Further reading

Other authentication method

For SSL VPN users, if you wish to use an authentication method other than the default method (LDAP), you will need to add this method and configure a suitable authentication policy.

To do so, click on the menu Configuration > Users > Authentication.

“Available methods” tab

Click on Add a method and select a method that requires a login and password: LDAP, Radius or Kerberos.


Authentication methods that do not use passwords, such as SPNEGO and the SSO agent, cannot be used for SSL VPN tunnels.

“Authentication policy” tab

Create an authentication rule for SSL VPN users in order to assign the selected method to them.

To do so, click on New rule and select Standard Rule.

  The configuration wizard will prompt you to select a user or user group. Select the group of users that are allowed to log on via SSL VPN tunnels.  
  Next, indicate the source of authentication requests for this group of users. This may be an object (a network, a host or a group) or an interface.  
  Select the chosen authentication method, for example Radius. Enable this rule and click on Apply.  

The rule created will therefore resemble:

Description : C:\Documentations\Modifications\TNO\VPN SSL Full\Images-EN\regle-auth-seule.png



It is absolutely possible to create several authentication rules based on various methods, for different user groups. In such cases, during an authentication request, rules will be examined in the order of their appearance. Example:

Description : C:\Documentations\Modifications\TNO\VPN SSL Full\Images-EN\regle-auth-multi.png

Example of a script for connecting to Windows network drive

To configure the automatic connection / disconnection of a Windows network drive to a shared drive on a server in the company (example: connection of the Z: drive to the shared drive \\myserver\myshare), create two scripts according to the following template:

  • A script (Example: Zconnect.bat) to be executed during connection and containing the line:

NET USE Z: \\myserver\myshare

  • A script (Example: Zdisconnect.bat) to be executed during disconnection and containing the line:

NET USE Z: /delete


Next, export these two scripts in the SSL VPN settings of the Firewall (Advanced configuration / Script to run on the client in the menu Configuration > VPN > SSL VPN) and confirm:

Both of these scripts will be executed the next time users connect through SSL VPN tunnels.