Configuring SSL VPN Client

On the Network > SSL VPN > Client Settings page, you can edit the Default Device Profile. The Default Device Profile enables SSL VPN access on zones, configures client routes, and configures the client DNS and NetExtender settings.

The Network > SSL VPN > Client Settings page also displays the configured IPv4 and IPv6 network addresses and zones that have SSL VPN access enabled.

Edit the Default Device Profile to select the zones and NetExtender address objects, configure client routes, and configure the client DNS and NetExtender settings.

SSL VPN access must be enabled on a zone before users can access the Virtual Office web portal. SSL VPN Access can be configured on the NETWORK | SSL VPN| Server Settings page.

 

• Configuring the Settings Option
• Configuring the Client Routes
• Configuring Client Settings

Configuring the Settings Options

To configure Default Device Profile

1. Navigate to the Network | SSL VPN > Client Settings page.

2. Click the Edit icon for the Default Device Profile. Select the Basic tab.

   

   The Name and Description of the Default Device Profile cannot be changed.

3. In the Zone IP V4 drop-down menu, choose SSLVPN or a custom zone to set the zone binding for this profile.
4. From the Network Address IP V4 drop-down menu, select the IPv4 NetExtender address object that you created for this profile. Refer to Creating an Address Object for the NetExtender Range for instructions. This setting selects the IP Pool and zone binding for this profile. The NetExtender client gets the IP address from this address object if it matches this profile.
5. In the Zone IP V6 drop-down menu, choose SSLVPN or a custom zone to set the zone binding for this profile.
6. From the Network Address IP V6 drop-down menu, select the IPv6 NetExtender address object that you created.
7. Click OK to save settings and close the window or proceed to Configuring the Client Routes.

Configuring the Client Routes

In Client Routes, you can control the network access allowed for SSL VPN users. The NetExtender client routes are passed to all NetExtender clients and are used to govern which private networks and resources remote users can access third-party the SSL VPN connection.

To configure the client routes

1. Navigate to the Network | SSL VPN > Client Settings page.
2. Click the Edit icon for the Default Device Profile.

3. Select Client Routes.

   

4. To force all traffic for NetExtender users over the SSL VPN NetExtender tunnel—including traffic destined for the remote user’s local network, select Enabled from the Tunnel All Mode drop-down menu.
5. Under Networks, select the address object to which you want to allow SSL VPN access.
6. Click the Right Arrow to move the address object to the Client Routes list.

7. Repeat until you have moved all the address objects you want to use for Client Routes.

   Creating client routes also creates access rules automatically. You can also manually configure access rules for the SSL VPN zone. Refer to SonicOS 7.0 Access Rules for details about access rules.

8. Click OK to save the settings and close the window or proceed to Configuring Client Settings.

Configuring Client Settings

The Client Settings screen has two sections containing options:

• SSLVPN Client DNS Setting
• NetExtender Client Settings

To configure SSLVPN Client DNS Settings

1. Navigate to the NETWORKS | SSL VPN > Client Settings page.
2. Click the Edit icon for the Default Device Profile.

3. Select Client Settings. The screen displays the SSLVPN Client and DNS Setting sections.