On the Remote Access > HTML5 VPN Portal > Global tab you can activate the HTML5 VPNClosed Portal and manage the respective VPN Portal connections. Note that the number of connections is limited to 100. For the allowed users, the enabled connections are available on the HTML5 VPN Portal tab of the User Portal.

To activate the HTML5 VPN Portal and create a new HTML5 VPN connection, proceed as follows:

  1. Enable the HTML5 VPN Portal.

    Click the toggle switch.

    The toggle switch turns green and the elements on the page become editable. All existing, enabled connections will now be visible in the User Portal of the allowed users.

  2. Click the New HTML5 VPN Portal Connection button.

    The Add HTML5 VPN Portal Connection dialog box opens.

  3. Make the following settings:

    Name: Enter a descriptive name for this connection.

    Connection type: Select the connection type. Depending on the selected connection type, different parameters are displayed. The following types are available:

    Destination: Select or add the host which allowed users should be able to connect to. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.

    Note – If the selected destination host supplies a self-signed certificate, make sure that the CN (Common Name) of the certificate matches your destination hostname. Otherwise users will get a certificate warning in the portal browser. If you e.g. use a DNS host, make sure that the self-signed certificate contains this name. If you use a host instead of a DNS host, make sure that the self-signed certificate contains the host's IP address as a Subject Alternative Name.

    Path (only with connection types Webapp): Enter the path which allowed users should be able to connect to.

    Username (only with connection type SSH): Enter the username the user should use to connect.

    Automatic login/Automatic login (Basic Auth): If enabled, users can log in without knowing the authentication data. In this case, you have to provide the authentication data. The displayed options depend on the selected connection type:

    SSL host certificate (only with connection type HTTPS): Add the SSLClosed host security certificate to identify the destination host.

    Public host key (only with connection type SSH): Add the public key of the SSH host.

    Allowed users (User Portal): Select the users or groups or add the new users that should be allowed to use the VPN Portal connection. By default, only one user can use a connection at the same time. If you want the users to share a session simultaneously, select the Shared session checkbox in the Advanced section. How to add users is explained on the Definitions & Users > Users & Groups > Users page.

    Note – When you add a group with backend membership, make sure that the group is also allowed for the User Portal. On the Management > User Portal > Global tab, either select Allow all users or Allow only specific users and explicitly add the group. If you only allow individual group members for the User Portal, they will not be provided the connections allowed for the group.

    Comment (optional): Add a description or other information.

  4. Optionally, make the following advanced settings:

    Port: Enter a port number for the connection. By default the standard port of the selected connection type is selected.

    Protocol security (only with connection type Remote Desktop): Select the security protocol for the Remote Desktop session. You can choose between RDP, TLSClosed and NLA (Network Level Authentication). Your settings have to comply with the server settings. NLA requires to enable Automatic login above.

    Share session: Select this option to allow users to use the connection simultaneously and see the same screen.

    Allow external resources (only with connection types Webapp (HTTP/S)): Enter additional resources that are allowed to be accessed via this connection. This is useful if for example images or other resources are stored on a different server than the webpage itself. For the selected host(s) or network ranges port 80 and 443 will be allowed.

  5. Click Save.

    The new connection appears on the Connections list.

  6. Enable the connection.

    Click the toggle switch to activate the connection.

    The connection is now available for the allowed users. It is located on the HTML5 VPN Portal tab of the User Portal.

To either edit or delete a connection, click the corresponding buttons.

Related Topics Link IconRelated Topics
© 2019 Sophos Limited Sophos UTM 9.600