- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
How to perform custom Install for Device Guard or Modern Connect Tunnel Client
10/22/2020 
52 People found this article helpful
190,763 Views
Description
How to perform Custom Install using Modern Connect Tunnel Client? .
Resolution
Pre-configuration of Connect Tunnel (for Device Guard)
Connect Tunnel setup executable accepts few command line parameters to initialize the default connection profile during setup.
- Name
- Name of the VPN profile
- VpnServer
- Hostname or IP address of the appliance
- Realm
- Realm name
Example:
MCTSetup.exe Name=vpn.example.com Realm=”Split Tunnel”
The setup accepts additional parameters for either silent or non-interactive installation.
- /s
- Silent installation without any UI display
- /passive
- Non-interactive installation with minimal UI display
Example:
MCTSetup.exe /passive Name=ConnectionName VpnServer=vpn.example.com Realm=”Split Tunnel”
Note:
- The setup does’t accept any INI file for configuration other than the parameters mentioned above.
- All profiles created using above command would create profiles.xml once the connection being launched.
Configuration of connection profiles:
The connection profiles are stored in XML file at %localappdata%\SonicWall\SnwlConnect\Documents\profiles.xml. If client was already installed and if admin likes to override the connection profiles, they can push the profiles.xml using SCCM.
Note: If you are planning to push DGCT installer and profiles.xml you need to manually create SnwlConnect and Documents as profiles.xml needs to be placed in this location.
The elements of each profile as mentioned below:
| Profile elements | Value |
| ID | Unique number starting from 0 |
| AppType | Firmware type [Unknown = -1, SMA 1000 = 0] |
| ConfigType | Whether profile is created by user or admin [Internal = -1, User = 0, Admin =1] |
| Name | Profile name |
| HostAddress | Hostname or IP address |
| LoginGroup | Realm name |
| Username | Username of primary auth |
| Domain | Domain of primary auth |
| Username2 | Username of secondary auth |
| Domain2 | Domain of secondary auth |
| AutoCredType | Credential caching [Never = 0, Always = 1, Optional = 2, Biometric = 4] |
Note:
- To let users create connection profiles, the first profile is an internally managed profile with an ID = 0, AppType = -1 and ConfigType = -1.
- Each profile contains additional elements like LastIpType, LastIp, Guid and Amid which are internally managed by client itself.
Example:
| <?xml version="1.0" standalone="yes"?> <DataSet xmlns="http://tempuri.org/DataSet1.xsd"> <VpnProfile> <ID>0</ID> <AppType>-1</AppType> <ConfigType>-1</ConfigType> <Name>Add configuration</Name> <HostAddress /> <AutoCredType>0</AutoCredType> </VpnProfile> <VpnProfile> <ID>1</ID> <AppType>0</AppType> <ConfigType>0</ConfigType> <Name>app180</Name> <HostAddress>user1.ctrx.ntlmv1.local</HostAddress> <LoginGroup>TRANS</LoginGroup> <Username>user1</Username> <LastIpType>0</LastIpType> <LastIp>172.27.1.15</LastIp> <Guid>Hy/o5Dfl+06U7KWhdraK3w==</Guid> <Amid>F1BPT0w9QVYxNTY2ODkzMjMyODk3QUVOAA==</Amid> <AutoCredType>1</AutoCredType> </VpnProfile> <VpnProfile> <ID>2</ID> <AppType>0</AppType> <ConfigType>0</ConfigType> <Name>vpn</Name> <HostAddress>vpn.example.com</HostAddress> <LoginGroup>Split Tunnel</LoginGroup> <Username>user1</Username> <LastIpType>0</LastIpType> <LastIp>r.s.t.u</LastIp> <Guid>Qhpd877wUEObpmAy0K3Qcg==</Guid> <Amid>F1BPT0w9QVYxMzYxMjMxODE4MDU2QURJAA==</Amid> <AutoCredType>3</AutoCredType> </VpnProfile> </DataSet> |
However, you can push the default profile as all the profiles are saved in a file named profiles.xml under %localappdata%\SonicWall\SnwlConnect\Documents. You can use SCCM to push the profiles.xml which pre-configures your CTDG. (For installation logs, you can pass “-l installerlog” to the MCTSetup.exe.)
Related Articles
- Printer Redirection with RDP through Secure Mobile Access
- EPC check based on Windows version
- SMA1000: How to manage Connect Tunnel client Auto-updates
YES
NO