BorderGuard Client. Version 4.4. November 2013



Similar documents
Getting Started - Client VPN

GUARD1 PLUS SE Administrator's Manual

Yale Software Library

StrikeRisk v6.0 IEC/EN Risk Management Software Getting Started

Pearl Echo Installation Checklist

Tufts VPN Client User Guide for Windows

Configuring a Softphone for Windows for Virtual Contact Center

Magaya Software Installation Guide

Diamond II v2.3 Service Pack 4 Installation Manual

Installation Notes for Outpost Network Security (ONS) version 3.2

Installation Instruction STATISTICA Enterprise Server

ASTi PC ver Windows 7 Installation Guide. Document: DOC-01-PCVW7-IG-1

Check Point FDE integration with Digipass Key devices

How To Connect To A University Of Cyprus Vpn 3000 From Your Computer To A Computer With A Password Protected Connection

Installation Instruction STATISTICA Enterprise Small Business

Installation Instructions Release Version 15.0 January 30 th, 2011

1. System Requirements

Lexia Network Installation Instructions

Freshservice Discovery Probe User Guide

HP MediaSmart Server Software Upgrade from v.2 to v.3

DOE VPN Client Installation and Setup Guide March 2011

DIS VPN Service Client Documentation

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Server Sentinel Monitored Server

USER GUIDE WWPass Security for Windows Logon

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

Core Protection for Virtual Machines 1

QUANTIFY INSTALLATION GUIDE

User Guide. CTERA Agent. August 2011 Version 3.0

Installation Guide for Pulse on Windows Server 2012

TRBOnet Enterprise 3.0

Ultra Thin Client TC-401 TC-402. Users s Guide

Citrix Access Gateway Plug-in for Windows User Guide

3M Occupational Health and Environmental Safety 3M E-A-Rfit Validation System. Version 4.2 Software Installation Guide (Upgrade) 1 P age

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

Endpoint Security VPN for Windows 32-bit/64-bit

Server Sentinel Client Workstation

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

ilaw Installation Procedure

4cast Client Specification and Installation

How to use the VMware Workstation / Player to create an ISaGRAF (Ver. 3.55) development environment?

Using Remote Desktop with the Cisco AnyConnect VPN Client in Windows Vista

Nexio Connectus with Nexio G-Scribe

Installation and Connection Guide to the simulation environment GLOBAL VISION

Allworx OfficeSafe Operations Guide Release 6.0

Esi-Mail. Setup and User s Guide. Visit for up-to-date help Rev. A

FedEx Ship Manager Software. Installation Guide

Point of Sale 2015 Enterprise. Installation Guide

Operating System Installation Guide

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Installation Guide for Pulse on Windows Server 2008R2

c. Securely insert the Ethernet cable from your cable or DSL modem into the Internet port (B) on the WGT634U. Broadband modem

TECHNICAL BULLETIN. Configuring Wireless Settings in an i-stat 1 Wireless Analyzer

Table of Contents. 1. Overview Materials Required System Requirements User Mode Installation Instructions..

TANDBERG MANAGEMENT SUITE 10.0

System Administration Training Guide. S100 Installation and Site Management

RSA Authentication Manager 7.1 Basic Exercises

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Topaz Installation Sheet

AT&T Global Network Client User s Guide

NSi Mobile Installation Guide. Version 6.2

Charter Business Desktop Security Administrator's Guide

Hosting Users Guide 2011

Software Operations Manual

WinConnect Server ES User Manual

HOW TO CONNECT TO FTP.TARGETANALYSIS.COM USING FILEZILLA. Installation

SafeCom Smart Printing Administrator s Quick Guide

How to connect to via VPN Remote Desktop for Windows 2000, XP, & Vista-32bit

Network Scanner Tool R3.1. User s Guide Version

CTERA Agent for Windows

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Matisse Installation Guide for MS Windows

Cyclope Print Management Software

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Table of Contents. Rebit 5 Help

