advertisement
| Configure | 273
SSL VPN (Remote Access)
The SSL VPN (Remote Access) tab allows control of remote devices connected to your system.
The remote access SSL feature of Sophos XG Firewall is realized by OpenVPN, a full-featured SSL VPN solution.
You can create point-to-point encrypted tunnels between remote employees and your company, requiring both SSL certificates and a username/password combination for authentication. This enables access to internal resources. In addition, a secure User Portal is offered, which can be accessed by each authorized user to download a customized
SSL VPN client software bundle. This bundle includes a free SSL VPN client, SSL certificates and a configuration that can be handled by a simple one-click installation procedure. The SSL VPN client supports most business applications such as native Outlook, native Windows file sharing, and many more.
This page displays a list of all available remote policies. For each policy, the list shows:
Name
Displays the name of the SSL VPN remote access policy.
Use as Default Gateway
Displays if and which default gateway is used for the policy.
Description
Displays the description which was entered for the policy.
Figure 275: About SSL
Add SSL VPN Remote Access Policy
This page allows adding SSL VPN remote access policies.
1. Go to Configure > VPN > SSL VPN (Remote Access) and click Add.
2. Specifiy the General Settings details:
Name
Enter a unique name for the policy.
Description
Enter a description or other information.
Figure 276: General Settings
3. Specify the Identity details:
Policy Members
Click Add New Item to select available users/groups from a list or search for users/groups. When selected, click Apply Selected Items.
Note: You can also view and manage active SSL VPN users on the Monitor &
Analyze > Current Activities > Remote Users page.
Selected items are displayed in the list. To remove an item from the list, click the Minus icon on the right of the item.
Figure 277: Identity
4. Specify the Tunnel Access details:
Use as Default Gateway
Activate the toggle switch if you want to use this as default gateway. If activated, all traffic is forwarded to a default gateway including external Internet requests. If deactivated, the traffic uses a split mode to separate traffic for internal network segments and external Internet requests through different gateways.
Permitted Network Resources (IPv4)
Click Add New Item to select available network resources from a list or search for network resources. When selected, click Apply Selected Items.
Selected items are displayed in the list. To remove an item from the list, click the Minus icon on the right of the item.
Permitted Network Resources (IPv6)
Click Add New Item to select available users/groups from a list or search for users/groups. When selected, click Apply Selected Items.
Selected items are displayed in the list. To remove an item from the list, click the Minus icon on the right of the item.
| Configure | 274
Figure 278: SSL VPN (Remote Access) Tunnel Access
5. Specify the Idle Timeout settings:
Disconnect Idle Clients
Activate/deactivate by clicking the toggle switch. If activated, clients which are idle will be disconnected from the session after a specified time.
Override Global Timeout (Default 15 Minutes) (available only if Disconnect Idle Clients is selected)
Enter a value for the idle timeout in minutes.
Acceptable range: 15 to 60 minutes
Default: 15 minutes
advertisement
Related manuals
advertisement