You are here: Webhelp 5.5R6 > VPN > SSL VPN

SSL VPN

The device provides an SSL based remote access solution. Remote users can access the intranet resource safely through the provided SSL VPN.

SSL VPN consists of two parts: SSL VPN server and SSL VPN client. The device configured as the SSL VPN server provides the following functions:

  • Accept client connections.

  • Allocate IP addresses, DNS server addresses, and WIN server addresses to SSL VPN clients.
  • Authenticate and authorize clients.
  • Perform host checking to client.

  • Encrypt and forward IPSec data.

By default, the concurrent online client number may vary on different platform series. You can expand the supported number by purchasing the corresponding license.

After successfully connecting to the SSL VPN server, the SSL VPN client secures your communication with the server. The following SSL VPN clients are available:

Configuring an SSL VPN

To configure an SSL VPN, take the following steps:

  1. Select Network > VPN > SSL VPN.
  2. In the SSL VPN page, click New.
  3. If necessary, click Advanced Configuration to configure the advanced functions, including parameters, client, host security, SMS authentication, and optimized path.
  4. Click Done to save the settings.

To view the SSL VPN online users, take the following steps:

  1. Select Configure > Network > SSL VPN.
  2. Select an SSL VPN instance.
  3. View the detailed information of the online users in the table.

Configuring Resource List

Resource list refers to resources configured in system that can be easily accessible by users. Each resource contains multiple resource items. The resource item is presented in the form of a resource item name followed by a URL in your default browser page. After the SSL VPN user is authenticated successfully, the authentication server will send the user group information of the user to the SSL VPN server. Then, according to the binding relationship between the user group and resources in the SSL VPN instance, the server will send a resource list in which the user can access to the client. After that, the client will analyze and make the IE browser in system pop up a page to display the received resource list information, so that the user can access the private network resource directly by clicking the URL link. The resource list page pops up only after the authentication is passed. If a user does not belong to any user group, the browser will not pop up the resource list page unless authentication is passed.

To configure resource list for SSL VPN:

  1. Select Network > VPN > SSL VPN.
  2. Click Resources List at the top-right corner.
  3. Click New.

  4. Click OK, the new resource will be displayed in the resource list.
    At most 3 resource items can be displayed in the resource list for each resource, and the other items will be displayed as "...". You can click Edit or Delete button to edit or delete the selected resource.
  • Less than 48 resources can be configured in a SSL VPN instance.
  • The resource list function is only available for Windows SSL VPN clients.

Configuring an SSL VPN Address Pool

The SSL VPN servers allocate the IPs in the SSL VPN address pools to the clients. After the client connects to the server successfully, the server will fetch an IP address along with other related parameters (e.g., DNS server address, and WIN server address) from the SSL VPN address pool and then allocate the IP and parameters to the client.

You can create an IP binding rule to meet the fixed IP requirement. The IP binding rule includes the IP-user binding rule and the IP-role binding rule. The IP-user binding rule binds the client to a fixed IP in the configured address pool. When the client connects to the server successfully, the server will allocate the binding IP to the client. The IP-role binding rule binds the role to an IP range in the configured address pool. When the client connects to the server successfully, the server will select an IP from the IP range and allocate the IP to the client.

After the client successfully connects to the server, the server will check the binding rules in a certain order to determine which IP to allocate. The order is shown as below:

  • Check whether the IP-user binding rule is configured for the client. If yes, allocate the bound IP to the client; if no, the server will select an IP which is not bound or used from the address pool, then allocate it to the client.
  • Check whether the IP-role binding rule is configured for the client. If yes, get an IP from the IP range and allocate to the client; if no, the server will select an IP which is not bound or used from the address pool, then allocate it to the client.
IP addresses in the IP-user binding rule and the IP address in the IP-role binding rules should not overlap.

To configure an address pool, take the following steps:

  1. Select Network > VPN > SSL VPN.
  2. Click Address Pool at the top-right corner.
  3. Click New.
  1. Click OK to save the settings.

Configuring SSL VPN Login Page

You can customize the title and background of the SSL VPN login page. The default title is Login and the login page is shown as below:

To customize the SSL VPN login page, take the following steps:

  1. Select Network > VPN > SSL VPN.
  2. At the top-right corner, click Login Page Configuration.
  3. Click Browse to select the background picture. The selected pictures must be zipped, and the file name must be Login_box_bg_en.gif for English pages. The picture size must be 624px*376px.
  4. Click Upload to upload the background picture to system. After uploading successfully, you will have completed the background picture modification.
  5. Enter the title in the Authentication Page Title box to customize the title of the login page.
  6. Click OK to save the settings. Clicking Cancel will only affect the authentication page title modification.

If you want to use the default authentication title Login, click Clear Page Title. Then click OK. If you want to restore the default picture, click Restore Default Background and select English in the pop-up dialog. Then click OK.