firewall that is configured for SSL VPN.
The IP address will be the same as the Server IP configured in the interface's SSL VPN object.
The port can also be specified after the IP address if it is different from the default value of
443.
With https, the firewall will send a certificate to the browser that is not CA signed and this
must be accepted as an exception by the user before continuing.
2. NetDefendOS now displays a login dialog in the browser.
3. The credentials entered are checked against the user database. If the user is authenticated, a
web page is displayed which offers two choices:
i. Download the D-Link SSL VPN client software
If this option has not been chosen before, it must be selected first to install the
proprietary D-Link SSL VPN client application.
ii. Connect the SSL VPN client
If the client software is already installed, selecting this option starts the client running
and an SSL VPN tunnel is established to the firewall. This is discussed next in more
detail.
Figure 9.5. SSL VPN Browser Connection Choices
Using CA Signed Certificates
By default, NetDefendOS uses a self-signed certificate when it displays the dialog shown above. If
it is desirable to use a CA signed certificate, that may or may not use certificate chaining, this can
be configured on the RemoteMgmtSettings object. In other words, the certificates used for HTTPS
Web Interface access are the same ones used for SSL VPN login. Configuring these certificates is
explained further in Section 2.1.4, “The Web Interface”.
Running the Client SSL VPN Software
An SSL VPN tunnel becomes established whenever the D-Link SSL VPN client application runs.
Conversely, the tunnel is taken down when the application stops running.
There are two ways for the tunnel to be established:
• To login by using a web browser to surf to the SSL VPN interface as described above. Once
the client software is installed, only the option to establish the tunnel is selected.
• Once the client software is installed, it can be started by selecting it in the Windows Start
menu. The SSL VPN client user interface then opens, the user password is entered and when
OK is pressed the tunnel is established and any client computer application can then make
use of it.
Chapter 9: VPN
756
To Next Page
Loading...
