GlobalSign Enterprise Solutions



Similar documents
GlobalSign Enterprise Solutions

GlobalSign Customers. Enterprise PKI Client Authentication User Guide. Employing authentication as an additional security layer to the EPKI platform

EMR Link Server Interface Installation

APNS Certificate generating and installation

Hosted Microsoft Exchange Client Setup & Guide Book

Using SonicWALL NetExtender to Access FTP Servers

TechNote. Contents. Overview. Using a Windows Enterprise Root CA with DPI-SSL. Network Security

GlobalSign Enterprise PKI Support. GlobalSign Enterprise Solution EPKI Administrator Guide v2.4

Hosted Microsoft Exchange Client Setup & Guide Book

To configure Outlook Express for your InfoMetrics address:

setup information for most domains hosted with InfoRailway.

GlobalSign Solutions. PersonalSign Digital Certificates. Installation Guide

GlobalSign Integration Guide

Using Microsoft s CA Server with SonicWALL Devices

Zenprise Device Manager 6.1.5

Update Instructions

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Instructions for Microsoft Outlook 2003

Cloud Services MDM. Control Panel Provisioning Guide

Q. I use a MAC How do I change my password so I can send and receive my ?

Preparing for GO!Enterprise MDM On-Demand Service

Update Instructions

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010


GlobalProtect Configuration for IPsec Client on Apple ios Devices

Configuring User Identification via Active Directory

Advanced Configuration Steps

Generating an Apple Enterprise MDM Certificate

Knappsack ios Build and Deployment Guide

MOBILE DEVICE CONFIGURATION GUIDE ActiveSync

GlobalSign Enterprise Solutions

Business mail 1 MS OUTLOOK RECONFIGURATION DUE TO SYSTEM MIGRATION... 2

Setup Guide. network support pc repairs web design graphic design Internet services spam filtering hosting sales programming

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on. User Information

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

How to Connect SSTP VPN from Windows Server 2008/Vista to Vigor2950

Remote Desktop Services

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

ACT State Testing Online Services Tutorial

OSF INTEGRATOR for. Integration Guide

Multi-Factor Authentication Job Aide

Introduction to the EIS Guide

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

Time Warner Cable Business Class IP VPN & Managed IP VPN User Guide

Update Instructions

Outlook Web App (Online)... 3 Outlook 2013 (Desktop) Apple Mail Mobile Devices Android iphone... 40

HDAccess Administrators User Manual. Help Desk Authority 9.0

Business mail 1 MS OUTLOOK CONFIGURATION... 2

Outlook Express POP Instructions - Bloomsburg University Students

Stage One - Applying For an Assent Remote Access Login

How to Set Up SSL VPN for Off Campus Access to UC eresources

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

QuickStart Guide for Mobile Device Management

ADFS Integration Guidelines

Electronic Questionnaires for Investigations Processing (e-qip)

Sophos Mobile Control SaaS startup guide. Product version: 6

Information Technology Services. Your mailbox is moving to the cloud. Here is what to expect.

1. Introduction What is Axis Camera Station? What is Viewer for Axis Camera Station? AXIS Camera Station Service Control 5

Automatic Setup... 1 Manual Setup... 2 Installing the Wireless Certificates... 18

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

IIS, FTP Server and Windows

QuickStart Guide for Mobile Device Management. Version 8.6

SonicWALL Mobile Connect. Mobile Connect for OS X 3.0. User Guide

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Mobile Configuration Profiles for ios Devices Technical Note

Transitioning Your School Account

How to configure your Desktop Computer and Mobile Devices post migrating to Microsoft Office 365

How to Access Coast Wi-Fi

How to connect to NAU s WPA2 Enterprise implementation in a Residence Hall:

Using Virtual Machines

OneLogin Integration User Guide

Guide for Alumni. Transferring Office365 s to a Personal Account

EBOX Digital Content Management System (CMS) User Guide For Site Owners & Administrators

Reading an sent with Voltage Secur . Using the Voltage Secur Zero Download Messenger (ZDM)

