redirection with RDP through Secure Mobile Access
- EPC check based on Windows version
- SMA1000: How to manage Connect Tunnel client Auto-updates
YES
NO