Netgear FVS318N User Manual
Virtual Private Networking Using SSL Connections
267
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
The SSL VPN client provides a point-to-point (PPP) connection between the client and
the wireless VPN firewall, and a virtual network interface is created on the user’s
computer. The wireless VPN firewall assigns the computer an IP address and DNS server
IP addresses, allowing the remote computer to access network resources in the same
manner as if it were connected directly to the corporate network, subject to any policy
restrictions that you configure.
the wireless VPN firewall, and a virtual network interface is created on the user’s
computer. The wireless VPN firewall assigns the computer an IP address and DNS server
IP addresses, allowing the remote computer to access network resources in the same
manner as if it were connected directly to the corporate network, subject to any policy
restrictions that you configure.
•
SSL port forwarding. Like an SSL VPN tunnel, port forwarding is a web-based client
that is installed transparently and then creates a virtual, encrypted tunnel to the remote
network. However, port forwarding differs from an SSL VPN tunnel in several ways:
that is installed transparently and then creates a virtual, encrypted tunnel to the remote
network. However, port forwarding differs from an SSL VPN tunnel in several ways:
-
Port forwarding supports only TCP connections, not UDP connections, or connections
using other IP protocols.
using other IP protocols.
-
Port forwarding detects and reroutes individual data streams on the user’s computer
to the port forwarding connection rather than opening up a full tunnel to the corporate
network.
to the port forwarding connection rather than opening up a full tunnel to the corporate
network.
-
Port forwarding offers more fine-grained management than an SSL VPN tunnel. You
define individual applications and resources that are available to remote users.
define individual applications and resources that are available to remote users.
The SSL VPN portal can present the remote user with one or both of these SSL service
levels, depending on how you set up the configuration.
levels, depending on how you set up the configuration.
Overview of the SSL Configuration Process
To configure and activate SSL connections, perform the following six basic steps in the order
that they are presented:
that they are presented:
1.
Create a new SSL portal (see
When remote users log in to the wireless VPN firewall, they see a portal page that you
can customize to present the resources and functions that you choose to make available.
can customize to present the resources and functions that you choose to make available.
2.
Create authentication domains, user groups, and user accounts (see
on page 272).)
a. Create one or more authentication domains for authentication of SSL VPN users.
When remote users log in to the wireless VPN firewall, they need to specify a domain
to which their login account belongs. The domain determines the authentication
method that is used and the portal layout that is presented, which in turn determines
the network resources to which the users are granted access. Because you need to
assign a portal layout when creating a domain, the domain is created after you have
created the portal layout.
to which their login account belongs. The domain determines the authentication
method that is used and the portal layout that is presented, which in turn determines
the network resources to which the users are granted access. Because you need to
assign a portal layout when creating a domain, the domain is created after you have
created the portal layout.
b. Create one or more groups for your SSL VPN users.
When you define the SSL VPN policies that determine network resource access for
your SSL VPN users, you can define global policies, group policies, or individual
policies. Because you need to assign an authentication domain when creating a
group, the group is created after you have created the domain.
your SSL VPN users, you can define global policies, group policies, or individual
policies. Because you need to assign an authentication domain when creating a
group, the group is created after you have created the domain.
c. Create one or more SSL VPN user accounts.