How to perform custom Install for Device Guard or Modern Connect Tunnel Client

06/02/2020 17 4194

DESCRIPTION:

How to perform Custom Install using Modern Connect Tunnel Client? .  

RESOLUTION:

Pre-configuration of Connect Tunnel (for Device Guard)

Connect Tunnel setup executable accepts few command line parameters to initialize the default connection profile during setup.

1. Name
   1. Name of the VPN profile
2. VpnServer
   1. Hostname or IP address of the appliance
3. Realm
   1. Realm name

Example:

MCTSetup.exe Name=vpn.example.com Realm=”Split Tunnel”

The setup accepts additional parameters for either silent or non-interactive installation.

1. /s
   1. Silent installation without any UI display
2. /passive
   1. Non-interactive installation with minimal UI display

Example:

MCTSetup.exe /passive Name=ConnectionName VpnServer=vpn.example.com Realm=”Split Tunnel”

Note:

• The setup does’t accept any INI file for configuration other than the parameters mentioned above.
• All profiles created using above command would create profiles.xml once the connection being launched.

Configuration of connection profiles:

The connection profiles are stored in XML file at %localappdata%\SonicWall\SnwlConnect\Documents\profiles.xml. If client was already installed and if admin likes to override the connection profiles, they can push the profiles.xml using SCCM.

Note: If you are planning to push DGCT installer and profiles.xml  you need to manually create SnwlConnect and Documents as profiles.xml needs to be placed in this location.

The elements of each profile as mentioned below:

Note:

• To let users create connection profiles, the first profile is an internally managed profile with an ID = 0, AppType = -1 and ConfigType = -1.
• Each profile contains additional elements like LastIpType, LastIp, Guid and Amid which are internally managed by client itself.

Example: