SONICWALL Global VPN Client 4.10.7 January 2023 Instructions

: June 9, 2024
: SONICWALL

SonicWall® Global VPN Client January 2023
Release Notes
January 2023

These release notes provide information about the SonicWall® Global VPN Client 4.10.7 release.

About Global VPN Client 4.10.7

The Global VPN Client 4.10.7 release is a minor release that provides protection against potential privilege escalation which leverages the client’s installation program.

Pre-Installation Requirements

SonicWall strongly recommends you follow these steps before installing the SonicWall Global VPN Client (GVC) 4.10.7 client:

Uninstall any previous version of SonicWall Global VPN Client, before trying to install 4.10.7. Upgrading to GVC 4.10.7 from the earlier version is not supported.
SonicWall GVC encounters run time conflicts when it co-exists with any 3rd party IPsec VPN clients. Uninstall all IPsec VPN clients prior to installing SonicWall GVC.

NOTE: The Global VPN Client is launched as soon as the installation completes. The Start SonicWall Global VPN client every time I login option can no longer be set during installation, but this option is available on the General tab in the View > Options page of the client.

Supported Windows Clients

SonicWall Global VPN Client 4.10.7 supports both 32-bit and 64-bit client machines with separate installers for each respective platform.
These versions of Microsoft Windows are supported by SonicWall Global VPN Client 4.10.7:

Windows 11
Windows 10 (64-bit and 32-bit)

NOTE: These operating systems and platforms are not supported:

ARM-based devices, including the ARM-based Surface tablet.
Windows 8.1
Windows 8.0
The Preview version of the Windows 8.1 Tablet OS.
Windows 7
Windows XP, Windows Vista, Windows 2000, Windows NT 4.0, Windows ME, Windows 98, or Windows 95.

Supported SonicOS Firmware

The SonicWall GVC 4.10.7 release is compatible with these firmware releases:

SonicOS 7.0.1 or later
SonicOS 6.5.4.8 or later

Resolved Issues

This section lists issues that are resolved in the SonicWall Global VPN Client 4.10.7 release:

Resolved issue	Issue ID

A vulnerability in the Global VPN Client potentially results in an uncontrolled search path element.| CLNT-333
A vulnerability in the 32-bit Global VPN Client potentially results in an uncontrolled search path element over Microsoft Foundation Class Library DLLs.| CLNT-497
A vulnerability in the Global VPN Client potentially results in an uncontrolled search path element via the application installer (RunMSI.exe).| CLNT-746
The Global VPN Client installer does not remove the RarSFX folder and its contents after installation.| CLNT-750

Workaround: Either:

Using Windows Explorer: Open the C:\Users\AppData\Local\Temp folder and delete the contents of the RarSFX folder.
From MySonicWall: From the Download Center, select Global VPN Client and download and run the script available there.
For instructions on downloading and using the Global VPN Client (GVC) Cleaner Tools, see Where to find Global VPN Client (GVC) Cleaner Tools.

Additional References

The following additional resolved issues in this release are listed here for reference: CLNT-740

Product Licensing

SonicWall network security appliances must be registered on MySonicWall to enable full functionality and the benefits of SonicWall security services, firmware updates, and technical support. Log in or register for a MySonicWall account at https://mysonicwall.com/.
You can download the latest SonicWall Global VPN Client from MySonicWall.

Troubleshooting

This section describes different troubleshooting procedures for GVC. Use the following figure to determine with process to follow.
NOTE: The numbers in the boxes in the figure refer to the applicable process. For example, the box numbered 1 refers to Process 1.

Troubleshooting Process for GVC

Process 1: Debug Install Issue

If this is a SonicWall GVC upgrade install, then:

Uninstall GVC.
Reboot your computer.
Run setup again.

If you still encounter an error, follow these instructions:

1 Blue Screen during Install Process
2 Global VPN Client Install Fails due to the Following Error:
3 GVC Install is Stuck while Installing the SonicWall Virtual Adapter
4 SonicWall GVC Install fails due to this Error:

