Virtual Private Networking Using SSL Connections
199
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
The SSL VPN client provides a point-to-point (PPP) connection between the client and
the VPN firewall, and a virtual network interface is created on the user’s computer. The
VPN firewall assigns the computer an IP address and DNS server IP addresses, allowing
the remote computer to access network resources in the same manner as if it were
connected directly to the corporate network, subject to any policy restrictions that you
configure.
• SSL port forwarding. Like an SSL VPN tunnel, port forwarding is a web-based client that
is installed transparently and then creates a virtual, encrypted tunnel to the remote
network. However, port forwarding differs from an SSL VPN tunnel in several ways:
- Port forwarding supports only TCP connections, not UDP connections or connections
using other IP protocols.
- Port forwarding detects and reroutes individual data streams on the user’s computer
to the
port-forwarding connection rather than opening up a full tunnel to the corporate
network.
- Port forwarding offers more fine-grained management than an SSL VPN tunnel. You
define individual applications and resources that are available to remote users.
The SSL VPN portal can present the remote user with one or both of these SSL service
levels, depending on how you set up the configuration.
Overview of the SSL Configuration Process
 To configure and activate SSL connections, perform the following six basic steps in
the order that they are presented:
1. Edit the existing SSL portal or create a new one (see Create the Portal Layout on
page 200).
When remote users log in to the VPN firewall, they see a portal page that you can
customize to present the resources and functions that you choose to make available.
2. Create authentication domains, user groups, and user accounts (see Configure Domains,
Groups, and Users on page 204).
a. Create one or more authentication domains for authentication of SSL VPN users.
When remote users log in to the VPN firewall, they need to specify a domain to which
their login account belongs.
The domain determines the authentication method that is used and the portal layout
that is presented, which in turn determines the network resources to which the users
are granted access. Because you need to assign a portal layout when creating a
domain, the domain is created after you have created the portal layout.
b. Create one or more groups for your SSL VPN users.
When you define the SSL VPN policies that determine network resource access for
your SSL VPN users, you can define global policies, group policies, or individual
policies. Because you need to assign an authentication domain when creating a
group, the group is created after you have created the domain.
To Next Page
Loading...
Need help?
General