Make services available in the SSL VPN Portal
To make services in the protected network available in the SSL VPN Portal, define SSL VPN Portal Service elements.
SSL VPN Portal Service elements map external URLs to HTTP-based services in the protected network. SSL VPN Portal Service elements contain settings that define how the internal URLs of the HTTP-based services are translated to external URLs. URL translation makes sure that all traffic to registered web resource hosts is routed through the SSL VPN Portal. End users can access the SSL VPN Portal Services through the SSL VPN Portal, or directly through web browser bookmarks.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Select Configuration, then browse to Secure SD-WAN.
- Browse to .
- Right-click SSL VPN Portal Services, then select New SSL VPN Portal Service.
- Configure the settings, then click OK.
Next steps
You are now ready to define which users are allowed to access the services.
SSL VPN Portal Service Properties dialog box
Use this dialog box to define the properties of an SSL VPN Portal Service element.
Option | Definition |
---|---|
General tab | |
Name | Specifies a unique name for the element. Note: The name must only contain letters, numbers, dashes (-), and underscores (_).The name cannot contain spaces.
|
Link Translation | Specifies how incoming connections are routed to services in the protected network.
|
Disable Client-Side Rewrite | When selected, disables client-side URL rewriting. Select this option only if client-side URL rewriting does not work as expected and you need to revert to a previous
working configuration. Client-side URL rewriting improves compatibility when JavaScript is used to dynamically construct URLs. Disabling the rewriting changes the way the URLs in JavaScript are handled and often breaks the links within JavaScript. Note: Client-side URL rewriting must be enabled to connect to some services, such as
Sharepoint and Office365, through the SSL VPN Portal.
|
Option | Definition |
---|---|
When Link Translation method is URL Rewrite | |
Profile | Shows the selected SSL VPN Portal Service Profile element. Click Select to select a SSL VPN Portal Service Profile. Click Select to select an element.The profile contains settings for SSO and cookie protection. |
External URL Prefix | Specifies the prefix of the URL where users access the service. Enter a forward slash (/) followed by a unique prefix. |
Internal URL | Specifies the URL of the service in the protected network. The URL must be followed by a forward slash (/). |
Alternative Hosts | Specifies additional host names or IP addresses at which the web server can be contacted. Click Add to add a row to the table, or Remove to remove the selected row. |
SSO Domain | Shows the selected SSO Domain element. Users can use SSO for all services that share credentials as part of the same SSO Domain. |
Client Trust | Specifies which certificate authorities (CA) are trusted for client connections to the service. Clients trust the CA that you select from the drop-down list. To allow the client to trust any CA, select Trust All CAs. |
Option | Definition |
---|---|
When Link Translation method is DNS Mapping | |
Profile | Shows the selected SSL VPN Portal Service Profile element. Click Select to select a SSL VPN Portal Service Profile. Click Select to select an element.The profile contains settings for SSO and cookie protection. |
External URL | Specifies the URL where users access the service. The URL must be an HTTPS URL and a valid host name with a top-level domain. |
Internal URL | Specifies the URL of the service in the protected network. The URL must be followed by a forward slash (/). |
Server Credentials | Specifies the certificate that is used for HTTPS connections.
|
Rewrite HTML | When selected, the SSL VPN Portal searches the HTML content of the service and rewrites URLs so that traffic is routed through the SSL VPN Portal. Note: By
default, the SSL VPN Portal searches the HTML content of the service and rewrites URLs so that traffic is routed through the SSL VPN Portal.
|
Alternative Hosts | Specifies additional host names or IP addresses at which the web server can be contacted. Click Add to add a row to the table, or Remove to remove the selected row. |
SSO Domain | Shows the selected SSO Domain element. Users can use SSO for all services that share credentials as part of the same SSO Domain. |
Client Trust | Specifies which certificate authorities (CA) are trusted for client connections to the service. Clients trust the CA that you select from the drop-down list. To allow the client to trust any CA, select Trust All CAs. |
Option | Definition |
---|---|
When Link Translation method is Freeform URL | |
Cookie Protection | Specifies whether cookie protection is used.
|
Allowed URLs | Specifies the protocols, IP addresses, or DNS names of the accessible services.
|
Trusted CAs | Specifies which certificate authorities (CA) are trusted for client connections to the service. Clients trust the CA that you add to the list. Click Add to add an element to the list, or Remove to remove the selected element. To allow the client to trust any CA, click Add, then click Select Any to add the Trust All CAs element to the list. |
Option | Definition |
---|---|
Look & Feel tab | |
Visible in Portal | When selected, a link to the service appears on the SSL VPN Portal webpage. |
Title | The title that is displayed for the service on the SSL VPN Portal webpage. |
Start Page | Specifies the path to the page to open when the user connects to the service. |
Icon (Optional) |
The icon for the service on the SSL VPN Portal. Shows the file name of the selected icon. Click Browse to browse to the location of the file. |
Description (Optional) |
The description that is displayed for the service on the SSL VPN Portal webpage. |
SSL VPN Portal Service Profile dialog box
Use this dialog box to define the properties of an SSL VPN Portal Service Profile element.
Option | Definition |
---|---|
General tab | |
Name | Specifies a unique name for the element. |
Summary | A summary of the defined settings. |
Category | Shows the assigned category. Click Select to include the element in predefined categories. |
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
Single Sign-On tab | |
Authentication Type |
|
Option | Definition |
---|---|
When Authentication Type is HTTP | |
Support NTLMv2 | Deselect this option if you have legacy devices that do not support NTLMv2. |
Option | Definition |
---|---|
When Authentication Type is Form | |
Logon Page URL | Enter a forward slash (/) followed by the path to the page that the user uses to log on. |
POST Request URL | Enter a forward slash (/) followed by the path to the resource that is called for the POST request. |
User Name Field Name |
Enter the field name used for the user name. |
Domain and User Name Format | If you select Custom, enter the custom format. Use these variables:
For example, you can enter: %DOMAIN\%USER. |
Password Field Name |
Enter the field name used for the password. |
Extra Parameters | Enter the other parameters used in the form in the Field Name and Value columns. |
Add | Adds a row to the Extra Parameters list. |
Remove | Removes the selected row from the Extra Parameters list. |
Option | Definition |
---|---|
Cookie Hiding tab | |
Cookie Hiding |
|
Exceptions | Enter the names of the cookies that you want to include or exclude from encryption. |
Add | Adds a row to the Exceptions list. |
Remove | Removes the selected row from the Exceptions list. |
SSL VPN SSO Domain dialog box
Use this dialog box to define the properties of an SSL VPN SSO Domain element.
Option | Definition |
---|---|
Name | Specifies a unique name for the element. |
SSO Mode |
|
Timeout
(Only if the SSO mode is Persistent) |
Enter the number of days that the user remains logged on. |
Comment | An optional comment for your own reference. |