Portal and manage the respective VPN Portal connections. Note that the number of connections is limited to 100. For the allowed users, the enabled connections are available on the HTML5 VPN Portal tab of the User Portal.On the Remote Access > HTML5 VPN Portal > Global tab you can activate the HTML5 VPN Portal and manage the respective VPN Portal connections. Note that the number of connections is limited to 100. For the allowed users, the enabled connections are available on the HTML5 VPN Portal tab of the User Portal.
To activate the HTML5 VPN Portal and create a new HTML5 VPN connection, proceed as follows:
Enable the HTML5 VPN Portal.
Click the toggle switch.
The toggle switch turns green and the elements on the page become editable. All existing, enabled connections will now be visible in the User Portal of the allowed users.
Click the New HTML5 VPN Portal Connection button.
The Add HTML5 VPN Portal Connection dialog box opens.
Make the following settings:
Name: Enter a descriptive name for this connection.
Connection type: Select the connection type. Depending on the selected connection type, different parameters are displayed. The following types are available:
Remote Desktop: Remote access using the Remote Desktop Protocol (RDP), e.g., to open a remote desktop session to a Windows host.
Note – Users using iOS and Safari need to install the WebAdmin CA certificate into their system key chain list. How to install the WebAdmin CA is explained on the Management > WebAdmin Settings > HTTPS Certificate tab.
Network Definitions page.
Webapp (HTTPS): Browser-based access to web applications via HTTPS.
Note – The URL used for the HTTP/HTTPS connection is composed of the Destination, the Port and the Path options for this connection. The web application has to be compatible with Mozilla Firefox (version 6.0 onwards).
.VNC: Remote access using Virtual Network Computing (VNC), e.g., to open a remote desktop of a Linux/Unix host.
Note – Currently only VNC classic authentication (password only) is supported. Make sure your server is set up accordingly.
Destination: Select or add the host which allowed users should be able to connect to. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Note – If the selected destination host supplies a self-signed certificate, make sure that the CN (Common Name) of the certificate matches your destination hostname. Otherwise users will get a certificate warning in the portal browser. If you e.g. use a DNS host www.mydomain.com, make sure that the self-signed certificate contains this name. If you use a host instead of a DNS host, make sure that the self-signed certificate contains the host's IP address as a Subject Alternative Name.
Path (only with connection types Webapp): Enter the path which allowed users should be able to connect to.
Username (only with connection type SSH): Enter the username the user should use to connect.
Automatic login/Automatic login (Basic Auth): If enabled, users can log in without knowing the authentication data. In this case, you have to provide the authentication data. The displayed options depend on the selected connection type:
Password: Enter the password users should use to connect.
Note – When using the connection type Telnet, for security reasons automatic login only works when the banner length sent from the Telnet server does not exceed 4096 characters (including the password prompt). If the banner is longer, automatic login fails. In this case reduce the banner length or switch to manual login.
SSL host certificate (only with connection type HTTPS): Add the SSL host security certificate to identify the destination host.
Public host key (only with connection type SSH): Add the public key of the SSH host.
Allowed users (User Portal): Select the users or groups or add the new users that should be allowed to use the VPN Portal connection. By default, only one user can use a connection at the same time. If you want the users to share a session simultaneously, select the Shared session checkbox in the Advanced section. How to add users is explained on the Definitions & Users > Users & Groups > Users page.
Note – When you add a group with backend membership, make sure that the group is also allowed for the User Portal. On the Management > User Portal > Global tab, either select Allow all users or Allow only specific users and explicitly add the group. If you only allow individual group members for the User Portal, they will not be provided the connections allowed for the group.
Comment (optional): Add a description or other information.
Optionally, make the following advanced settings:
Port: Enter a port number for the connection. By default the standard port of the selected connection type is selected.
Protocol security (only with connection type Remote Desktop): Select the security protocol for the Remote Desktop session. You can choose between RDP, TLS and NLA (Network Level Authentication). Your settings have to comply with the server settings. NLA requires to enable Automatic login above.
Share session: Select this option to allow users to use the connection simultaneously and see the same screen.
Allow external resources (only with connection types Webapp (HTTP/S)): Enter additional resources that are allowed to be accessed via this connection. This is useful if for example images or other resources are stored on a different server than the webpage itself. For the selected host(s) or network ranges port 80 and 443 will be allowed.
Click Save.
The new connection appears on the Connections list.
Enable the connection.
Click the toggle switch to activate the connection.
The connection is now available for the allowed users. It is located on the HTML5 VPN Portal tab of the User Portal.
To either edit or delete a connection, click the corresponding buttons.
Related Topics| © 2019 Sophos Limited | Sophos UTM 9.600 |