Creating client-server setup with multiple clients

Guide for Remote Control PDA

atbusiness Deposit Installation Guide Table of Contents

Installing Windows XP Professional

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

Virtual CD v10. Network Management Server Manual. H+H Software GmbH

StarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core

McAfee Total Protection Service Installation Guide

HP MediaSmart Server Software Upgrade from v.1 to v.3

RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide

How To Configure CU*BASE Encryption

PIGCHAMP MOBILE. PigCHAMP Knowledge Software. Installation Guide for Mobile Units

Moxa Device Manager 2.0 User s Guide

E-CERT C ONTROL M ANAGER

How To Install Sedar On A Workstation

MGC WebCommander Web Server Manager

Network Connect Installation and Usage Guide

Troubleshooting Sprint Mobile Broadband USB Modem by Novatel Wireless TM (Ovation TM U727)

Initial Installation and Configuration

Keystone 600N5 SERVER and STAND-ALONE INSTALLATION INSTRUCTIONS

FileMaker Server 8. Administrator s Guide

Transcription:

BorderGuard Client Version 4.4 November 2013 Blue Ridge Networks 14120 Parke Long Court, Suite 103 Chantilly, Virginia 20151 703-631-0700 WWW.BLUERIDGENETWORKS.COM All Products are provided with RESTRICTED RIGHTS. Use, duplication or disclosure by the Government is subject to restrictions set forth herein and in sub-paragraphs (a) through (d) of the Commercial Computer-Restricted Rights clause at FAR 52.227-19, as applicable.

Table of Contents 1 Introduction... 3 1.1 Overview... 3 2 Hardware and Software Requirements... 3 2.1 Software... 3 2.2 Hardware... 3 3 Operation... 3 3.1 Installing... 3 3.1.1 Prerequisites... 4 3.1.2 Installing from CD or Disk Drive... 4 3.1.3 Installing using SMS or SCCM... 4 3.2 Running... 4 3.2.1 First Time Use when using Security Tokens... 4 3.2.2 Connecting using a Security Token... 5 3.2.3 Connecting using a Crypto Ignition Key... 5 3.2.4 Connecting using an X.509 Certificate... 6 3.2.5 Disconnecting from your Home Network... 12 3.2.6 Viewing Logs... 12 3.2.7 Troubleshooting... 13 Page 2

1 Introduction 1.1 Overview The BorderGuard (BG) Client is used to securely connect a Windows PC to a remote Home Network (the customer s or agency s internal network) after the end-user s identity is validated. There are three different authentication methods used by the. The first is a Security token. When the Security Token is inserted into a USB port, the application will prompt for a PIN number. After the PIN is validated, will connect to the remote Home Network specified on the Security Token. Security Tokens are generated using the Token Utility which can be downloaded from the BorderGuard Management Console. After the Security Token is created, a PIN must be generated on the token using the BorderGuard PIN utility. The second authentication method is to use an X.509 Identification Certificate. This certificate can be installed on the user s PC or it can be located on a smart card (such as a CAC or PIV card) inserted into the PC. Also optionally, after the PC has network connectivity to the Home Network, the BorderGuard Client can be configured to terminate the connection if an Active Directory Smart Card Authentication is not performed. The third authentication method is a USB Crypto Ignition key. In this case, a policy on the key indicates that a PIN is not required and the client will connect without prompting for a password as soon as the key is inserted into a USB port. 2 Hardware and Software Requirements 2.1 Software Microsoft Windows VISTA, Service Pack 2 and above (32 and 64 Bit). Microsoft Windows 7, Service Pack 0 and above (32 and 64 Bit). Microsoft Windows 8, Service Pack 0 and above (32 and 64 Bit). 2.2 Hardware Multi-core processor recommended: Recommended: Core 2 Duo (>=1.8Ghz) or better Minimum: Pentium 4 with hyper-threading enabled (>=2.4Ghz) or better 1.00 GB of Available RAM (2.0 GB Recommended). 200 MB free Hard Disk space. 3 Operation 3.1 Installing NOTE: should not be installed on any PC that already has a Blue Ridge VPN Client installed on it that uses an ikey for two-factor authentication. Any previous version of BorderGuard Client must be uninstalled prior to installing the latest version. Page 3

