Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Modern Connect Tunnel 12.4.2 what is the difference between Network Login and Device VPN mode

Configuring Network Logon for Modern Connect Tunnel Client | SonicWall

I have seen the announcements about "Network Login" in 12.4.2 - We want to provide an always on VPN for our users and have been doing that with the MCT "device login" feature that logs in using the user's machine account at bootup, and switches to "user login" once they enter their credentials.

Should I consider moving to "Network Login" instead? Does it still connect with limited access before login? Is there somewhere with more detail on its use?

Category: VPN Client
Reply

Answers

  • NatNat Newbie

    Device VPN is real always-on. It is connected even window user does not login to windows after cold boot.

    Network logon I don't think its always-on, they are different stuffs.

  • Thanks NAT - That is Helpful. But I am still trying to understand what "Network Logon" is. The (minimal) documentation does show VPN connection prior to windows login but the differences are unclear. If it connects with user credentials prior to login (rather than machine credentials), that would seem like a security risk. I am trying to understand this new feature introduced and when it would be called for. I will check whether the admin guide has been updated.


    I have found that the Device/User VPN model is not always as aggressive as it should be about switching from Device to User after sleep/hibernation. I am also finding that it takes some time to connect after power on (reasonable) and if the user logs in immediately after power up, sometimes they login before the VPN is connected. This can cause other issues such as the login scripts not running.

    This is what is leading me to try to understand the newly introduced "Network Logon" feature. I want the best 'always on" mode I can get.



  • NatNat Newbie

    From my own understanding, not 100% sure.

    Device VPN use PKI authentication(no credentials support) and run as window services. As a result, once device boot up, no matter user login or not. The CT window service will to use system store certificate to login SMA and provide limited connection to internal network.


    Network Logon, you still need to provide credentials but backend authentication is different from direct logon. VPN connection will be established right before window logon actions, so VPN internal connection is available before window submit logon information to domain controller. Domain computer can login to domain even they are not in office.

Sign In or Register to comment.