Filter
Top Products
Virtual Private Networking Using SSL Connections
270
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Because you need to assign a group when creating an SSL VPN user account, the
user account is created after you have created the group.
3. Fo
r port forwarding, define the servers and services (see Configure Applications for Port
Forwarding on p
age 275).
Create a list of servers and services that can be made available through user, group, or
glo
bal policies. You can also associate fully qualified domain names (FQDNs) with these
servers. The VPN firewall resolves the names to the servers using the list you have
created.
4. Fo
r SSL VPN tunnel service, configure the virtual network adapter (see Configure the SSL
VPN Client on p
age 277).
For the SSL VPN tunnel option, the VPN firewall creates a virtual network adapter on the
remote compu
ter that then functions as if it were on the local network. Configure the
portal’s SSL VPN client to define a pool of local IP addresses to be issued to remote
clients, as well as DNS addresses. Declare static routes or grant full access to the local
network, subject to additional policies.
5. T
o simplify policies, define network resource objects (see Use Network Resource Objects to
Simplify Policies on p
age 281).
Network resource objects are groups of IP addresses, IP address ranges, and services.
By defin
ing resource objects, you can more quickly create and configure network policies.
6. Configu
re the SSL VPN policies (see Configure User, Group, and Global Policies on
page 284).
Policies determine access to network resources and
addresses for individual users,
groups, or everyone.
Create the Portal Layout
The Portal Layouts screen that you can access from the SSL VPN configuration menu allows
you to create a custom screen that remote users see when they log in to the portal. Because
the log-in screen is customizable, it provides an ideal way to communicate remote access
instructions, support information, technical contact information, or VPN-related news updates
to remote users. The log-in screen is also well suited as a starting screen for restricted users;
if mobile users or business partners are permitted to access only a few resources, the log-in
screen that you create presents only the resources that are relevant to these users.
You apply portal layouts by selecting one from the availa
ble portal layouts in the configuration
of a domain. When you have completed your portal layout, you can apply the portal layout to
one or more authentication domains (see Configure Domains on p
age 296). You can also
make the new portal the default portal for the SSL VPN gateway by selecting the default radio
butto
n next to the portal layout name.
The VPN firewall’s default portal address is https://<IP_a
ddress>/portal/SSL-VPN, in which
the IP address can be either an IPv4 or an IPv6 address. Both types of addresses are
supported simultaneously. The default domain geardomain is assigned to the default
SSL-VPN portal.