3.1.1 Prerequisites Disable any Antivirus software. Close all applications and utilities. The system should have at least the minimum configuration described above. 3.1.2 Installing from CD or Disk Drive 1. To run the installation program, logon as a user with local administrator rights on the system. The installation will check the rights and terminate with an error if the user doesn't have the local administrator privileges on the system. Note: The user does not require administrator privileges to run the application; administrator privileges are only required for installation. 2. If AppGuard Consumer is installed, lower the AppGuard protection level to Install or Off prior to initiating the installation software. 3. If AppGuard Enterprise is installed on the PC, use the Administrator Mode to disable all AppGuard protections and stop the AppGuard Service. Refer to you AppGuard Enterprise System Administrator for more information. 4. Launch the setup program from either the CD or disk drive. 5. Follow the installation directions. 6. Reboot the workstation if prompted. 3.1.3 Installing using SMS or SCCM Launch setup.exe with the following parameters: /S To Suppress messages from setup.exe /v Pass parameters (below) to the msiexec.exe /qn Quiet and no user interface /Log <LOG_FILE_PATH> Logs the install to a file REBOOT=ReallySuppress Notes: Parameters are encased in double quotes Everything is case sensitive 3.2 Running 3.2.1 First Time Use when using Security Tokens The very first time that you use your Security Token in a particular USB port, a plug and play driver for the Rainbow ikey 1000 is installed. Page 4

This should only happen the very first time that a particular USB port is used with the. Double click on the tray icon to initiate another connection. 3.2.2 Connecting using a Security Token To start the client, insert your token into a USB port and you will be prompted for a PIN (if you have not received a PIN, please contact your system administrator): Once the PIN is validated, the client will verify that there is connectivity to the Blue Ridge BorderGuard network security appliance. Once connectivity is verified, the client will establish an encrypted tunnel to the home network. While the connection is being established, the tray icon will blink until the secure connection is complete. When the connection process is complete, status notification is provided at the tray icon: Likewise, when the tunnel has been dropped, a status notification of the change is displayed: Move the cursor over the icon at any time to view a tool tip displaying the current status. 3.2.3 Connecting using a Crypto Ignition Key A Crypto Ignition Key is a special security token which has an embedded policy that indicates a PIN is not required in order to initiate a connection. As soon as the Crypto Ignition Key is inserted into a USB port, the Client will validate the key and initiate a VPN Connection to a BorderGuard listed in the connection policy on the Key. Connection status notification is provided as shown in section 3.2.2 above. Page 5

The Crypto Ignition Key may be used during PC boot up in order to establish a tunnel prior to logging into the PC. This facilitates Active Directory login remotely through the tunnel. When using this feature, the LED on the Crypto Ignition Key provides connection status: On: During PC boot up, if the Crypto Ignition key is inserted prior to the BorderGuard Client service starting, this indicates that the USB driver has recognized that the key has been inserted Steady Double Blink: Indicates that the Client is reading the token and is in the process of connecting. Steady Single Blink: Indicates that the Client is connected. Off: Indicates that either the key s USB driver is not functioning or that the Client has encountered an error when validating the key. Steady Triple Blink: Indicates that the Client is resetting the Cryptographic Engine. 3.2.3.1 Using the Crypto Ignition Key during boot up When a Crypto Ignition Key is used to initiate a connection prior to logging in, services to establish Network Connectivity and to enable USB device drivers must be started on the PC. Because this may take several minutes, it is recommended that the Crypto Ignition Key be inserted after the Windows Login screen is displayed. Once the key is inserted, USB drivers will recognize the event and the token s LED will be lit. Next, the client will validate the token s policy settings and initiate a connection to the BorderGuard. During this step, the LED will blink twice in quick succession if the crypto key can be validated. If it cannot be validated, the LED will be turned off. When a connection has been established, the LED will blink steadily. The connection can be terminated by removing the Crypto Ignition key or by clicking on the client tray icon. 3.2.4 Connecting using an X.509 Certificate Connecting the client using an X.509 certificate requires that a connection profile be defined on the PC for each user. Once the profile is created and saved, connecting is as simple as doubleclicking on the tray icon. Connection status notification is provided as shown in section 3.2.2 above. There are three different methods of creating profiles: 3.2.4.1 Manually Create the Profile To create a profile, right-click on the tray icon and select Open BorderGuard from the tray menu: The User Interface will be displayed: Page 6

