PRODUCTS PURCHASE SUPPORT COMPANY PRESS
     
Usage FAQ

Q: A window appeared asking, "Do you want to allow xyz.exe to access the network?" What should I do?

A. If you are familiar with the application name and are comfortable with that application accessing the network, then select "Allow." Otherwise, select "Deny." You will see this window several times after you have installed OmniVPN and also when you start a newly installed application.

Q: I get a Define Subnet window when I connect my computer to the network. What should I do?

A. The Define Subnet window appears when you visit a LAN for the first time. This window lets you classify the subnet as either "trusted" or "untrusted." Once you have classified the subnet, the firewall will automatically recognize and apply the appropriate policies. The default option is not to trust the subnet so that other computers cannot connect to your computer. If you want others to connect to you, the firewall rules must allow incoming connections from that subnet.

Q: Should the VPN lock icon at the top of the Configuration window be open (red) or closed (green)?

A. For OmniVPN clients, the lock icon should remain closed at all times. If you want to connect to a machine that does not have OmniVPN and is not proxied for by the local OmniVPN gateway, you will have to disconnect from the VPN by changing the lock to open.

For a Katana client, the icon will usually remain open (red). Only when you wish to connect to the VPN should the icon be closed (green).

Q: Why is my VPN connection slow?

A. Your VPN connection feels slow because the connection that you are using over the Internet is about 100 times slower than the speed of your office LAN.

Q: Why does it take some time to connect to the VPN when I turn on my laptop while traveling?

A. If local client mode uses auto-detection to locate a local policy server, this process must time out before OmniVPN will switch to remote client mode.

Q: Why does it take some time before I can connect to the Internet using my Web browser?

A. When the computer reboots, OmniVPN/Katana checks for authorized connections and the computer may feel a bit slow during that time. After that check is complete, everything should work as normal.

Q: My application is unable to get network access. How do I fix this?

A. The reason may be:

  • There may be an explicit rule to deny network access to that application.
  • The default rule for unknown applications is to deny network access.
  • The network access is governed by a "centralized rule," the network access is not consistent with that rule, and the default action is to deny access for un-recognized behavior. To permit access, the rule must be modified at the policy editor.

Q: My OmniVPN remote client has established an SA with an OmniVPN gateway using IPsec tunnel mode, but I cannot ping or connect through the tunnel. How do I fix this?

A. The OmniVPN remote client gets a virtual IP address from the OmniVPN gateway. The security policy at the OmniVPN gateway must show secure communication between the road warrior virtual IP subnet and the subnet behind the OmniVPN gateway.

Q: My Katana client has established an SA with a Katana VPN gateway using IPsec tunnel mode, but I cannot ping or connect through the tunnel. How do I fix this?

A. When using the tunnel for remote-access, you must enter your own current IP address in the source subnet of the tunnel configuration and the remote site subnet in the remote subnet of the tunnel configuration. If you use 0/0 for either subnet, you may succeed in establishing an SA, but you will not be able to connect.

Q: My Katana client is connected to the VPN. Why am I unable to connect to other machines on a separate LAN interface?

A. While using the Katana client, you will not be able to connect to other machines on your LANs that are not part of the VPN. However, you will be able to surf the Internet.

Q: I am running an application that needs network access, but it is not allowed to access the network. I do not get any windows prompting me to configure a rule for that application.

A. In the Local IDS Policy window, you may have set "Automatically deny network access from unknown applications." Choose the "Local IDS policy" item from the Window menu, and turn off this option. If you do not have the right to change this option, ask the administrator to modify the setting for your machine.

Q: I am at work, and my computer is not switching from "Remote client" mode to "Local client" mode. What should I do?

A. Turn on the "Allow automatic switch between local client and remote client" option in the Configuration window.

Q: The network monitoring window is blank or is not updating. What should I do?

A. Close the window and re-start it by clicking the "Network Traffic" button in the Configuration window.

Q: I have the Katana/OmniVPN firewall installed. My laptop has multiple active interfaces, but I only saw one Define Subnet window. How do I configure security policy for the other interfaces?

A. The policy you selected (trusted or untrusted) is applied to all subnets to which the machine is connected. The reason is that your computer is either in an untrusted domain or in a trusted domain. If you wish to apply different policies to each interface, you must install Katana/OmniVPN as a gateway/policy server.

Q: I am unable to view the Network Connections.

A. To view the current network connections, your account must have administrative privileges.

Q: I am running Windows(r) Update. Wy does the Trojan detection warning appear several times for update.exe?

A. This happens because Microsoft runs several different applications that are all called update.exe. That is typical Trojan behavior. You can disable IDS for the duration of Windows(r) Update if you do not want to be warned, but it is a security risk.

 

   
  Home » Support » FAQ » Usage FAQ Account  |  Cart   

Copyright © 2004-06 Trlokom, Inc.