1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 53
Page 261 / 414 Scroll up to view Page 256 - 260
Virtual Private Networking Using SSL Connections
261
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
computer. The wireless VPN firewall assigns the computer an IP address and DNS server
IP addresses, allowing the remote computer to access network resources in the same
manner as if it were connected directly to the corporate network, subject to any policy
restrictions that you configure.
SSL port forwarding
.
Like an SSL VPN tunnel, port forwarding is a web-based client
that is installed transparently and then creates a virtual, encrypted tunnel to the remote
network. However, port forwarding differs from an SSL VPN tunnel in several ways:
-
Port forwarding supports only TCP connections, not UDP connections or connections
using other IP protocols.
-
Port forwarding detects and reroutes individual data streams on the user’s computer
to the port-forwarding connection rather than opening up a full tunnel to the corporate
network.
-
Port forwarding offers more fine-grained management than an SSL VPN tunnel. You
define individual applications and resources that are available to remote users.
The SSL VPN portal can present the remote user with one or both of these SSL service
levels, depending on how you set up the configuration.
Overview of the SSL Configuration Process
To configure and activate SSL connections, perform the following six basic steps in the order
that they are presented:
1.
Create a new SSL portal (see
Create the Portal Layout
on page 262).
When remote users log in to the wireless VPN firewall, they see a portal page that you
can customize to present the resources and functions that you choose to make available.
2.
Create authentication domains, user groups, and user accounts (see
Configure Domains,
Groups, and Users
on page 266).)
a.
Create one or more authentication domains for authentication of SSL VPN users.
When remote users log in to the wireless VPN firewall, they need to specify a domain
to which their login account belongs. The domain determines the authentication
method that is used and the portal layout that is presented, which in turn determines
the network resources to which the users are granted access. Because you need to
assign a portal layout when creating a domain, the domain is created after you have
created the portal layout.
b.
Create one or more groups for your SSL VPN users.
When you define the SSL VPN policies that determine network resource access for
your SSL VPN users, you can define global policies, group policies, or individual
policies. Because you need to assign an authentication domain when creating a
group, the group is created after you have created the domain.
c.
Create one or more SSL VPN user accounts.
Because you need to assign a group when creating a SSL VPN user account, the
user account is created after you have created the group.
Page 262 / 414
Virtual Private Networking Using SSL Connections
262
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
3.
For port forwarding, define the servers and services (see
Configure Applications for Port
Forwarding
on page 267).
Create a list of servers and services that can be made available through user, group, or
global policies. You can also associate fully qualified domain names (FQDNs) with these
servers. The wireless VPN firewall resolves the names to the servers using the list you
have created.
4.
For SSL VPN tunnel service, configure the virtual network adapter (see
Configure the SSL
VPN Client
on page 269).
For the SSL VPN tunnel option, the wireless VPN firewall creates a virtual network
adapter on the remote computer that then functions as if it were on the local network.
Configure the portal’s SSL VPN client to define a pool of local IP addresses to be issued
to remote clients, as well as DNS addresses. Declare static routes or grant full access to
the local network, subject to additional policies.
5.
To simplify policies, define network resource objects (see
Use Network Resource Objects to
Simplify Policies
on page 273).
Network resource objects are groups of IP addresses, IP address ranges, and services.
By defining resource objects, you can more quickly create and configure network policies.
6.
Configure the SSL VPN policies (see
Configure User, Group, and Global Policies
on
page 276).
Policies determine access to network resources and addresses for individual users,
groups, or everyone.
Create the Portal Layout
The Portal Layouts screen that you can access from the SSL VPN configuration menu allows
you to create a custom screen that remote users see when they log in to the portal. Because
the log-in screen is completely customizable, it provides an ideal way to communicate remote
access instructions, support information, technical contact information, or VPN-related news
updates to remote users. The log-in screen is also well suited as a starting screen for
restricted users; if mobile users or business partners are permitted to access only a few
resources, the log-in screen that you create presents only the resources that are relevant to
these users.
You apply portal layouts by selecting one from the available portal layouts in the configuration
of a domain. When you have completed your portal layout, you can apply the portal layout to
one or more authentication domains (see
Configure Domains
on page 289). You can also
make the new portal the default portal for the SSL VPN gateway by selecting the default radio
button adjacent to the portal layout name.
The wireless VPN firewall’s default portal address is https://<IP_address>/portal/SSL-VPN, in
which the IP address can be either an IPv4 or an IPv6 address. Both types of addresses are
supported simultaneously. The default domain geardomain is assigned to the default
SSL-VPN portal.
