StoneGate Administrator's GuideIPsec VPN Client 4.3
Legal InformationEnd-User License AgreementThe use of the products described in these materials is subject to the then current end-user license agreement, which can be found at the Stonesoft website: www.stonesoft.com/en/support/eula.html
General Terms and Conditions of Support and Maintenance ServicesThe support and maintenance services for the products described in these materials are provided pursuant to the general terms for support and maintenance services and the related service description, which can be found at the Stonesoft website: www.stonesoft.com/en/support/view_support_offering/terms/
Replacement ServiceThe instructions for replacement service can be found at the Stonesoft website: www.stonesoft.com/en/support/view_support_offering/return_material_authorization/
Hardware WarrantyThe appliances described in these materials have a limited hardware warranty. The terms of the hardware warranty can be found at the Stonesoft website: www.stonesoft.com/en/support/view_support_offering/warranty_service/
Trademarks and PatentsThe products described in these materials are protected by one or more of the following European and US patents: European Patent Nos. 1065844, 1259028, 1271283, 1289183, 1289202, 1313290, 1326393, 1379046, 1330095, 131711, 1317937 and 1443729 and US Patent Nos. 6,650,621; 6 856 621; 6,885,633; 6,912,200; 6,996,573; 7,099,284; 7,127,739; 7,130,266; 7,130,305; 7,146,421; 7,162,737, 7,234,166, 7,260,843, 7,280,540 and 7,302,480 and may be protected by other EU, US, or other patents, or pending applications. Stonesoft, the Stonesoft logo and StoneGate, are all trademarks or registered trademarks of Stonesoft Corporation. All other trademarks or registered trademarks are property of their respective owners.
DisclaimerAlthough every precaution has been taken to prepare these materials, THESE MATERIALS ARE PROVIDED "AS-IS" and Stonesoft makes no warranty to the correctness of information and assumes no responsibility for errors, omissions, or resulting damages from the use of the information contained herein. All IP addresses in these materials were chosen at random and are used for illustrative purposes only. Copyright 2008 Stonesoft Corporation. All rights reserved. All specifications are subject to change.
Table of ContentsCHAPTER 1 Introduction 5How to Use This Guide 6 Typographical Conventions 6 Documentation Available 7 Product Documentation 7 Support Documentation 7 System Requirements 8 Contact Information 8 Licensing Issues 8 Technical Support 8 Your Comments 8 Other Queries 8 Signing Internal Certificates 19 Changing User ID Type 20
CHAPTER 6 Logs and Diagnostics 21Overview to Logs and Diagnostics 22 Using Logs in the IPsec VPN Client 22 Viewing Logs 22 Collecting Diagnostics 24
CHAPTER 7 Creating Advanced Certificate Requests 27Creating Advanced Certificate Requests 28
CHAPTER 2 Whats New? 9New Features in StoneGate IPsec VPN 4.3 10
CHAPTER 8 Configuring VPN Client Installations 33Introduction to Configuring VPN Client Installations 34 Exporting the Gateway Contact Information 34 Copying Gateway Contact Information Files 35 Creating a Customized Installation Package 35 Installing IPsec VPN Clients with a Transform File 35
CHAPTER 3 Getting Started with the StoneGate IPsec VPN Client 11Overview to StoneGate IPsec VPN Client 12 User Authentication 12 Virtual IP Addressing 12
CHAPTER 4 Configuring the VPN Client 13IPsec VPN Client Configuration Overview 14 Configuring the VPN Client 14 Installing the VPN Client 15 Changing the VPN Clients MAC Address 16
CHAPTER 5 Using Certificates with the VPN Client 17Overview to VPN Client Certificates 18 Using Certificates 18 Using Internal Certificates 18 Using External Certificates 18
Welcome to Stonesoft Corporations StoneGate IPsec VPN client. This chapter describes how to use the StoneGate IPsec VPN Client Administrators Guide and lists other available documentation. It also provides directions for obtaining technical support and giving feedback. The following sections are included: How to Use This Guide, on page 6 Documentation Available, on page 7 Contact Information, on page 8
How to Use This GuideThis StoneGate IPsec VPN Client Administrators Guide is intended for the administrators of the StoneGate IPsec VPN Client. It describes how the VPN client functions. The configuration of VPN access for the VPN client users is described in the Administrators Guide and the Online Help of the Management Client. The basic use of the VPN client is described in the StoneGate IPsec VPN Client Users Guide. For other available documentation, see Documentation Available, on page 7.
