Okay here’s another guide that probably should have been put online sooner, but hey better late than never right? I’m sure there are probably a ton of TZ 1×0’s kicking around and if you’ve got a MAC and want to VPN in, but don’t have the SSL vpn software then you’ll need this guide. I’ve not tested this with anything other than a TZ190 Enhanced, but I’m pretty confident that it would work with at least any Enhanced OS in that same generation of SonicWalls, and maybe even outside of that generation as well.
This is the equivalent Global VPN Client for Mac.
Here is Part 1 – Router Side Configuration:
- Note: Identify whether or not the SonicWall will hand out DHCP addresses. Make note of this as we’ll need it later in the configuration.
- Start by clicking the VPN tab and then select Settings. See Figure 1.
- Click on the WAN GroupVPN Configure button. See Figure 2.
- Set your Authentication Method to IKE using Preshared Secret and Record your Shared Secret. See Figure 3.
- Click the Proposals Tab. Record your settings. In this case we are using DH 2, 3DES, SHA1, and 28800 for Phase 1 & 3DES, SHA1, and 28800 for Phase 2. See Figure 4.
- Click the Advanced Tab. Without XAUTH (As Shown See Figure 5.): Set Allow Unauthenticated VPN Client Access to Firewalled Subnets. Or With XAUTH (not shown): Check Require Authentication of VPN Client via XAUTH. Change User Group for XAUTH users to Trusted Users.
- Click the Client Tab. Change the Cache XAUTH User Name and Password on Client to Never. Change the Virtual Adapter settings: to DHCP Lease or Manual Configuration. Check the Use Default Key for Simple Client provisioning. Uncheck all other options. See Figure 6.
- Click Ok. Return to the VPN Settings page. Record your Sonicwall’s Unique ID. See Figure 7.
- Click DHCP Over VPN. Click the Configure button. See Figure 8.
- If the SonicWall is acting as the DHCP server (as shown, See Figure 9.) then Check Use Internal DHCP Server. Check For Global VPN Client. Or If the SonicWall is NOT acting as the DHCP server (not shown) then Check Send DHCP requests to the server addresses listed below. Click Add… and Add your DHCP’s Server’s IP address.
- (OPTIONAL) If you configured Trusted Users as the XAUTH group in Step Five continue with the steps below, Otherwise Skip to configuring the Client.
- Click the Users Tab, Select Local Users, Click Add User…
- Add a new user for each remote user and record the passwords.
- Change to the Groups tab for each user and add that user to the Trusted Users group.
- Click OK to Exit the New User… Window and then click the Users tab, select Local Groups, and then click the configure button for Trusted Users
- Click the VPN Access tab, add Firewalled Subnets into the Access List: section. Click Ok
Once You’ve completed these steps and Recorded all of the necessary information that you were asked to record, download and install IPSecuritas from the link HERE, and then Hop over to Part 2 – Configuring the IPSecuritas Client on a Mac, Here.