Selecting New from the File menu will display the Connection Profile User Interface: Page 7

To create a connection profile, enter the following fields: Profile Name: Enter a name for this profile. This name will appear on the client s main user interface. Description: This is an optional description of the connection profile. BorderGuard: Enter the IP address of the BorderGuard that the client will connect to. Certificate: Click on the Select button to select an X.509 certificate for authentication to the BorderGuard. If using a certificate on a smart card, be sure to insert your smart card prior to clicking on this button: If your policy requires Active Directory Authentication, click on the Check box in the upper left-hand corner. This will cause only certificates which are valid for Active Directory authentication to be displayed. Auto Reconnect: Check this box, if you wish to have the client automatically reconnect if the connection should get disrupted. Commands Tab (optional): The commands tab is used to run programs or scripts at various trigger points during the connection process: o Before connecting: This command will run before the connection process is initiated. o After connecting: This command will run after the connection is established. o Before disconnecting: This command will run after a user explicitly disconnects (i.e. disconnects by clicking on the Disconnect button or selecting Disconnect from the tray menu) the. o After disconnecting: this command will run after the has disconnected from the BorderGuard. o After AD authn: this command will run after a successful Active Directory Authentication is performed. The command should include the entire path of the script or executable. Note: the command execution is ultimately controlled by policy that is downloaded from the BorderGuard immediately before the connection is established. If the policy does not Page 8

permit the end-user to edit these commands, then the client will not execute them. Also, if a command is included in the policy it will take precedence over any command that is entered by the end-user. Alternate BorderGuards (optional): This tab is used to enter additional BorderGuards that will be connected to when the primary BorderGuard does not respond: To add an Alternate BorderGuard, enter an IP address and then click on the Add button. To change the order of the BorderGuards, click on the up and down arrows as desired. If Load Spreading is selected, the client will randomly connect to one of the BorderGuards in the Alternate List as well as the BorderGuard entered on the main Connection Profile page resulting in load sharing between all BorderGuards in the list. In the example shown above, the Client will randomly connect to either 65.202.129.8 or 65.202.129.9. If Load Spreading is not selected, then the client will always connect to the BorderGuards in the order listed. Disaster Recovery BorderGuards (optional): This tab is used to enter additional BorderGuards that will be connected to if the primary BorderGuard and all Alternate BorderGuards do not respond. Note, a connection to the disaster recovery BorderGuards will be attempted if and only if all of the other BorderGuards (primary and alternate) could not be reached. After the profile information is entered, click on OK. The profile will now appear in the Profile drop down box on the main user interface: Page 9

3.2.4.2 Automatically create each user s profile from the All Users profile This method of creating the profile is especially useful when will be used by multiple users on the same PC. In this case, the administrator will create a connection profile manually (refer to Section 3.2.4) and edit the file to remove certificate information. The file(s) should be copied to the C:\ProgramData\Blue Ridge Networks\Profiles directory on the target PC. The first time that a user double-clicks on the icon, the All Users connection profile will be copied to the currently logged on User s profile directory. Since the certificate fields are not included in the All Users Connection profile, the user will be prompted to select a certificate: Once the certificate is selected, click on OK and the client will proceed with the connection. To create the All Users connection profile, follow the instructions in Section 3.2.4. Once the profile is saved, locate the profile in the current user s profile directory: C:\Users\<user_name>\AppData\Roaming\Blue Ridge Networks\Profiles There will be two files located in this directory. Open them in Notepad and remove any lines starting with the following text: Certificate= CertificateThumbprint= Page 10