Blue Screen during Install Process
If you get a blue screen after the upgrade to GVC 4.10.1, send the file,
%SystemRoot%\Minidump.dmp (%SystemRoot% is usually C:\Windows) to Tech Support for further troubleshooting
If you can reproduce the symptom, choosing Kernel memory dump could be of even more help as it should have more information. To get detailed memory dump, you need to do following;
a Start > Computer, right-click on Computer and select Properties.
b Choose Advanced System Settings, and then choose Settings under Startup and Recovery. The settings are under the System Failure section. The dump file by default is written to the %SystemRoot%\MEMORY.DMP file.
Global VPN Client Install Fails due to the Following Error:
This error could happen in these cases:
• Installing SonicWall GVC without a reboot after GVC uninstall.
• Hard reset during the install operation.
• SonicWall GVC install is an upgrade from an earlier GVC Beta version.
Reboot your computer, and then run setup again. If it still results in the same error, then do the following:
a Right-click the Command Prompt icon, and select Run as Administrator.
b Change directory to %SystemRoot%\system32\drivers (%SystemRoot% is C:\Windows).
c Type net stop SWIPsec.sys. You may see either success or failure returned.
d Rename SWIPsec.sys to SWIPsec.sys.bak (if SWIPsec.sys exists in this directory).
Now run setup again, and install SonicWall GVC
GVC Install is Stuck while Installing the SonicWall Virtual Adapter
You may have to do a hard reset if the installation is stuck during the install of the Virtual Adapter. After power up, uninstall SonicWall GVC and reboot your computer. Now verify that SonicWall Virtual Adapter does not exist. Go to Start > Control Panel > Network and Internet > Network and Sharing Center > Manage Network Connections page. If it still exists after the SonicWall GVC uninstall, it is most likely due to registry corruption during the hard reset.
Manually uninstall SonicWall Virtual Adapter:
a Go to Start > Computer, right-click Computer, and select Properties.
b Choose Device Manager, and then choose Network adapters.
c Right-click SonicWall VPN Adapter, and uninstall this adapter.
d Select the Delete the driver software for this device checkbox.
e Change to the %SYSTEMROOT%\System32\Drivers directory and delete SWVNIC.SYS.
f Reboot your machine.
g After power up, install SonicWall GVC again.
SonicWall GVC Install fails due to this Error:
SWGVCSVC Module has Stopped Working
This error indicates that the installer failed to install SonicWall services. Run SonicWall GVC installer for the second time.

Process 2: Post-Install Errors

These problems are seen after the successful install:

Blue Screen
Failed to Run SonicWall Service

Blue Screen

Network Adapter Card drivers: Check if you are using the latest driver for each Network Adapter card installed on your computer. If not, then you have to first upgrade to the latest version of the driver and then run SonicWall GVC again.
Trend Micro firewall: If you have installed this client-based firewall, then check to make sure it is the latest version from the Vendor Website. If it is and you are still getting a blue screen, then disable the Trend Micro Common firewall driver binding from the properties of the Virtual adapter.
If the blue screen still persists, then you need to provide the %SystemRoot%\Minidump (%SystemRoot% is usually C:\Windows) file to Tech Support for further investigation.
If you can reproduce the symptom, choosing Kernel memory dump could be of even more help as it should have more information. To get detailed memory dump:
a Start > Computer, right-click on Computer and select Properties.
b Choose Advanced System Settings, and then choose Settings under Startup and Recovery. The settings are under the System Failure section. The dump file by default is written to the %SystemRoot%\MEMORY.DMP file.

Failed to Run SonicWall Service
Open a DOS command prompt window by right-clicking on the icon and select Run as administrator. Change the directory to the SonicWall GVC install directory (usually \Program Files\SonicWall\SonicWall Global VPN Client), and type the following commands.

Net stop SWGVCSVC
Net start SWGVCSVC

Process 3: Cannot Access Certain Destination Networks

From the SonicWall GVC menu select, File > Properties > Status tab. In the connection section, click the Details button. Verify the destination network you are trying to reach exists in the Destination Proxy IDs list. The information is user-specific and can be controlled in the Group VPN Policy on the firewall. This verification can also be done from a SonicWall GVC report, and can be found under this heading:
i. Destination Networks
ii. ——————–
iii. 192.168.0.0/255.255.255.0/BOOTPS: Phase 2 Complete
iv. 192.168.0.0/255.255.255.0/Any: Idle
This destination proxy ID list is generated on a per-user basis, so it is possible the user access list is missing the required destination networks.
If Step 1 is verified, but it still fails, then verify the route to and from the destination network is correct on the firewall side. This may require a packet capture either on the SonicWall appliance or an external packet capture on the host you are trying to reach.

Process 4: Cannot Browse the Internet after GVC Connection is Enabled and

Connected

GenerateSonicWall GVC report (Help > Generate Report menu) and verify if the policy is a tunnel all policy. Check that the default route points to the correct interface. If the policy is tunnel all, then a packet capture on the SonicWall appliance should provide information if the packet is dropped at the firewall due to an incorrectly configured or unavailable rule to route the Internet packets. To help trace this, start a continuous ping from SonicWall GVC client to 4.2.2.2, and use the packet capture utility on the firewall to trace the packet destination.

