![]() ![]() VPN Clients that do not support RADIUS Challenge.VPN Clients that support RADIUS Challenge.Depending on the VPN client, 2-factor authentication can take two forms. End users can then access the portal page by opening >. to the public IP address of your firewall. Configure your DNS server or service to resolve sslvpn. Select the SSL VPN certificate you just created or uploaded from the Certificate drop-down list.Īfter you enable and configure the SSL VPN, end users can access the portal in their web browsers.Go to the VPN > SSL VPN page and click on the Server Settings tab.For instructions, see How to Use and Manage Certificates with the Certificate Manager. Go to the Advanced > Certificate Manager page.By default, the Web UI certificate is used. It is recommended to install a CA-trusted SSL certificate for the SSL VPN on the X-Series Firewall, so that web browsers do not issue a SSL warning to end users when they access the portal. Only ASCII characters are allowed in the Welcome Message and Help Text fields. In the Appearance section, customize the SSL VPN portal by uploading your company's logo, and welcome and help texts. Set Enforce Strong Ciphers to Yes unless you require backward compatibility with SSLv3-only clients.To provide users access via CudaLaunch, set Enable CudaLaunch to Yes.Enter the user groups that are denied access to the SSL VPN in the Blocked Groups list, and click + after each entry.Ĭonfigure the SSL VPN web portal, enable CudaLaunch, and configure general and appearance settings.Use question marks (?) and asterisks (*) as wildcard characters. Enter the user groups that can access the SSL VPN in the Allowed Groups list, and click + after each entry.(optional) To restrict SSL VPN access by user group:.In the Authentication section, select the method from the User Authentication list.Go to the VPN > SSL VPN page and click the Server Settings tab.To specify how users are authenticated for the SSL VPN: For instructions on how to configure local or external user authentication, see Managing Users and Groups. You can manage user authentication either locally on the firewall or externally with Active Directory, LDAP, or RADIUS. In Dynamic Interface Configuration, enable Use Dynamic DNS for the required interface.Įnd users must authenticate themselves before they can access internal resources and applications via SSL VPN.Go to the NETWORK > IP Configuration page.To enable access to the SSL VPN portal via a hostname instead of only via the IP address (because the latter may change), you can use the third-party DynDNS service.Destination – Select the network object representing your incoming Internet connection, and click +.Source – Select Internet from the list, and click +.Name – Enter a name for the access rule.Add a redirect access rule with the following settings:.Go to the FIREWALL > Firewall Rules page.To use a dynamic interface to access the SSL VPN portals, redirect incoming HTTPS traffic to the SSL VPN service. When the IP address resides in a configured static network interface, edit the interface in the Static Interface Configuration section, and select the SSL VPN check box.In the Management IP Configuration section, select the SSL VPN check box next to the required IP address in the Secondary IP Addresses table, OR.Typically, a secondary IP address is used to provide the SSL VPN portal on internal network segments. If the VPN service is also enabled for this interface, go to the VPN > Settings page and verify that Use TCP Port 443 is set to No. In the Edit Static Network Interface window, select the SSL VPN check box. In the Static Interface Configuration section, click Edit to configure your static WAN interface.Go to the NETWORK > IP Configuration page.The portal can also use a secondary IP address for internal access. Typically, the SSL VPN portal is deployed on a static public IP address with a respective DNS A resource record. When you enable the SSL VPN portal, determine if you are using a static, dynamic, or secondary IP address for the portal. Verify that you are not using DNAT access rules to redirect HTTPS traffic on the same public IP that the SSL VPN is using.If you are running a VPN server on the same public IP address, go to VPN > Settings and verify that Use TCP Port 443 is set to No.It is recommended to use a signed certificate to avoid browser certificate warnings when accessing the SSL VPN portals. ![]() Configure SSL VPN on the X-Series Firewall to give end users remote access to corporate resources. ![]()
0 Comments
Leave a Reply. |