Page 263 / 414
Virtual Private Networking Using SSL Connections
263
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
You can define individual layouts for the SSL VPN portal. The layout configuration includes
the menu layout, theme, portal pages to display, and web cache control options. The default
portal layout is the SSL-VPN portal. You can add additional portal layouts. You can also make
any portal the default portal for the wireless VPN firewall by clicking the
Default
button in the
Action column of the List of Layouts table, to the right of the desired portal layout.
To create a new SSL VPN portal layout:
1.
Select
VPN > SSL VPN > Portal Layouts
.
The Portal Layouts screen displays the IPv4
settings. (The following figure shows an additional layout in the List of Layouts table as an
example.)
2.
Specify the IP version for which you want to add a portal layout:
IPv4
. In the upper right of the screen, the IPv4 radio button is already selected by
default. Go to
Step 3
.
Figure 160.
Portal Layouts screen for IPv4
IPv6
. Select the
IPv6
radio button. The Portal Layouts screen displays the IPv6
settings. (The following figure shows an additional layout in the List of Layouts table as an
example.)
Figure 161.
Portal Layouts screen for IPv6
Page 264 / 414
Virtual Private Networking Using SSL Connections
264
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
The List of Layouts table displays the following fields:
Layout Name
. The descriptive name of the portal.
Description
. The banner message that is displayed at the top of the portal (see
Figure 171
on page 283).
Use Count
. The number of authentication domains that use the portal.
Portal URL:
-
Portal URL (IPv4)
. The IPv4 URL at which the portal can be accessed. The IPv4
address in the URL is the public WAN address of the wireless VPN firewall (see
Configure the IPv4 Internet Connection and WAN Settings
on page 26). Both the
IPv4 URL and the IPv6 URL can be active simultaneously.
-
Portal URL (IPv6)
. The IPv6 URL at which the portal can be accessed. The IPv6
address in the URL is the public WAN address of the wireless VPN firewall (see
Configure the IPv6 Internet Connection and WAN Settings
on page 35). Both the
IPv6 URL and the IPv4 URL can be active simultaneously.
Action
. The table buttons, which allow you to edit the portal layout or set it as the
default.
3.
Under the List of Layouts table, click the
Add
table button. The Add Portal Layout screen
displays. (The following figure shows an example.)
Figure 162.
Page 265 / 414
Virtual Private Networking Using SSL Connections
265
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
4.
Complete the settings as explained in the following table:
Table 65.
Add Portal Layout screen settings
Setting
Description
Portal Layout and Theme Name
Portal Layout Name
A descriptive name for the portal layout. This name is part of the path of the SSL
VPN portal URL.
Note:
Custom portals are accessed at a different URL than the default portal. For
example, if your SSL VPN portal is hosted at https://vpn.company.com, and you
create a portal layout named CustomerSupport, then users access the website at
Note:
Only alphanumeric characters, hyphens (-), and underscores (_) are
accepted in the Portal Layout Name field. If you enter other types of characters or
spaces, the layout name is truncated before the first nonalphanumeric character.
Note:
Unlike most other URLs, this name is case-sensitive.
Portal Site Title
The title that displays at the top of the user’s web browser window, for example,
Company Customer Support
.
Banner Title
The banner title of a banner message that users see before they log in to the
portal, for example,
Welcome to Customer Support
.
Note:
For an example, see
Figure 171
on page 283. The banner title text is
displayed in the orange header bar.
Banner Message
The text of a banner message that users see before they log in to the portal, for
example,
In case of login difficulty, call 123-456-7890
. Enter a plain text message,
or include HTML and JavaScript tags. The maximum length of the login screen
message is 4096 characters.
Note:
You can enlarge the field (that is, the text box) by manipulating the lower
right corner of the field (see the blue circle in the previous figure).
Note:
For an example, see
Figure 171
on page 283. The banner message text is
displayed in the gray header bar.
Display banner
message on login page
Select this check box to show the banner title and banner message text on the
login screen as shown in
Figure 171
on page 283.
HTTP meta tags for
cache control
(recommended)
Select this check box to apply cache control directives for the HTTP meta tags to
this portal layout. Cache control directives include:
<meta http-equiv=”pragma” content=”no-cache”>
<meta http-equiv=”cache-control” content=”no-cache”>
<meta http-equiv=”cache-control” content=”must-revalidate”>
Note:
NETGEAR strongly recommends enabling HTTP meta tags for security
reasons and to prevent out-of-date web pages, themes, and data being stored in
a user’s web browser cache.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top