On the SSL > Settings tab, you can configure the basic settings for SSL VPN server connections.

Note – This tab is identical for Site-to-site VPN > SSL and Remote Access > SSL. Changes applied here always affect both SSL configurations.

Server Settings

You can make the following settings for the SSL VPN connection:

  • Interface address: Default value is Any. When using the web application firewall you need to give a specific interface address for the service to listen for SSL connections. This is necessary for the site-to-site/remote access SSL connection handler and the web application firewall to be able to differentiate between the incoming SSL connections.

    Note – The combination of an IPv6 interface address and the UDP protocol is not supported by SSL VPN.

  • Protocol: Select the protocol to use. You can choose either TCP or UDP.

  • Port: You can change the port. The default port is 443. You cannot use port 10443, the SUM Gateway Manager port 4422, or the port used by the WebAdmin interface.

    Note – Changing the port will also change the remote access configurations and the end-users have to download the new remote access configurations from the User Portal. For more information, see User Portal > User Portal: Remote Access.

  • Override hostname: The value in the Override hostname field is used as the target hostname for client VPN connections and is by default the hostname of the gateway. Only change the default if the system's regular hostname (or DynDNS hostname) cannot be reached under this name from the Internet.

Virtual IP Pool

Pool network: This is the virtual IP address pool which is used to distribute IP addresses from a certain IP range to the SSL clients. By default, the VPN Pool (SSL) is selected. In case you select a different address pool, the netmask must not be greater than 29 bits, for OpenVPN cannot handle address pools whose netmask is /30, /31, or /32. Note that the netmask is limited to a minimum of 16.

Duplicate CN

Select Allow multiple concurrent connections per user if you want to allow your users to connect from different IP addresses at the same time. When disabled, only one concurrent SSL VPN connection is allowed per user.