Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Internet issue for Microsoft surface users

Hi Everyone,

Our users changed their laptops to Microsoft Surface Pro recently. After connecting to the VPN, users are unable to access internal websites as well as internet. The default route metric gets lower than VPN routes.

While checking the client logs we are getting these logs.

We manually entered the matrix and later it was working fine. What could be the possible issue?

Kindly suggest

Category: Secure Mobile Access Appliances


  • Options
    SimonSimon Moderator

    Hi @Darshil

    It is not possible to answer this question due to the limited information provided.

    If this is SMA 100, what firmware? Is this web only access or using NetExtender/Mobile Connect?

    If this is SMA 1000, what firmware and are the highest numbered platform and client hotfixes? Is this web only access or a tunnel client access?

  • Options
    DarshilDarshil Newbie ✭

    This is an SMA 1000 series appliance with the highest no of platforms and client hotfixes. Users are connected VPN through tunnel client.

  • Options
    SimonSimon Moderator

    Hi @Darshil

    You need to apply the currently recommended hotfixes.

    Support for some of the Microsoft Surface Pro products was added in client hotfixes since the 12.4.0 image was released.

    Are these Microsoft Surface Pro X systems? This support was added in 12.4.0-02725 released in late October 2020.

    Tech notes are available on the downloads pages, but I had these handy so attached them.

    The current recommended hotfix set is 12.4.0-03050.

    The June 2021 hotfixes are predicted to release in late June. When released I suggest you log into and pull the release notes to evaluate whether you should upgrade to that hotfix set. I recommend it.

  • Options
    SkumarSkumar SonicWall Employee

    Hi @Darshil,

    1) Wanted to know processor being used on Surface Pro: We have a separate client for ARM Based architecture.

    If Intel based architecture:

    We have seen issues with resource access.. and are reviewing how to address in long term. Currently below workaround helped

    >> If you see the option greyed out, please disable it via registry and reboot.

    >>Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity to 0

  • Options
    DarshilDarshil Newbie ✭

    Hi @Skumar

    We faced issues with connect tunnel legacy clients where the route was not getting published with proper matrix.

    It worked properly with the CTDG client version 12.4.1

    Can you let us know the difference between the functionalities of the legacy and CTDG clients?

  • Options
    SkumarSkumar SonicWall Employee

    Thanks for your update Darshil,

    -Legacy CT is based on RasDialer concept whereas MCT uses LAN. MCT support DeviceGuard and Secureboot features.

    -Legacy Connect Tunnel would be phased out in our upcoming version. As of current we still support this product.

    -12.4.1. is a client shared by support to review functionality. If this issue is addressed please share your feedback onto support case opened. This would help in adding fix to current 12.4.0 version.

    -If the requirement is 12.4 legacy Connect Tunnel please open a service request to review.

Sign In or Register to comment.