Enable the Application Access Portal for an Security Engine

In the Engine Editor, enable the Application Access Portal for each Security Engine that provides Application Access Portal access.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Engine.
  2. Right-click an engine element, then select Edit <element type>.
  3. Browse to VPN > Application Access Portal.
    The SSL VPN Properties pane opens on the right.
  4. Click Select to select the Application Access Portal you want to use.
  5. Click Save and Refresh to transfer the new configuration to the engines.

Engine Editor > VPN > Application Access Portal

Use this branch to change settings for the Application Access Portal on the Security Engine.

Option Definition
Application Access Portal Shows the Application Access Portal element that is selected for the Security Engine. Click Select to select an element.
Port

(Optional)

 The port for client connections to the Application Access Portal. The default port is 443.
Allowed SSL/TLS Versions The versions of SSL and TLS that are allowed for connections to the Application Access Portal.
  • SSL 3.0
  • TLS 1.0
  • TLS 1.1
  • TLS 1.2
TLS Cryptography Suite Set The cryptographic suite for TLS connections to the Application Access Portal. Click Select to select an element. Do not change the default setting unless you have a specific reason to do so.
Enable SAML When selected, it enables SAML authentication for Application Access Portal.
Clock Skew Limit Enter the maximum allowed time difference in seconds between the Service Provider and the Identity Provider.
Add
Click Add to add a row to the table. The table includes the following columns:
Note: To enter details in the row, double-click the field in the column to open the dialog box.
  • Authentication Method: Select the authentication method element to use for the Application Access Portal.
  • Service Entity ID: Enter the Service Provider Entity ID.
    Note: You must configure the Service Entity ID in both the IdP and the Engine. The Service Provider Entity ID that is configured in the IdP must match the Service Provider Entity ID that is configured in the Engine.
  • IdP Metadata: Enter the IdP Metadata details to establish trusted and secure communication with the Identity Provider (IdP). For more details, refer to the Create a SAML authentication method element topic.
    Note: If IdP metadata has already been configured for the selected authentication method and you reconfigure it here, the new IdP metadata will overwrite the existing configuration for that authentication method. This overwrite applies only Application Access Portal.
  • ACS URL: Enter the URL where the SAML assertion is sent after login. For example, https://xxy.xxyxyx.com:9443/sso/saml. Wherein, xxy.xxyxyx.com is the hostname of the Application Access Portal and 9443 is the same port that is defined for the Application Access Portal.
    Note:
    • You must configure the ACS URL in both the IdP and the Security Engine. The ACS URL that is configured in the IdP must match the ACS URL that is used in the Engine.
    • The IP Address and the port used in the ACS URL must match the browser-based user authentication interface IP Address and port.
Remove Select a row in the table and then click Remove to remove the row.

TLS Cryptography Suite Set Properties dialog box

Use this dialog box to view the properties of the default TLS Cryptography Suite Set element. Advanced users can create custom TLS Cryptography Suite Set elements if they have a specific reason to do so.

Note: The options in TLS Cryptography Suite Set elements do not apply to TLS 1.3. By default, all supported cryptographic algorithms are enabled for TLS 1.3.
Option Definition
Name Specifies the name of the element.
Comment Adds a comment to the element.
Common Select one or more SSL cryptographic algorithms.
Note: SSL cryptographic algorithms in the Common section are compatible with SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2.
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS 1.2 Only Select one or more SSL cryptographic algorithms.
Note: SSL cryptographic algorithms in the TLS 1.2 Only section are only compatible with TLS 1.2.
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_DHS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384