品牌
其他厂商性质
上海所在地
The mGuard Secure VPN Client for Windows is a major component of the mGuard Secure Ecosystem. Available as a software application for connecting PCs to a virtual private network (VPN), the client makes remote resources of other networks available in a highly secure and transparent way as if the user was connected directly to that "private" network. Thus, a VPN extends a private network across a public network, such as the Internet.
The virtual private networks used are based on the reliable IPsec security protocol which guarantees the confidentiality, authenticity and integrity of all information and data transmitted between the VPN client and the mGuard Secure Ecosystem.
Designed as a one-click solution, this IPsec client software automatically selects the best possible communication medium, controls internet connectivity and initiates the setup of a VPN tunnel. A centrally defined parameter lock prevents intentional or accidental configuration setting changes by users.
Ideal for road warriors, service staff and teleworker, the VPN client supports both and stationary use cases. The mGuard Secure VPN client is compatible with all mGuard VPN Appliances, mGuard Secure Clouds and mGuard Virtual Appliances: the mGuard Secure Ecosystem.
OS Support:
Windows (32-bit): Windows 10, 8.x and Windows 7
Windows (64-bit): Windows 10, 8.x and Windows 7
Virtual Private Networking:
IPsec (Layer 3 Tunneling),conform to RFC; IPsec proposals can be determined through the IPsec gateway (IKE/IKEv2, IPsec Phase 2); Event log; communication only in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec tunnel mode
Encryption:
Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits; dynamic processes for key exchange: RSA to 2048 bits; seamless rekeying (PFS); hash algorithms: SHA-256, SHA-384, SHA-512, MD5, DH group 1,2,5,14-18
FIPS:
The IPsec Client incorporates cryptographic algorithms conformant with the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051). FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection:
Authentication Process:
IKE (Aggressive mode and Main Mode), Quick Mode; XAUTH for extended user authentication; Mode Configuration for dynamic assignment of a virtual address from the internal address pool (private IP); PFS; PAP, CHAP, MS CHAP V.2; IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative to switches and access points (Layer 2); EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended authentication relative to switches and access points on the basis of certificates (Layer 2); support of certificates in a PKI: Soft certificates, smartcards, and USB tokens: Multi Certificate Configurations; Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready
Authentication Standards:
X.509 v.3 Standard; Entrust Ready PKCS#11 interface for encryption tokens (USB and smartcards); smartcard operating systems: TCOS 1.2, 2.0 and 3.0; smart card reader interfaces: PC/SC, CT-API; PKCS#12 interface for private keys in soft certificates;
CSP for use of user certificates in Windows certificate store PIN policy;
PIN policy; administrative specification for PIN entry in any level of complexity; revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL), OCSP
Networking:
LAN emulation: Ethernet adapter with NDIS interface, full WLAN (Wireless Local Area Network) and WWAN (Wireless Wide Area Network, Broadband from Windows 7) support
VPN Path Finder:
Path Finder Technology: Fallback IPsec/ HTTPS (port 443) if port 500 respectively UDP encapsulation is not possible (Requirements: Path Finder enabled VPN gateway, available from mGuard Firmware 8.3)
RFC Compatibility:
RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation), IP security architecture, ESP, ISAKMP/Oakley, IKE, XAUTH, Mode Configuration, DPD, NAT Traversal (NAT-T),UDP encapsulation, IPCOMP
While installing the mGuard Secure VPN Client on Windows, it can lead to problems when other Windows filter drivers are involved. In particular, virus scanners and local firewalls from Kaspersky, Symantec and Trend Micro can be mentioned here. But also other VPN-Clients auch as Cisco and Shrew Soft or network sniffer like Wireshark often prevent a successful installation. These software packages should be optionally uninstalled before installing the mGuard Secure VPN client. After a successful installation of the VPN client they can be reinstalled.
A: While uninstalling the mGuard Secure VPN Client on Windows, it can lead to problems when other Windows filter drivers are involved. In particular, virus scanners and local firewalls from Kaspersky, Symantec and Trend Micro can be mentioned here. But also other VPN-Clients auch as Cisco and Shrew Soft or network sniffer like Wireshark often prevent a successful installation.
It helps to set the mGuard Secure VPN Client into the ´Change mode´ as follows:
