SSL VPN-Plus technology allows your employees to securely access the cloud data center remotely. It is possible to restrict access to only the resources and data that are necessary, even if access is made from a personal device that is not managed by the company.
The SSL VPN functionality is only available in the Edge Advanced mode of the configuration.
To configure the SSL VPN server, open the Data Centers > Networking > Edges menu, select Edge Gateway, and then click Configure Services. In the window that opens, select the SSL VPN Plus tab.
In the Server Settings tab, configure the following server parameters: IP4 address - the external address for incoming connections, Port - the port for incoming connections (usually 443), Cipher list - encryption algorithms (AES is recommended).
To create a pool of IP addresses to assign to clients using VPN, please follow these steps:
1. Click on the "IP Pool" tab.
2. In the "IP Range" field, enter the desired IP range.
3. Enter the netmask in the "Netmask" field.
4. In the "Gateway" field, select the address of the Edge Gateway.
5. Enable the "Status" option.
6. Click "Save" to activate the pool.
To add the cloud network for remote clients, please press the "+" button on the "Private Network" tab. Use the CIDR network address format and set the "Status" to "Enabled" for network activation.
To configure the authentication server, please click on the "+" icon next to the "Authentication" tab. Then, you will see several options that you can customize. For example, you can set the password length to 10 characters or more, require at least one capital letter, number, or special character in the password, and prevent users from using their login ID as part of the password. You can also specify how often a user can enter incorrect passwords before being locked out, and how long the lockout lasts. Finally, you can enable account lockout policies and specify the number of failed login attempts before the account is locked.
To create a user account, click [+] on the tab Users: User ID, Password / Retype Password, Enabled - account activation.
Create the client software installation package by clicking [+] on the tab Installation Packages: Profile Name - Package Name, Gateway/Port - Gateway IP / Port, Linux/Mac - supporting additional operating systems (Windows client is generated automatically), Enabled - software package activation.
Enable SSL VPN server by choosing Enabled on the tab Server Settings
Installing SSL VPN Client for Windows
Open the address in the browser https://<server name>:<port>, login under the account of the created user, download and install the prepared client software package.
Run the installed client, click Login, and enter user credentials.
Additional notes.
To control access to cloud resources, you may need to create filewall rules for VPN clients accessing a specific server.
For more information on setting up SSL VPN-Plus, please refer to the manufacturer's documentation: server setup, client setup
