The SSL VPN > Server Settings page configures details of the firewall’s behavior as an SSL VPN server.
• | SSL VPN Status on Zones |
• | SSL VPN Server Settings |
• | RADIUS User Settings |
• | SSL VPN Client Download URL |
• |
• | About Suite B Cryptography |
• | Configuring the SSL VPN Server |
• | SSL VPN Port - Enter the SSL VPN port number in the field. The default is 4433. |
• | Certificate Selection – From this drop-down menu, select the certificate that will be used to authenticate SSL VPN users. The default method is Use Selfsigned Certificate. |
To manage certificates, go to the System > Certificates page.
• | Enable SuiteB Mode in SSL VPN – Select this checkbox to enable SSL VPN Suite B mode. This option is not selected by default. |
• | Enable Server Cipher Preference – Select this checkbox to configure a preferred cipher method. This option is not selected by default. |
• | Select a cipher from the Cipher Methods drop-down menu: |
• | RC4_MD5 (default) |
• | User Domain – Enter the user’s domain, which must match the domain field in the NetExtender client. The default is LocalDomain. |
• | Enable Web Management over SSL VPN – To enable web management over SSL VPN, select Enabled from this drop-down menu. The default is Disabled. |
• | Enable SSH Management over SSL VPN – To enable SSH management over SSL VPN, select Enabled from this drop-down menu. The default is Disabled. |
• | Inactivity Timeout (minutes) – Enter the number of minutes of inactivity before logging out the user. The default is 10 minutes. |
• | Use RADIUS in – Select this checkbox to have RADIUS use MSCHAP (or MSCHAPv2) mode. Enabling MSCHAP-mode RADIUS will allow users to change expired passwords at login time. Choose between these two modes: |
If this option is set when is selected as the authentication method of log in on the Users > Settings page, but LDAP is not configured in a way that allows password updates, then password updates for SSL VPN users are performed using MSCHAP-mode RADIUS after using LDAP to authenticate the user. |
• |
• | Click here to download the SSL VPN zip file which includes all SSL VPN client files – To download from the appliance, click the Click here link to display an Opening application.zip dialog: |
• | Use customer’s HTTP server as downloading URL: (http://) – Select this checkbox to enter your SSL VPN client download URL in the supplied field. |