Page 416 / 944 Scroll up to view Page 411 - 415
Chapter 24 SSL VPN
ZyWALL USG 50 User’s Guide
416
24.3
The SSL Global Setting Screen
Click
VPN > SSL VPN
and click the
Global Setting
tab to display the following
screen. Use this screen to set the IP address of the ZyWALL (or a gateway device)
SSL Application
List (Optional)
The
Selectable Application Objects
list displays the name(s) of the
SSL application(s) you can select for this SSL access policy.
To associate an SSL application to this SSL access policy, select a name
and click
>>
to add to the
Selected Application Objects
list. You can
select more than one application.
To remove an SSL application, select the name(s) in the
Selected
Application Objects
list and click
<<
.
Network
Extension
(Optional)
Enable Network
Extension
Select this option to create a VPN tunnel between the authenticated
users and the internal network. This allows the users to access the
resources on the network as if they were on the same local network.
Clear this option to disable this feature. Users can only access the
applications as defined by the selected SSL application settings and the
remote user computers are not made to be a part of the local network.
Assign IP Pool
Define a separate pool of IP addresses to assign to the SSL users. Select
it here.
The SSL VPN IP pool cannot overlap with IP addresses on the ZyWALL's
local networks (LAN and DMZ for example), the SSL user's network, or
the networks you specify in the SSL VPN
Network List
.
DNS/WINS
Server 1..2
Select the name of the DNS or WINS server whose information the
ZyWALL sends to the remote users. This allows them to access devices
on the local network using domain names instead of IP addresses.
Network List
To allow user access to local network(s), select a network name in the
Selectable Address Objects
list and click
>>
to add to the
Selected
Address Objects
list. You can select more than one network.
To block access to a network, select the network name in the
Selected
Address Objects
list and click
<<
.
OK
Click
Ok
to save the changes and return to the main
Access Privilege
screen.
Cancel
Click
Cancel
to discard all changes and return to the main
Access
Privilege
screen.
Table 121
VPN > SSL VPN > Access Privilege > Add/Edit
(continued)
LABEL
DESCRIPTION
Page 417 / 944
Chapter 24 SSL VPN
ZyWALL USG 50 User’s Guide
417
on your network for full tunnel mode access, enter access messages or upload a
custom logo to be displayed on the remote user screen.
Figure 243
VPN > SSL VPN > Global Setting
The following table describes the labels in this screen.
Table 122
VPN > SSL VPN > Global Setting
LABEL
DESCRIPTION
Global Setting
Network
Extension Local
IP
Specify the IP address of the ZyWALL (or a gateway device) for full
tunnel mode SSL VPN access.
Leave this field to the default settings unless it conflicts with another
interface.
SSL VPN Login
Domain Name
SSL VPN Login
Domain Name
1/2
Specify a domain name for users to use for SSL VPN login. The domain
name must be registered to one of the ZyWALL’s IP addresses or be one
of the ZyWALL’s DDNS entries. You can specify up to two domain names
so you could use one domain name for each of two WAN ports. Do not
include the host. For example, www.zyxel.com is a fully qualified
domain name where “www” is the host; so you would just use
“zyxel.com”.
The ZyWALL displays the normal login screen without the button for
logging into the Web Configurator.
Message
Login Message
Specify a message to display on the screen when a user logs in and an
SSL VPN connection is established successfully. You can enter up to 60
characters (“a-z”, A-Z”, “0-9”) with spaces allowed.
Page 418 / 944
Chapter 24 SSL VPN
ZyWALL USG 50 User’s Guide
418
24.3.1
How to Upload a Custom Logo
Follow the steps below to upload a custom logo to display on the remote user SSL
VPN screens.
1
Click
VPN > SSL VPN
and click the
Global Setting
tab to display the
configuration screen.
2
Click
Browse
to locate the logo graphic. Make sure the file is in GIF, JPG, or PNG
format.
3
Click
Apply
to start the file transfer process.
4
Log in as a user to verify that the new logo displays properly.
Logout Message
Specify a message to display on the screen when a user logs out and
the SSL VPN connection is terminated successfully. You can enter up to
60 characters (“a-z”, A-Z”, “0-9”) with spaces allowed.
Update Client
Virtual Desktop
Logo
You can upload a graphic logo to be displayed on the web browser on
the remote user computer. The ZyXEL company logo is the default logo.
Specify the location and file name of the logo graphic or click
Browse
to
locate it.
Note: The logo graphic must be GIF, JPG, or PNG format. The
graphic should use a resolution of 127 x 57 pixels to avoid
distortion when displayed. The ZyWALL automatically resizes
a graphic of a different resolution to 127 x 57 pixels. The file
size must be 100 kilobytes or less. Transparent background
is recommended.
Browse
Click
Browse
to locate the graphic file on your computer.
Upload
Click
Upload
to transfer the specified graphic file from your computer to
the ZyWALL.
Reset Logo to
Default
Click
Reset Logo to Default
to display the ZyXEL company logo on the
remote user’s web browser.
Apply
Click
Apply
to save the changes and/or start the logo file upload
process.
Reset
Click
Reset
to return the screen to its last-saved settings.
Table 122
VPN > SSL VPN > Global Setting (continued)
LABEL
DESCRIPTION
Page 419 / 944
Chapter 24 SSL VPN
ZyWALL USG 50 User’s Guide
419
The following shows an example logo on the remote user screen.
Figure 244
Example Logo Graphic Display
24.4
Establishing an SSL VPN Connection
After you have configured the SSL VPN settings on the ZyWALL, use the ZyWALL
login screen’s SSL VPN button to establish an SSL VPN connection. See the User’s
Guide
Section 25.2 on page 422
for details.
1
Display the ZyWALL’s login screen and enter your user account information (the
user name and password). Click
SSL VPN
.
Figure 245
Login Screen
Page 420 / 944
Chapter 24 SSL VPN
ZyWALL USG 50 User’s Guide
420
2
SSL VPN connection starts. This may take several minutes depending on your
network connection. Once the connection is up, you should see the client portal
screen. The following shows an example.
Figure 246
SSL VPN Client Portal Screen Example
If the user account is not set up for SSL VPN access, an “SSL VPN connection is
not activated” message displays in the
Login
screen. Clear the
Login to SSL VPN
check box and try logging in again.
For more information on user portal screens, refer to
Chapter 25 on page 421
.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top