firewall that is configured for SSL VPN.
The IP address will be the same as the
Server IP
configured in the interface's
SSL VPN
object.
The port can also be specified after the IP address if it is different from the default value of
443
.
With
https
, the firewall will send a certificate to the browser that is not CA signed and this
must be accepted as an exception by the user before continuing.
2.
NetDefendOS now displays a login dialog in the browser.
3.
The credentials entered are checked against the user database. If the user is authenticated, a
web page is displayed which offers two choices:
i.
Download the D-Link SSL VPN client software
If this option has not been chosen before, it must be selected first to install the
proprietary D-Link SSL VPN client application.
ii.
Connect the SSL VPN client
If the client software is already installed, selecting this option starts the client running
and an SSL VPN tunnel is established to the firewall. This is discussed next in more
detail.
Figure 9.5. SSL VPN Browser Connection Choices
Using CA Signed Certificates
By default, NetDefendOS uses a self-signed certificate when it displays the dialog shown above. If
it is desirable to use a CA signed certificate, that may or may not use certificate chaining, this can
be configured on the
RemoteMgmtSettings
object. In other words, the certificates used for HTTPS
Web Interface access are the same ones used for SSL VPN login. Configuring these certificates is
explained further in
Section 2.1.4, “The Web Interface”
.
Running the Client SSL VPN Software
An SSL VPN tunnel becomes established whenever the D-Link SSL VPN client application runs.
Conversely, the tunnel is taken down when the application stops running.
There are two ways for the tunnel to be established:
•
To login by using a web browser to surf to the SSL VPN interface as described above. Once
the client software is installed, only the option to establish the tunnel is selected.
•
Once the client software is installed, it can be started by selecting it in the Windows
Start
menu. The SSL VPN client user interface then opens, the user password is entered and when
OK
is pressed the tunnel is established and any client computer application can then make
use of it.
Chapter 9: VPN
756
Summary of Contents for NetDefendOS
Page 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Page 32: ...Chapter 1 NetDefendOS Overview 32 ...
Page 144: ...Chapter 2 Management and Maintenance 144 ...
Page 284: ...Chapter 3 Fundamentals 284 ...
Page 392: ...Chapter 4 Routing 392 ...
Page 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Page 420: ...Chapter 5 DHCP Services 420 ...
Page 573: ...Chapter 6 Security Mechanisms 573 ...
Page 607: ...Chapter 7 Address Translation 607 ...
Page 666: ...Chapter 8 User Authentication 666 ...
Page 775: ...Chapter 9 VPN 775 ...
Page 819: ...Chapter 10 Traffic Management 819 ...
Page 842: ...Chapter 11 High Availability 842 ...
Page 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Page 879: ...Chapter 13 Advanced Settings 879 ...