How to Set Up Your. Account

Overview of Domain SSL

MultiSite Manager. Setup Guide

MelbourneOnline Hosted Exchange Setup

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

ManageEngine Desktop Central. Mobile Device Management User Guide

Schools CPD Online General User Guide Contents

Purple Sturgeon Standard VPN Installation Manual for Windows XP

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

ESET SECURE AUTHENTICATION. SonicWall SSL VPN Integration Guide

MultiSite Manager. Setup Guide

EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab

Set Up Setup with Microsoft Outlook 2007 using POP3

Introduction SSL-VPN. Creating and Installing Digital Certificates on SonicWALL SSL-VPN Appliances

QuickStart Guide for Managing Mobile Devices. Version 9.2

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Update Instructions

Code Signing Digital IDs GCC Certificate Installation Guide Rev 1.4

Remote Access VPN SSL VPN Access via Internet Explorer

Wireless Guest Server User Provisioning Instructions

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

How to set up Outlook Anywhere on your home system

Transcription:

GlobalSign Enterprise Solutions SonicWALL VPN User Guide Building a secure network using Enterprise PKI, SonicWALL Firewall, and Mobile Connect app for ios

TABLE OF CONTENTS Introduction... 3 About This Document... 3 Document Focus... 3 Settings for SonicWALL Firewall Device... 3 Obtain An SSL Certificate... 4 Import SSL Certificate into SonicWALL Security Appliance... 4 Enable SSL... 6 Create the User Account and Add to SSLVPN Services... 6 Settings for Enterprise PKI... 8 Create a Configuration Profile... 8 Upload Configuration Profiles... 10 Issuance of a Certificate... 12 Setting Up the End User Device... 13 Connecting to your VPN... 15 GlobalSign Contact Information... 15 2

INTRODUCTION ABOUT THIS DOCUMENT In this document we will describe how using a digital certificate enabled Apple configuration profile delivered through GlobalSign s Enterprise PKI (epki) service for the iphone/ipad can be used to make a secure SSL VPN connection via the SonicWALL Mobile Connect app for ios to a SonicWALL Firewall device. Implementing certificate based two factor authentication on ios devices can help organizations protect sensitive resources stored on internal networks. The contents described in this material were confirmed in our verification environment and results may differ depending on exact organization environment. DOCUMENT FOCUS The procedures in this document have been tested in the following environments. SonicWALL TZ210 GlobalSign Enterprise PKI iphone4 (ios 5.1) SonicWALL Mobile Connect (Secure Mobility Client) 1.0.25 SETTINGS FOR SONICWALL FIREWALL DEVICE The following steps are required to install the server certificate, enable the VPN connection, and install the client certificate that will access the VPN. Detailed instructions for each step are provided below. 1. Obtain an SSL Certificate Create an SSL certificate via your GlobalSign GCC Account. For this step, you should create a certificate using AutoCSR; this will give you a certificate in PKCS12 format for easy importing into the SonicWALL Security Appliance. 2. Import SSL Certificate into SonicWALL Security Appliance. 3. Enable SSL After your SSL Certificate is imported, enable the SSL VPN connection in the firewall. 4. SSL Server Configuration 5. Create the User Account and add to SSLVPN services 3

OBTAIN AN SSL CERTIFICATEE To apply for a server certificate using the GlobalSign Certificate Center (GCC) panel, select the AutoCSR method of enrolling for an SSL certificate. Use your VPN URL as common name in your certificate request. After certificate issuance, it will be possible to retrieve the PKCS12 file (certificatee + private key) for importing into the SonicWALL Application. The file will be delivered in a.pfx format. IMPORT SSL CERTIFICATE INTO SONICWALL SECURITY APPLIANCE First, you will need to log into the SonicWALL Security Appliance. Navigate to System > Certificates. Click the Import button at the bottom of the screen. The following Import Certificate popup windoww will appear. 4

Choose the Import a local end user certificate with private key option. Enter a Certificate Name, the password of the PKCS12 file and browse to the location of the PKCS12 file. Click the Import button when finished. Back on the System > Certificates screen, you can view the certificate you just imported by selecting the Imported certificates and request view. 5

ENABLEE SSL This section allows you to enable or disable SSL and select the interface you wantt turned on. Within the SonicWALL Security Appliance, navigate to SSL VPN > Server Settings. Select (click) the zone(s) thatt your clients will be connecting from; on selection the zone(s) should turnn green. Here you can also change the VPN Port and SSL certificate used by the server. CREATE THE USER ACCOUNT AND ADDD TO SSLVPN SERVICES Within the SonicWALL Security Appliance, navigate to Users > Locall Users. 6

