Configuring Advanced Remote Access Options
In the VPN > Remote Access Advanced page you can configure more advanced settings to determine VPN remote access users' behavior.
You can also add bookmarks (HTML links or RDP links) for specified URLs or computers when you connect through SSL VPN (see below). The next time you log in, your bookmarks are shown.
Office Mode
Remote access VPN clients connect through a VPN tunnel from their homes to the appliance and from there they can gain access into the organization's resources.
The appliance assigns each remote access user an IP address from a specified network so that the traffic inside the organization is not aware that it originated from outside the organization.
This technology is called Office Mode and the network used for supplying the IP addresses is configurable.
To configure the Office Mode network:
-
Enter the Office Network address and Office Subnet Mask.
-
Click Apply.
The default setting for office mode is 172.16.10.0/24.
To assign a VPN certificate:
-
Click the downward arrow next to the VPN Remote Access certificate field.
The list of uploaded certificates shows.
-
Select the desired certificate.
Note - You cannot select the default Web portal certificate.
-
Click Apply.
To route all traffic from VPN remote access clients through the gateway:
-
Select the Route Internet traffic from connected clients through this gateway checkbox.
-
Click Apply.
Normally, only traffic from the VPN clients into the organization's encryption domain is encrypted and sent through the VPN tunnel to the gateway. Selecting the above checkbox causes all traffic from the VPN clients to be encrypted and sent to the gateway. Traffic to locations outside the organization are enforced in this case by the outgoing access Policy. For more information, see Access Policy Firewall Blade Control and Policy pages.
|
Note - This setting does not apply to traffic from SSL Network Extender clients. |
To configure a local encryption domain manually for remote access users only:
The local encryption domains are the internal networks accessible by encrypted traffic from remote access VPN users. By default, the local encryption domain is determined automatically by the appliance. Networks behind LAN interfaces and trusted wireless networks are part of the local encryption domain.
Optionally, you can manually create a local encryption domain to be used by remote access users only instead. It is possible to configure a different manual local encryption domain for VPN remote access and VPN site to site. See VPN > Site to Site Blade Control page.
-
Click on the local encryption domain link: automatically according to topology or manually. The link shown is a reflection of what is currently configured.
-
Select Define local network topology manually.
-
Click Select to show the full list of available networks and choose the relevant checkboxes.
-
Click New if the existing list does not contain the networks you need. For information on creating a new network object, see the Users & Objects > Network Objects page.
-
Click Apply.
The Remote Access Local Encryption Domain window opens and shows the services you selected.
DNS Servers for Remote Access users
You can define up to three DNS servers for Remote Access clients. By default, the Office mode first DNS for clients is set to this gateway.
To use a different DNS Primary server:
-
Click Configure manually.
-
In Office mode first DNS for clients, enter the IP address of a server to use as the DNS server.
-
Click Apply.
DNS Domain Name
You can set a DNS domain name that the Remote Access clients' devices automatically use to attempt to resolve non-FQDN domains. By default, the suffix is automatically configured to take the DNS domain name configured in the DNS page.
To configure a manual DNS domain name:
-
Click Configure manually.
-
In DNS domain name, enter the DNS domain name suffix to use.
-
Click Apply.
To configure the DNS domain name to be the same as the defined DNS domain name:
-
Click Configure automatically.
-
Click Apply.
The DNS domain name shows the text "Same as DNS domain name".
SSL VPN bookmarks
To configure SSL VPN bookmarks:
-
Click Add > New Local User/Users Group/Active Directory Group > SSL VPN Bookmarks tab.
A new window opens.
-
Enter new bookmarks or select existing bookmarks.
Note - If you select Global bookmark, this bookmark is always shown.
-
Click Apply.
To set SSL VPN bookmarks:
-
In SSL VPN bookmarks, click New to create new bookmarks.
A new window opens.
-
Enter these details:
-
URL
Note - If you select Global bookmark, then all users see this bookmark.
-
Type - Link or RDP (remote desktop protocol)
-
Label - The bookmark name
-
Tooltip - Description
-
-
Click Apply.
If you select RDP as the bookmark type, you must enter the user name and password in the RDP Advanced Settings. These credentials are sent to the end user.
Note - If Show characters is selected, the password characters are shown.
You can also specify the screen size of the remote desktop. The default mode is full screen.
To manage SSL VPN bookmarks:
-
Click on a bookmark.
-
Click Edit or Delete.
-
Click Apply.