Office FAQ
1 - Q: Can I use a UMTS (WAN3) connection on my EasyTunnel Client?
A: Yes - it is possible to have an EasyTunnel server such as the TrustGate 160 using a UMTS(USB) dongle, which will be the WAN3 interface. The only thing to notice is that in case the WAN(1) is not used, and subsequently has no IP address, you must manually configure a static IP address for it. This could be a random address such as 10.251.251.251.
This is if you are using firmware 10271 (release 12.5 or older). The problem might be solved in a later firmware, and will be stated in the release note.
2 - Q: After upgrading to release 12.5 it seams no longer possible to log in to the WEB GUI from the Internet (WAN site). The login page is shown but the login fail.
A: It is likely that you're trying to use another port than 443 for logging in (e.g. because you redirect port 443 to an internal web server), and that you have configured the SoftClient Deployment port to the same port number. This was the correct thing to do for previous firmware versions, in addition to adding a Destination NAT rule, which, when the connection comes through the WAN interface, redirects the port in question to port 443 to reach the Web GUI. However, in the 10271 firmware, if SoftClient Deployment Port is different than 443, it can only be used for this, and not for admin login. So you will have to use two different ports.
You can solve the problem in two ways. In both cases, log in to the Web GUI from the LAN interface or using GTA from GateManager.
Solution 1: change the SoftClient Deployment Port on the VPN > General page to something different, e.g. 10443. SoftClient deployment can then be done only on port 10443.
Solution 2: change the Destination NAT rule to match a different Destination Port, e.g. 11443. You should now be able to log in as admin on port 11443.
Which of the solutions to use is up to you; for solution 1, you may have to resend a Deployment Mail (using the mail envelope icon on the VPN > EasyTunnel page) to users which have not yet installed the SoftClient. For solution 2, you may have to inform co-administrators (if any) about the new port number to use for login
3 - Q: My Alerts from GateManager do not arrive in mail boxes. What could be wrong?
A: The first thing to check is if the email was triggered at all. In the GateManager console, go to the appliance for which the alert is attached, and check the Alert log. Also check that the email address is correct.
If this is true, there is a propability that the email has been caught in a spam filter.
The alert email has an xml file attached that will cause some spam filters to block the mail. If the alert has been accepted by the spam filter in the past, but suddenly gets blocked, it could be because the alert is triggered often, and the spam filter may subsequently block it as "repeated spam" after a while.
The best resolution is to enter the spam filter setup and white list all emails from the GateManager
4 - Q: The TrustGate Softclient seems to require some administrator rights to run. I need the TrustGate Softclient to run without any administrator rights.
A :It is correct that TrustGate SoftClient require administrator rights to be installed and partly require administrator rights to be running.
Future release might change this - so the SoftClient can run as non-administrator as well. But it is possible to make the SoftClient run on a Windows account that has restricted rights (non-administrator). Currently the procedure is as follows for both Windows 7 (32 or 64bit):
1) Log on as administrator and install the TrustGate SoftClient.
2) When the client is rightfully install - install the softclient as service by the following command:
- "%ProgramFiles%\secomea\TrustGate SoftClient\TGSoftClient.exe" -install
this will install the client as service, and you can now log on as user level and the softclient will start in silence.
Note that the TrayIcon will not be available if running as service. It does not help trying to start the TrayIcon manually. But everything will be available from the EasyTunnel-Server and GateManager. (By "TrayIcon" is referred to the Secomea "ON" icon which in reality represents the TGSoftClient.exe program)
The user can check the installation by the following commands:
> route print
- this should show the installed tunnels as routes to the network and:
> ipconfig
- the TrustGate SoftClient should show and IP address acc. to the virtual IP address.
If you need to browse the admin WEB interface of the TrustGate SoftClient from the local PC you can use the url:
> https://10.127.128.175 (Username = admin // PW = the one you created )
This require that you create an additional Local network in the EasyTunnel Server as follows:
> VPN > EasyTunnel > Local Networks: Network = 10.127.128.175 Subnet Maks = 255.255.255.255
Note that this address is always the same for all TrustGate SoftClient
Command for uninstalling SoftClient as service:
> TGSoftClient.exe -remove
5 - Q: I have uninstalled the TrustGate SoftClient and attempt to reinstall, but a message says it can not be installed because it is already installed. Everything seems to be properly uninstalled?
