SSL VPN-Plus technology allows your employees to obtain a secure remote access to the cloud data center. It is possible to provide access only to the resources and data that are required and necessary, even if the access is made from a personal machine that is not managed by the company.
SSL VPN functionality is only available for configuration in the Edge Advanced mode.
SSL VPN Server settings
On the tab Datacenters\Networking\Edges choose Edge Gateway, and press Configure Services. In the window that appears, select the SSL VPN Plus tab.
On the tab Server Settings настройте следующие параметры сервера: IP4 address - external address for incoming connections, Port - port for incoming connections (usually, 443), Cipher list - encryption algorithms (AES recommended)
Create a pool of IP addresses for assigning client VPN by pressing [+] on the tab IP Pool: IP Range / Netmask / Gateway - Address range, netmask and address Edge Gateway, Status:Enabled - pool activation.
Add the cloud network that is available for remote clients by pressing [+] on the tab Private Network: Network - using CIDR network address format, Status:Enabled - network activation.
To configure the authentication server, click [+LOCAL] on the tab Authentication: Enable password policy - password complexity policy (recommended), Password Length - 10+ characters (recommended), Minimum no. of alphabets/digits/special characters - minimum number of capital letters/numbers/special characters, Password should not contain user ID - ban on using user login in password, Password expires in / Expiry notification in - password expiration date / expiration warning, Enable account lockout policy - user lockout policy (recommended), Retry Count / Retry Duration - number of failed password entry attempts per time interval, Lockout Duration, Status:Enabled - authentication server activation.
To create a user account, click [+] on the tab Users: User ID, Password / Retype Password, Enabled - account activation.
Create the client software installation package by clicking [+] on the tab Installation Packages: Profile Name - Package Name, Gateway/Port - Gateway IP / Port, Linux/Mac - supporting additional operating systems (Windows client is generated automatically), Enabled - software package activation.
Enable SSL VPN server by choosing Enabled on the tab Server Settings
Installing SSL VPN Client for Windows
Open the address in the browser https://<имя сервера>:<port>, login under the account of the created user, download and install the prepared client software package.
Run the installed client, click Login, and enter user credentials.
Additional notes.
To differentiate access to cloud resources, it may be necessary to create filewall rules for accessing a pool of VPN clients to individual servers.
Additional manufacturer information on configuring SSL VPN-Plus: server setup, client setup
