SSL VPN Portal
Stormshield Network’s SSL VPN portal allows your mobile or static users to connect to your company’s resources securely.
Stormshield Network’s SSL VPN portal does not impose any client installations on your users’ workstations and natively supports operating systems that have Java 8 or OpenWebStart installed (Windows, Linux, macOS, etc.).
The SSL VPN configuration screen consists of 4 tabs:
- General: Allows enabling the module, selecting the access type and configuring advanced properties.
- Web servers: Stormshield Network’s SSL VPN allows securing access to your HTTP servers (Intranet, webmail,…) while avoiding the need to manage multiple HTTP servers. Furthermore, for mobile users, it allows masking information about your internal network, the only visible IP address being your firewall’s.
Stormshield Network’s SSL VPN automatically rewrites HTTP links found in web pages that your users visit. This allows browsing between your various servers, if they have been configured, or prohibiting access to certain servers. When a web link in a page points to an unconfigured server, the link will be redirected to the Stormshield Network SSL VPN start page.
- Application servers: This section shows the servers that have been configured for access to resources other than web-based resources (telnet, mail, etc)
Stormshield Network’s SSL VPN enables securing any protocol based on a single TCP connection (POP3, SMTP, telnet, remote access, etc). For protocols other than HTTP, the client that allows secure connections is a Java applet, which will open an encrypted tunnel. All packets exchanged between the client workstation and the firewall are encrypted.
Stormshield Network’s SSL VPN does not impose any client installations on your users’ workstations and natively supports operating systems that have Java 8 or OpenWebStart installed (Windows, Linux, macOS, etc.).
You only need to configure the servers which you intend to allow your users to access. These servers will be added dynamically to the list of authorized servers the next time your users load the java applet.
The Java applet opens listening ports on the client workstation, and client tools will need to connect to these ports in order to pass through the secure tunnel set up between the applet and the firewall. It is necessary to ensure that the chosen port is accessible to the user (where privileges are concerned) and that there is no conflict with another port used by another program. These servers will be added dynamically. These can be used for control purposes and/or transparent authentications on the source of requests.
- User profiles: If you wish to restrict access to servers defined in the SSL VPN configuration, you need to define profiles that contain the list of authorized servers, then assign them to users.