Process 5: Peer is not Responding to ISAKMP Requests from GVC; Check GVC

Logs to Verify

Verify the host running the SonicWall GVC application has Internet connectivity and can browse the Internet. If not, then fix this problem, and then go to Step 2.
Verify the Peer gateway is running and the zone Group VPN policy is enabled. If you have other SonicWall GVC clients connecting to the same firewall on the same interface of the firewall, then this is not a problem. Go to Step 3.
SonicWall GVC works from certain locations, and this error message only shows up when you are behind a certain NAT device.
It is possible that this NAT device is blocking IKE traffic and so requires a rule (policy) to allow IKE packets from GVC.
To verify if the IKE traffic from SonicWall GVC is reaching the Peer gateway, use the event logs (Network Debug Category enabled) or packet capture on the SonicWall appliance. If the Peer gateway does not get the IKE packets, then it is the NAT device in the middle or the ISP that is dropping the IKE packets. Consult the NAT device manual or ISP to troubleshoot this problem

Process 6: Stuck on Authenticating when GVC Connection is Enabled

Check GVC logs to get the state of the connection progress. Most likely causes are:

Group VPN Configuration error on the firewall. Check if the user has VPN access list assigned (with or without XAUTH, this is required).
SonicWall GVC logs show Phase 2 error. Delete the connection and create a new one and then try to connect again. The user has to enter the preshared key if the firewall Group VPN setting, Use Default Key for Simple Client Provisioning, is not enabled. They will also enter their XAUTH credentials as they normally do on new connections if the firewall XAUTH checkbox is enabled for GroupVPN.
Check if the firewall has license for SonicWall GVC connection. If it has, then check if the number of concurrent GVC connections does not exceed the licensed number.

Process 7: Failed to Obtain DHCP Lease for the Virtual Adapter

Try a reboot first. If that does not help follow these steps:

Verify that no third party IPsec VPN clients are installed on your computer. Uninstall any existing IPsec VPN clients (including SonicWall GVC), reboot, and then install GVC again.
Wireless WLAN 4.10+ wireless network driver includes VLAN Priority Support which conflicts with getting a DHCP lease for the SonicWall Virtual Adapter. Check if VLAN Priority Support is enabled. If it is, disable it:
a Right-click My Computer on the desktop and click Properties.
NOTE: If there is no My Computer icon on the desktop, click Start and right-click My Computer on the right column of the Start menu.
b When the System Properties window appears, click the Hardware tab and click Device Manager.
c When the Device Manager window appears, click the <+> next to Network Adapters.
d Double-click Wireless WLAN Adapter.
e When the Wireless WLAN Adapter Properties window appears, click the Advanced tab.
f Scroll down to VLAN Priority Support, and click to highlight.
g Select Disable from the drop-down menu under the Value: field.
h Click OK to close the Wireless WLAN Adapter Properties window.
i Close the Device Manager window.
Verify DNE binding is enabled for the SonicWall Virtual Adapter:
a Go to Start > Control Panel > Network and Internet > Network and Sharing Center > Manage network connections page.
b Select SonicWall Virtual Adapter.
c Right-click properties.
d On the properties page, verify Deterministic Network Enhancer binding is enabled.
If this is a new setup, verify configuration on the firewall. Enable Network Debug category logs to show the DHCP transaction messages. Based on the logs you can determine if the DHCP request is received from the client and if the DHCP server responded to this request.
Disable the software firewall completely, and then try again. If this does not work, then go to Step 6.
Change the default setting for this connection for NAT Traversal from Automatic to Disabled. To select the connection, go to File > Properties > Peer > Edit tab to change this setting.

Process 8: Not Getting a Prompt to Enter a PreShared Key (PSK)

This could happen due to a process 6 error condition (see Process 5: Peer is not Responding to ISAKMP Requests from GVC; Check GVC Logs to Verify). If that is not the case, then the PSK prompt is only available if the Simple provisioning key is not enabled on the zone Group VPN Policy. After the PSK is entered for the first time, it is saved in the encrypted configuration file. Unless the PSK in the Group VPN policy is changed the PSK is never prompted again.

Process 9: Not Getting a Prompt to Enter XAUTH Credentials

This could happen due to a process 6 error condition (see Process 5: Peer is not Responding to ISAKMP Requests from GVC; Check GVC Logs to Verify). If that is not the case, then the XAUTH prompt is only available if it is enabled on the zone GroupVPN Policy. XAUTH credentials are allowed to be cached in the encrypted configuration file only if it is allowed on the zone Group VPN policy.

SonicWall Support

Technical support is available to customers who have purchased SonicWall products with a valid support maintenance contract.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://support.sonicwall.com.

The Support Portal enables you to:

View knowledge base articles and technical documentation
View and participate in the Community forum discussions at https://community.sonicwall.com/technology-and-support
Download software
View video tutorials
Collaborate with peers and experts in user forums
Get licensing assistance
Access MySonicWall
Learn about SonicWall professional services
Register for training and certification

To contact SonicWall Support, visit https://support.sonicwall.com/contact- support.

About This Document

NOTE: A NOTE icon indicates supporting information.
IMPORTANT: An IMPORTANT icon indicates supporting information.
TIP: A TIP icon indicates supporting information.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

GVC Release Notes
Updated – January 2023
Software Version – 4.10.7
232-005810-00 Rev C

Copyright © 2023 SonicWall Inc. All rights reserved.
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserve the right to make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any commitment to update the information contained in this document. For more information, visit https://www.sonicwall.com/legal.