• Secure Mobile Access 12.4
• Introduction to Connect Tunnel
  • About Connect Tunnel
  • Guide Conventions
  • Resources Available from Connect Tunnel
  • Downloading and Installing Connect Tunnel
• Connect Tunnel Client for Windows
  • Launching VPN Connection
  • Launching VPN Connection using Network Logon
  • Launching VPN Connection using Always-ON VPN (AoV)
  • Launching VPN Connection using Device VPN
  • Using Connect Tunnel
    • Viewing Connect Tunnel Status
    • Logging into Connect Tunnel
    • Choosing a Login Group
    • Processing Server Certificates
    • Disconnecting from Connect Tunnel
  • Customizing Connect Tunnel
    • Viewing Current Settings
    • Connecting to a Different VPN
    • Configuring Split Tunnel Mode
    • Configuring a Device VPN connection
    • Updating the Connect Tunnel Application
  • Provisioning of Connect Tunnel using SCCM or Intune
    • Support for using default browser for SAML Authentication
  • Troubleshooting Connect Tunnel
    • Unable to Connect
    • Troubleshooting ESP
    • Unable to Access Resources or the Internet
    • Using Logs
    • Installation Fails
    • EPC Zone Classification doesn't work as intended
    • OpswatWrapper Init Error
• Connect Tunnel Client for macOS and Linux
  • System Requirements for MacOS
  • System Requirements for Linux
  • Starting Connect Tunnel
    • Connect Tunnel on macOS
    • Connect Tunnel on Linux
    • Specifying a Login Group
    • Connecting to a Different VPN
    • Quitting Connect Tunnel
  • Managing Configurations
    • Viewing Connect Tunnel Settings
    • Deleting a Configuration
      • Editing Connect Tunnel Settings
    • Creating a New Configuration
    • Selecting the Advanced Button
    • Advanced Options
    • Credential Caching/Secure Network Detection
  • Processing Server Certificates
  • Configuring Proxy Server Settings (Linux Only)
  • Troubleshooting
    • Unable to Connect VPN
    • Troubleshooting ESP
    • Unable to Access Resources or the Internet
    • Unable to Access Resources on Linux
• SonicWall Support
  • About This Document

Launching VPN Connection using Device VPN

This section provides information on connecting to the VPN tunnel using Device VPN.

• Device VPN
• Enabling Device VPN on Connect Tunnel
• Launching a VPN connection

Device VPN

Device VPN provides VPN access to a device on boot. VPN access is expected to be always available and limited to critical common resources that provide basic network access, logon, remote management, and remediation services (for devices lacking capability). For example, DNS, PDC, Windows Update and other critical services. The Device VPN session is non-interactive and establishes a VPN connection in background.

Enabling Device VPN on Connect Tunnel

Device VPN is enabled by administrator in the SMA appliance. On subsequent connection of Connect Tunnel to the SMA appliance, this Device VPN policy is pushed to the client and gets enabled in the Connect Tunnel.

Launching a VPN connection

A Device VPN is automatically established between the user’s device and the appliance on system boot. After the user logs on to Windows user session, a User VPN is established based on the user’s credentials.

A user must disconnect from User VPN to login to another user realm or to disable Device VPN altogether.

Based on the administrator configuration in the SMA appliance, the Device VPN and User VPN feature may differ in the Connect Tunnel as below:

1. The disconnect option is enabled by default to allow user to disconnect from User VPN, unless the administrator disables the disconnect option in the Device VPN configuration.
2. Network access is allowed by default when VPN is not connected unless the admin restricts the network access in the Device VPN configuration.
3. An User VPN is automatically established on user logon irrespective of whether device is in secure network or not. An administrator can disable this in the Device VPN configuration so that a User VPN is only established when in non-secure network.

For more information about the Configuration a Device VPN connection on Connect Tunnel refer to the section Configuring a Device VPN connection.

For more information about the Device VPN and Device VPN endpoint enrollment, refer to the sections Device VPN and Device VPN endpoint enrollment in the SMA 1000 Administration Guide.