ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
access policies. When you create a group, you need to specify a domain. Therefore, you should create any domains first, then groups, and then user accounts.
For information about how to configure domains, groups, and users, see
Configure
Authentication Domains, Groups, and Users
on page 296.
Configure Applications for Port Forwarding
•
Add Servers and Port Numbers
•
Add a New Host Name
Port forwarding provides access to specific defined network services. To define these services, you need to specify the internal server addresses and port numbers for TCP applications that are intercepted by the port forwarding client on the user’s computer. This client reroutes the traffic to the VPN firewall.
Note:
SSL VPN port forwarding is supported for IPv4 connections only.
Add Servers and Port Numbers
To configure port forwarding, you need to define the IP addresses of the internal servers and the port number for TCP applications that are available to remote users.
To add a server and a port number:
1.
Select VPN > SSL VPN > Port Forwarding. The Port Forwarding screen displays. (The following figure shows an example.)
Figure 182.
Virtual Private Networking Using SSL Connections
275
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
2.
In the Add New Application for Port Forwarding section of the screen, specify information in the following fields:
•
IP Address. The IP address of an internal server or host computer that a remote user has access to.
•
TCP Port. The TCP port number of the application that is accessed through the SSL
VPN tunnel. The following table lists some commonly used TCP applications and port numbers.
Table 70. Port forwarding applications/TCP port numbers
TCP Application
FTP data (usually not needed)
Port Number
20
FTP Control Protocol
SSH
21
22 a
23 a
Telnet
SMTP (send mail) 25
80 HTTP (web)
POP3 (receive mail) 110
123 NTP (Network Time Protocol)
Citrix 1494
3389 Terminal Services
VNC (virtual network computing) 5900 or 5800
a. Users can specify the port number together with the host name or IP address.
3.
Click the Add table button. The new application entry is added to the List of Configured
Applications for Port Forwarding table. Remote users can now securely access network applications once they have logged in to the SSL VPN portal and launched port forwarding.
To delete an application from the List of Configured Applications for Port Forwarding table:
1.
Select the check box to the left of the application that you want to delete.
2.
Click the Delete table button in the Action column.
Add a New Host Name
After you have configured port forwarding by defining the IP addresses of the internal servers and the port number for TCP applications that are available to remote users, you then can also specify host-name-to-IP-address resolution for the network servers as a convenience for users. Host name resolution allows users to access TCP applications at familiar addresses such as mail.example.com or ftp.customer.com rather than by IP addresses.
Virtual Private Networking Using SSL Connections
276
