Advanced Settings
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 152
VPN Remote
Access Attribute
Description
Minimum TLS
version support
in the SSL VPN
portal
Indicates the minimum TLS protocol version which the SSL VPN portal
supports. For security reasons, we recommend to support TLS 1.2 and
above.
Office Mode
Enable With
Multiple
Interfaces
Indicates if a mechanism (with a performance impact) to improve
connectivity between remote access client and an appliance with multiple
external interfaces is enabled.
Office Mode
Perform Anti-
Spoofing
Single Office
Mode Per Site
n
Office Mode Perform Anti-Spoofing - If this option is selected,
VPN verifies that packets whose encapsulated IP address is an
Office Mode IP address are indeed coming from an address of a
client working in Office Mode. If the addresses are allocated by a
DHCP server, VPN must know the range of allocated addresses
from the DHCP scope for the Anti-Spoofing feature to work. Define
a Network object that represents the DHCP scope and select it
here.
n
Single Office Mode Per Site - After a remote user connects and
receives an Office Mode IP address from a gateway, every
connection to that gateways encryption domain goes out with the
Office Mode IP as the internal source IP. The Office Mode IP is
what hosts in the encryption domain recognize as the remote
user's IP address. The Office Mode IP address assigned by a
specific gateway can be used in its own encryption domain and in
neighboring encryption domains as well. The neighboring
encryption domains should reside behind gateways that are
members of the same VPN community as the assigning gateway.
As the remote hosts connections are dependent on the Office
Mode IP address it received, should the gateway that issued the IP
become unavailable, all the connections to the site terminate.
Office Mode
allocate from
RADIUS
Indicates if the Office Mode allocated IP addresses are taken from the
RADIUS server used to authenticate the user.
Office Mode
disable
Indicates if Office Mode (allocating IP addresses for Remote Access
clients) is disabled. This is not recommended.
Passwords
caching on client
Indicates if password caching is used. This means that re-authentication
is not necessary when the client tries to access more than one gateway.
Prevent IP NAT
Pool
Prevent IP Pool NAT configuration from being applied to Office Mode
users. This is needed when using SecureClient as well as other VPN
clients (see sk20251).
Radius
retransmit
timeout
Timeout interval (in seconds) for each RADIUS server connection
attempt.
Table: VPN Remote Access Attributes (continued)
To Next Page
Loading...
Need help?
General
