9.7. SSL VPN
9.7.1. Overview
NetDefendOS provides an additional type of VPN connection called
SSL VPN
. This makes use of
the
Secure Sockets Layer
(SSL) protocol to provide a secure tunnel between a remote client
computer and a NetDefend Firewall. Any application on the client can then communicate
securely with servers located on the protected side of the firewall.
The Advantage of SSL VPN
The key advantage of SSL VPN is that it enables secure communications between a client and a
firewall using the
HTTPS
protocol. In some environments where roaming clients have to operate,
such as hotels or airports, network equipment will often not allow other tunneling protocols,
such as IPsec, to be used.
In such cases, SSL VPN provides a viable, simple, secure client connection solution.
The SSL VPN Disadvantage
A disadvantage of SSL VPN is that it relies on tunneling techniques that make extensive use of
TCP protocol encapsulation for reliable transmission. This leads to extra processing overhead
which can cause noticeable latencies in some high load situations.
SSL VPN therefore demands more processing resources than, for example, IPsec. In addition,
hardware acceleration for IPsec is available on some hardware platforms to further boost
processing efficiency.
Cryptographic Suites and TLS Version Supported by NetDefendOS
NetDefendOS supports a number of cryptographic algorithms for SSL VPN. Only some are
enabled by default and all can be either enabled or disabled. All the supported algorithms are
listed in
Section 13.9, “SSL/TLS Settings”
. Note that TLS version 1.0 and 1.2 is supported by
NetDefendOS but not version 1.1. Refer to
Section 13.9, “SSL/TLS Settings”
for how to disable
version 1.2 so only 1.0 can be used.
By default, only the four algorithms which are considered the most secure are enabled. It is not
recommended to enable the weaker algorithms and they exist primarily for backwards
compatibility.
A Summary of SSL VPN Setup Steps
SSL VPN setup requires the following steps:
•
On the NetDefend Firewall side:
i.
An
SSL VPN Interface
object needs to be created which configures a particular Ethernet
interface to accept SSL VPN connections.
ii.
An
Authentication Rule
needs to be defined for incoming SSL VPN clients and the rule
must have the
Interface
property set to be the name of the SSL VPN object created
above.
The
Authentication Agent
of the rule must be set to
L2TP/PPTP/SSL VPN
and the rule's
Chapter 9: VPN
752
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...