Click on the Add User button and enter user s username and password details. Repeat this procedure for each user who will have access to your VPN. On the Groups tab, Select SSLVPN Services from the list of User Groups. After selection, hit the arrow under the list to move this group to the Member Of list on the right hand side. Finally, click the OK button to complete the SonicWALL configuration for this user and repeat this procedure for each user requiring access. 7

SETTINGS FOR ENTERPR RISE PKI Use Enterprise PKI to send a configuration profile at the same time that you install the certificate on the device. Enter your Enterprise PKI account to upload the configuration profile that you created using the iphone Configuration Utility, and then start with the issuance of certificates. CREATE A CONFIGURATION PROFILE First you will need to create a new configuration profile in the iphone Configuration Utility, available as a free download on Apple s site. Click the SCEP section on the left side of the screen to begin. Add dummy values to the following fields. The actual values will be overwritten by the system. URL: input dummy value Name: input dummy value Subject: O= =input dummy value, OU=input dummy value Challenge: test Next Select VPN in the menu on the left. 8

Here you set the following values: Connection Name: Any name Connection type: SonicWALL Mobile Connect Server: SonicWALL Host name or IP address you connect to for VPN access Set Password as means of User Authentication and enter the user s password you created above. You will be required to create a separate profile for each user. At this point you can also add, via the Restrictions section, any security restrictions to the devices you wish implemented before they can enter your network. You can also adjust email account settings via the Email section and exchange settings via the Exchange ActiveSync section.. 9

Export the profile you just created, either with or without signature. UPLOAD CONFIGURATION PROFILES In your GlobalSign GCC account click the Enterprise PKI tab. Click onn the Certificate Management item in the left hand menu. You will be prompted to present a certificate (you will need to obtain an administrator certificate during the first visit). 10

After presenting the certificate, you will see a menu item Edit iphone configuration at the bottom left menu, under the Useful Function section. Clicking that brings up the following screen. Click the Edit button next to the appropriate profile. This will bring up the following screen. Click Browse to select the configuration profile that you created with the iphone Configuration Utility. Click the Upload button and confirm the upload byy clicking the Next button. 11

The profile is now in place. ISSUANCE OF A CERTIFICATEE Issuance of certificates in Enterprise PKI can be carried out in two ways: New Certificate New Certificate Registration (BULK) Bulk Certificate Registration allows multiple certificate registrationss to be created concurrently via a CSV upload. For this example, we will use single certificate registration. Click New Certificatee in the Certificate Management section of the left hand menu. Select the appropriate profile and license and then click Next. Enter the Common Name and Email Address on the following screen. To ensuree the certificate can only be installed on one specific device, you can add the UDIDD or IMEI to the Device Authentication ID field. The Pickup Password will be used during installation of the certificate. Once you finish filling out the field, click the Next button. A certificate pickup email will be sent to the user. 12

SETTING UP THE END USER DEVICE In the end usebelow. device, certificate retrieval and VPN access is automatically set up by following the procedure Before installing the certificate, ensure SonicWALL Mobile Connect ios app is installed on the device. 13

Using the email client on the device, click the URL in the pickup email you will receive from GlobalSign. You will be redirected to the GlobalSign website and asked for the pickup password. Add the password, click the Get Cert button, and follow the instructions on the screen to installl the certificatee and VPN profile on the device. Click the Install button on the screen below to finish installing the certificate. The certificate installation process is now complete. 14

CONNEECTING T TO YOUR V VPN You can no ow connect to tthe VPN by opening the Mob bile Connect cl ient and hitting the Connect button. GLOBA ALSIGN CO ONTACT IINFORMA ATION GlobalSign Amer G ricas GlobalSign EEU GlobalSiggn UK Tel: 1 877 775 45 T 562 Tel: +32 16 8 891900 Tel: +44 1622 766766 www.globalsign. w com www.globalssign.eu www.gloobalsign.co.uk sales us@globalssign.com sales@globaalsign.com sales@gllobalsign.com GlobalSign FR G GlobalSign D DE GlobalSiggn NL Tel: +33 1 82 88 0 T 01 24 Tel: +49 30 8 8878 9310 Tel: +31 220 8908021 www.globalsign.f w fr www.globalssign.de www.gloobalsign.nl ventes@globalsig v gn.com verkauf@glo obalsign.com verkoop@ @globalsign.com m 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information