• Secure Mobile Access 12.4
• Introduction to Connect Tunnel
  • About Connect Tunnel
  • Guide Conventions
  • Resources Available from Connect Tunnel
  • Downloading and Installing Connect Tunnel
• Connect Tunnel Client for Windows
  • Launching VPN Connection
  • Launching VPN Connection using Network Logon
  • Launching VPN Connection using Always-ON VPN (AoV)
  • Launching VPN Connection using Device VPN
  • Using Connect Tunnel
    • Viewing Connect Tunnel Status
    • Logging into Connect Tunnel
    • Choosing a Login Group
    • Processing Server Certificates
    • Disconnecting from Connect Tunnel
  • Customizing Connect Tunnel
    • Viewing Current Settings
    • Connecting to a Different VPN
    • Configuring Split Tunnel Mode
    • Configuring a Device VPN connection
    • Updating the Connect Tunnel Application
  • Provisioning of Connect Tunnel using SCCM or Intune
    • Support for using default browser for SAML Authentication
  • Troubleshooting Connect Tunnel
    • Unable to Connect
    • Troubleshooting ESP
    • Unable to Access Resources or the Internet
    • Using Logs
    • Installation Fails
    • EPC Zone Classification doesn't work as intended
    • OpswatWrapper Init Error
• Connect Tunnel Client for macOS and Linux
  • System Requirements for MacOS
  • System Requirements for Linux
  • Starting Connect Tunnel
    • Connect Tunnel on macOS
    • Connect Tunnel on Linux
    • Specifying a Login Group
    • Connecting to a Different VPN
    • Quitting Connect Tunnel
  • Managing Configurations
    • Viewing Connect Tunnel Settings
    • Deleting a Configuration
      • Editing Connect Tunnel Settings
    • Creating a New Configuration
    • Selecting the Advanced Button
    • Advanced Options
    • Credential Caching/Secure Network Detection
  • Processing Server Certificates
  • Configuring Proxy Server Settings (Linux Only)
  • Troubleshooting
    • Unable to Connect VPN
    • Troubleshooting ESP
    • Unable to Access Resources or the Internet
    • Unable to Access Resources on Linux
• SonicWall Support
  • About This Document

Launching VPN Connection using Network Logon

Users always log in to their Windows accounts before connecting a VPN tunnel. But in a typical scenario, a VPN tunnel is required to allow the user to log in for the first time or after a password reset. Network Logon is a feature that allows users to establish a VPN tunnel before they can log on to their Windows accounts. Network Logon is built using the Windows credential provider framework and is enabled by your administrator. Network Logon requires an EPC configuration to evaluate the device without a user context.

This section provides information on connecting to the VPN tunnel using Network logon before log on to Windows accounts.

Perquisites:

• Connect Tunnel must be installed and enabled for Network Logon.

  Network Logon is disabled by default and can be enabled by passing "NetworkLogon=1, 2 or 3" parameter to Connect Tunnel setup.

To launch a VPN connection using Network Logon

Based on your administrator configuration, the Connect Tunnel icon is displayed either on the bottom left corner or accessible via Sign-in options.

1. Select the Connect Tunnel icon on the bottom left corner.

   

   (or)

   Select the Connect Tunnel icon from the Sign-in options.

   

   Windows logon screen displays fields and status. VPN connection status displays either Device VPN Connected or Connected or Disconnected.

2. Provide the credentials for Windows logon if required.

   Select the Connect automatically with Windows logon credentials checkbox to connect the VPN with Windows logon credentials and submit.

   Windows logon and VPN credentials must be same. If the credentials are not same, VPN authentication fails and a warning message appears to enter the correct credentials.

   

3. Submit your login credentials.

   • If Device VPN or User VPN is already connected, connection status displays either Device VPN Connected or Connected, then Windows logon proceeds immediately.

   

   • If VPN is not connected, Connect Tunnel initial login screen appears. If you do not have configuration, then create a configuration and click Connect to start the login process. For more information, see Launching VPN Connection.

   

   • VPN and Windows logon have a timeout of 120 seconds. The VPN connection gets aborted if the VPN connection does not succeed within 120 seconds.

4. During VPN login process, provide the credentials as requested to establish the VPN connection.

   • PKI authentication requires a client certificate in the machine store.
   • SAML authentication is not supported.

5. After VPN is connected, then Windows logon proceeds.

   If your administrator has configured the credential provider to launch VPN only, then after establishing the VPN connection, choose your preferred account to login to the Windows session.