Save the files and copy them to the C:\ProgramData\Blue Ridge Networks\Profiles directory on the target PC. will now use the connection profile file(s) found in this directory to create connection profile files for any user that logs in and uses the BorderGuard Client for the first time. 3.2.4.3 Automatically create the profile based on information embedded in the Certificate The is also able to automatically create a connection profile based on information that is embedded in the Initials field of the Certificate. Of course this feature cannot be used in the case where the certificates are being generated by an outside Certificate Authority (such as for U.S. Government CAC/PIV cards), but when generating certificates using the BorderGuard Management Console this option can be quite useful. When using this feature, the end-user does not have to create a profile or select a certificate. In this case, when the end-user double-clicks on the tray icon, the will search for a certificate in the user s Certificate Store that contains a BorderGuard IP in the Initials field. If a certificate is found containing the BorderGuard IP, a connection profile using the information embedded in the Initials Field will be created. Note: the first certificate found with an embedded BorderGuard IP will be used. On the BorderGuard Management Console ID Certificates page, create a template containing the BG IPs: Once the template is saved, additional ID certificates with the desired Profile can easily be created by loading the template when creating new certificates. Populate the Initials field as follows to use the auto-profile features: 1. To specify a Primary BG: ///BG=<ip>/// 2. To specify Alternate BGs: ///BG=<ip>/BG=<ip>/BG=<ip>/// Page 11

The first BG is interpreted as the primary BG and all additional BG=<ip> are interpreted as Alternate BGs. 3. To specify Disaster Recovery BGs: ///BG-=<ip>/BG-=<ip>/// 4. To specify Load Spreading enter LS=<0 1> : ///BG=<ip>/BG=<ip>/LS=<0 1>/// The default setting is for Load Spreading is enabled ( LS=1 ). 5. To specify a Static IP (used by the Client s Virtual Network Interface Card when connected to the Home Network): ///IP=<ip>/NM=<net mask>/gw=<gateway>/dns=<ip >/WINS=<ip>/// The DNS and WINS specifications are optional. The maximum number of DNS IP addresses is 3. The maximum number of WINS IP addresses is 2. 6. The client can use combinations of any of the above: ///IP=10.0.10.5/NM=255.255.255.255/GW=10.0.10.1/DNS=10.0.10.3/BG=1.2.3.4/BG=1.2.3.5/BG- =11.22.33.44/BG-=11.22.33.55/LS=1/// 3.2.5 Disconnecting from your Home Network To disconnect from the Home Network, perform one of the following: If using a Security Token or Crypto Ignition Token, remove the token. Right-click on the tray icon and select Disconnect from the tray menu: Open the GUI and click on the Disconnect button: 3.2.6 Viewing Logs The creates logs when it attempts to connect. The logs can be viewed by selecting Log from the tray menu: Page 12

This will display an interface which shows the log files: From this Window, select the Logs you wish to view and click on View Logs. The logs will be opened with NotePad. The Logs can also be deleted from this menu. 3.2.7 Troubleshooting 3.2.7.1 Initial Connection When using a Security Token, if the cannot reach a BorderGuard, it will display the following message: This is an indication of one of the following: 1. There is no network connectivity verify that you have Internet access. 2. The BorderGuards are down: Consult your administrator to determine. 3. The BorderGuard IP addresses or UDP ports are being blocked by a Firewall or router. 4. The Token has been disabled. DpfPing.exe, a utility installed with the, can be used to troubleshoot issues where Firewalls or routers are blocking access to BorderGuard IP addresses or UDP ports. To use DpfPing, open a DOS command prompt and navigate to the Program Files directory: Page 13

On 64-bit systems, the is located in the Program Files (x86)\blue Ridge Networks directory. On 32-bit systems, the is located in Program Files\Blue Ridge Networks. Executing DpfPing without any command line parameters will display the command line syntax, but generally the two most useful commands are: And Dpfping <ip_address> -u<udp_port> Dpfping <ip_address> -u<udp_port> -rnv 3.2.7.2 Additional Logs In addition to the Connectivity Logs discussed in Section 3.2.6, the provides logs that may be requested by customer support when trouble-shooting connection problems. These logs provide more detail about the activity of each of the components during a connection. These logs can be exported by selecting the Options->Export Log menu item on the Client s user interface: When exporting logs, the client will prompt for a folder to export the log files to: Page 14

Select a folder such as your My Documents folder or Desktop and click on OK. The client will collect all related logs and compress them into a file named brn.cab in the selected folder. Email the file to Blue Ridge Networks customer support (support@blueridgenetworks.com). 3.2.7.3 Debug Log When requested by customer service, even more information may be gathered by enabling the Debug Log. This should only be done at customer service s request as this may have some performance impacts. To enable the debug log, select Options->Enable Debug Log menu item on the client s User Interface: Page 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information