8-1
v1.0, January 2010
Chapter 8
Virtual Private Networking
Using SSL Connections
The UTM provides a hardware-based SSL VPN solution designed specifically to provide remote
access for mobile users to their corporate resources, bypassing the need for a pre-installed VPN
client on their computers. Using the familiar Secure Sockets Layer (SSL) protocol, commonly
used for e-commerce transactions, the UTM can authenticate itself to an SSL-enabled client, such
as a standard Web browser. Once the authentication and negotiation of encryption information is
completed, the server and client can establish an encrypted connection. With support for up to 13
dedicated SSL VPN tunnels, users can easily access the remote network for a customizable,
secure, user portal experience from virtually any available platform.
This chapter contains the following sections:
• “Understanding the SSL VPN Portal Options” on this page.
• “Using the SSL VPN Wizard for Client Configurations” on page 8-2.
• “Manually Configuring and Editing SSL Connections” on page 8-17.
Understanding the SSL VPN Portal Options
The UTM’s SSL VPN portal can provide two levels of SSL service to the remote user:
• SSL VPN Tunnel. The UTM can provide the full network connectivity of a VPN tunnel using
the remote user’s browser instead of a traditional IPsec VPN client. The SSL capability of the
user’s browser provides authentication and encryption, establishing a secure connection to the
UTM. Upon successful connection, an ActiveX-based SSL VPN client is downloaded to the
remote PC to allow the remote user to virtually join the corporate network.
The SSL VPN client provides a point-to-point (PPP) connection between the client and the
UTM, and a virtual network interface is created on the user’s PC. The UTM assigns the PC an
IP address and DNS server IP addresses, allowing the remote PC to access network resources
in the same manner as if it were connected directly to the corporate network, subject to any
policy restrictions that you configure.