For SSL VPN users, if you wish to use an authentication method other than the default method (LDAP), you will need to add this method and configure a suitable authentication policy.
To do so, click on the menu Configuration > Users > Authentication.
“Available methods” tab
Click on Add a method and select a method that requires a login and password: LDAP, Radius or Kerberos.
Authentication methods that do not use passwords, such as SPNEGO and the SSO agent, cannot be used for SSL VPN tunnels.
“Authentication policy” tab
Create an authentication rule for SSL VPN users in order to assign the selected method to them.
To do so, click on New rule and select Standard Rule.
The rule created will therefore resemble:
It is absolutely possible to create several authentication rules based on various methods, for different user groups. In such cases, during an authentication request, rules will be examined in the order of their appearance. Example:
To configure the automatic connection / disconnection of a Windows network drive to a shared drive on a server in the company (example: connection of the Z: drive to the shared drive \\myserver\myshare), create two scripts according to the following template:
- A script (Example: Zconnect.bat) to be executed during connection and containing the line:
NET USE Z: \\myserver\myshare
- A script (Example: Zdisconnect.bat) to be executed during disconnection and containing the line:
NET USE Z: /delete
Next, export these two scripts in the SSL VPN settings of the Firewall (Advanced configuration / Script to run on the client in the menu Configuration > VPN > SSL VPN) and confirm:
Both of these scripts will be executed the next time users connect through SSL VPN tunnels.