A: The message in fact does not say that the program is already installed, but rather that the serial number (the license) is already installed on some machine. So in reality it is the EasyTunnel server that prevents installing it again. This is a precaution to prevent you from installing and running the same client (with the same serial number) on different machines simultaneously, as this would create a conflict and will not work. Unfortunately the EasyTunnel server cannot detect if a previously installed version is actually uninstalled, so the administrator needs to confirm that it is alright to reuse it. This can be accomplished by one of the following methods (both on the EasyTunnel server):
1) Submit the deployment mail again (by selecting the envelope icon on the EasyTunnel menu)
2) Delete the old client and create a new one
6 - Q: When I create a new TrustGate SoftClient I get a message that indicate that the deployment email could not be delivered?
A: The TrustGate performs 2 steps:
1. It will try to send the deployment mail (this is the mail it could not deliver in this case) directly to the recepient - this is in case no SMTP server has been configured.
2. If a SMTP server is configured on the page "LOG > Setup" it will then use this server as mail forwarder.
You should check the above conditions. If it still reports a problem to deliver the mail you should try using another mail recipient, in case the one you are using is not trusted to receive mails from the TrustGate. In the case where the TrustGate will send the deployment mail directly, you should make sure that the public IP address of the TrustGate also has a reverse DNS name associated. Most spam figther servers require that your public IP address has a rDNS record. If not you should contact you IP address provider (Which is your ISP, not you DNS provider). In case you have defined your corporate SMTP server for the TrustGate to use, you may experience that the SMTP rejects mail sent from the TrustGate. This may be due to the SMTP server requiring mail senders to be part of the domain, or it can be it checks the source IP address, which would be a problem if the LAN interface of the TrustGate is not part of the subnet that ordinary mail senders are located. You should check if you can insert an exception in the SMTP server.
If you still are unable to submit the Softclient email, you can still get the information to the recipient. In the TrustGate VPN --> EasyTunnel menu, locate the EasyTunnel Client with the problem. Open the Deployment Email (the envelope icon), and copy the contents of the deployment email contents into an email that you send directly to the recipient, using your own email account. The important thing is the download URL.
7 - Q: When I attempt to start the TrustGate SoftClient the tray icon stays Yellow with status Starting.
A: Most likely you have a personal firewall blocking the communication between the tray icon program and the SoftClient main process that handles the virtual adapter. The firewall build into Windows XP and Windows7 usually do not course problems, while a third party firewall may. Try check the following:
1. You should first try to stop the personal firewall. However, some personal firewalls will retain the blocks even when stopped. In some cases it is necessary to uninstall it completely. You may not want to do that, and you could therefore try to reconfigure it:
2. Ensure that the SoftClient virtual engine is allowed to communicate. So ensure that the program TGSoftClient.exe is not blocked. If this still does not work, also check the following:
3. Ensure that the personal firewall has opened for UDP port 8888 (all addresses, including broad cast) and TCP port 3. Consult your firewall's documentation, or contact your provider. You can limit opening for these ports/protocols for the TGSoftClient.exe.
4. If there still seems to be an issue, you can check if the SoftClient virtual engine is running at all. First Stop the SoftClient via the tray icon menu (the icon should be red). Then hold the Shift key pressed while selecting Start in the SoftClient tray icon menu. This should typically give you a black console window with a lot of boot messages, which indicates that the SoftClient virtual machine process is actually running. If the console window does NOT appear, it indicates that the virtual machine is not running. In this case there would be one or more log files in the SoftClient installation folder (typically C:\Program files\Secomea\TrustGate SoftClient\Machines\TGSoftClient\Logs). These log files may provide some more info, but may also require Secomea to interpret them.
5. If you are running SoftClient version 12.6.0.10045 or older, the above mentioned log file directory may not exist, as a result of the automatic creation being prevented by security policies on the PC. This can be due to the user being member of group "Debug Users" in addition to the local "Administator" group. If the log file directory does not exist, the SoftClient will remain in status Starting. Try create the folder manually, and restart the SoftClient. (Note that this scenario will be solved in the next SoftClient release)