• Secure Mobile Access 12.4
• Introduction to Connect Tunnel
  • About Connect Tunnel
  • Guide Conventions
  • Resources Available from Connect Tunnel
  • Downloading and Installing Connect Tunnel
• Connect Tunnel Client for Windows
  • Launching VPN Connection
  • Launching VPN Connection using Network Logon
  • Launching VPN Connection using Always-ON VPN (AoV)
  • Launching VPN Connection using Device VPN
  • Using Connect Tunnel
    • Viewing Connect Tunnel Status
    • Logging into Connect Tunnel
    • Choosing a Login Group
    • Processing Server Certificates
    • Disconnecting from Connect Tunnel
  • Customizing Connect Tunnel
    • Viewing Current Settings
    • Connecting to a Different VPN
    • Configuring Split Tunnel Mode
    • Configuring a Device VPN connection
    • Updating the Connect Tunnel Application
  • Provisioning of Connect Tunnel using SCCM or Intune
    • Support for using default browser for SAML Authentication
  • Troubleshooting Connect Tunnel
    • Unable to Connect
    • Troubleshooting ESP
    • Unable to Access Resources or the Internet
    • Using Logs
    • Installation Fails
    • EPC Zone Classification doesn't work as intended
    • OpswatWrapper Init Error
• Connect Tunnel Client for macOS and Linux
  • System Requirements for MacOS
  • System Requirements for Linux
  • Starting Connect Tunnel
    • Connect Tunnel on macOS
    • Connect Tunnel on Linux
    • Specifying a Login Group
    • Connecting to a Different VPN
    • Quitting Connect Tunnel
  • Managing Configurations
    • Viewing Connect Tunnel Settings
    • Deleting a Configuration
      • Editing Connect Tunnel Settings
    • Creating a New Configuration
    • Selecting the Advanced Button
    • Advanced Options
    • Credential Caching/Secure Network Detection
  • Processing Server Certificates
  • Configuring Proxy Server Settings (Linux Only)
  • Troubleshooting
    • Unable to Connect VPN
    • Troubleshooting ESP
    • Unable to Access Resources or the Internet
    • Unable to Access Resources on Linux
• SonicWall Support
  • About This Document

Configuring a Device VPN connection

Connect Tunnel client supports the Device VPN endpoint enrollment feature which is available from 12.4.2 onwards.

Connect Tunnel must be off-line to change the connection to a Device VPN for the first time configuration.

To establish a Device VPN connection

1. Open Connect Tunnel application.

2. In the Connect Tunnel login dialog box, click the drop-down list to choose a different VPN.

3. On the screen below, click Add configuration to add new configuration.

   

4. Enter a name in the Name field. In the Server field, enter the IP address of the VPN you want to connect.

   

5. Click Apply to complete the process.

6. The next screen gives a drop down list to choose an enabled realm which is provisioned for Device VPN connection. Select the realm, then click OK.

   

7. Enter your authentication credentials. Depending on how your administrator has configured Connect Tunnel, you may see a combination of these prompts. Click OK to login. The screen below is an example:

   

   • Type your username in the Username field.
   • In the Password or Passcode field, type your password or passcode. (Passwords may be case-sensitive. Make sure the Caps Lock or Num Lock keys are not enabled.)
   • Enter a one-time password if one was sent to you by your administrator.

   The Connect Tunnel client performs endpoint enrollment.

   

   The Connect Tunnel client installs CA certificate under Local Computer\Trusted Root certification store and device certificate under Local Computer\Personal store.

   

   If your login is successful, the following screen appears to show that you are connected to the User VPN connection and displays status Connected.

   

8. Click Disconnect, User VPN connection will fallback to Device VPN connection and displays status (Device VPN) Connected.

   

9. Click Connect, to connect back to User VPN and follow the Step 7.

10. Click Connection Information on the Main Window to view all the connection information.

    

    The screen shows the connection information to verify the details of session.

    

The issued device certificate is renewed automatically by Connect Tunnel client before the expiry of the certificate. Re-enrollment triggers when the certificate validity is less than 15 days.

By default, the enrolled device certificate is valid for 90 days (unless changed by your administrator). This certificate is renewed automatically when the validity is less than 15 days before the expiry.

The Connect Tunnel icon appears in the task bar notification area, indicating that Connect Tunnel is running and connected to the VPN.

Your login may not be exactly the same as that shown above. Your administrator might send you login instructions that allow you to connect to a specific network.