Typographical ConventionsThe following ways to highlight special text are used throughout the guide:TABLE 1.1 Typographical Conventions
Formatting VPN Client text References, termsCommand line User input
Informative Uses Interface elements (e.g., menu options) and any other interaction with the user interface are in bold-face. Cross-references and first use of acronyms and terms are in italics. File names, directories, and text displayed on the screen are monospaced. Text you need to type is monospaced bold-face.
Note Notes provide important information that may help you complete a task.
Chapter 1: Introduction
Documentation AvailableProduct DocumentationThe table below lists the available product documentation.TABLE 1.2 Product Documentation
DescriptionExplains the operation and features of StoneGate comprehensively. Demonstrates the general workflow and provides example scenarios for each feature area. Available for StoneGate Firewall/VPN and StoneGate IPS. Instructions for planning, installing, and upgrading a StoneGate system. Available for StoneGate Firewall/VPN and StoneGate IPS. Detailed instructions for the configuration and use of StoneGate. Accessible through the Help menu and by using the Help button or the F1 key in any window or dialog. Available in the StoneGate Management Client and the StoneGate Monitoring Client. An HTML-based system is available in the StoneGate SSL VPN Administrator through help links and icons. Describes how to configure and manage a StoneGate system step-by-step. Available as a combined guide for both StoneGate Firewall/VPN and StoneGate IPS, and as separate guides for StoneGate SSL VPN and StonGate IPsec VPN Client. Instructions for end-users. Available for the StoneGate IPsec VPN Client and the StoneGate Monitoring Client. Instructions for physically installing and maintaining StoneGate appliances (rack mounting, cabling etc.). Available for all StoneGate hardware appliances.
Appliance Installation Guide
PDF versions of the guides are available on the Management Center CD-ROM and at http://www.stonesoft.com/support/.
Support DocumentationThe StoneGate support documentation provides additional and late-breaking technical information. These technical documents support the StoneGate Guide books, for example, by giving further examples on specific configuration scenarios.
The latest StoneGate technical documentation is available on the Stonesoft website at http://www.stonesoft.com/support/.
System RequirementsThe system requirements for running StoneGate, including the approved network interfaces, supported operating systems, and other such hardware and software requirements for StoneGate engines and the Management Center can be found at http://www.stonesoft.com/en/products_and_solutions/products/fw/ Certified_Servers/ (see the Technical Requirements section at the bottom of the page). The hardware and software requirements for the version of StoneGate you are running can also be found in the Release Notes included on the Management Center CD-ROM and on the software download page at the Stonesoft website.
Contact InformationFor street addresses, phone numbers, and general information about StoneGate and Stonesoft Corporation, visit our Web site at http://www.stonesoft.com/.
Licensing IssuesYou can view your current licenses at the License Center section of the Stonesoft website at https://my.stonesoft.com/managelicense.do. For license-related queries, e-mail firstname.lastname@example.org.
Technical SupportStonesoft offers global technical support services for Stonesofts product families. For more information on technical support, visit the Support section at the Stonesoft website at http://www.stonesoft.com/support/.
Your CommentsWe want to make our products suit your needs as best as possible. We are always pleased to receive any suggestions you may have for improvements. To comment on software and hardware products, e-mail email@example.com. To comment on the documentation, e-mail firstname.lastname@example.org.
Other QueriesFor queries regarding other matters, e-mail email@example.com.
Chapter 1: Introduction
This section lists major changes since the previous release. For a full list of changes in the software, consult the Release Notes. The following sections are included: New Features in StoneGate IPsec VPN 4.3, on page 10
New Features in StoneGate IPsec VPN 4.3Customized Installation PackageYou can now customize the installation by adding the gateway information into the installation package. If the installation is customized, the VPN client users do not need to add the gateways manually in the VPN client after the installation. For more details, see Configu