Configuring Advanced Remote Access Options

In the VPN > Remote Access Advanced page you can configure more advanced settings to determine VPN remote access users' behavior.

You can also add bookmarks (HTML links or RDP links) for specified URLs or computers when you connect through SSL VPN (see below). The next time you log in, your bookmarks are shown.

Office Mode

Remote access VPN clients connect through a VPN tunnel from their homes to the appliance and from there they can gain access into the organization's resources.

The appliance assigns each remote access user an IP address from a specified network so that the traffic inside the organization is not aware that it originated from outside the organization.

This technology is called Office Mode and the network used for supplying the IP addresses is configurable.

  1. Enter the Office Network address and Office Subnet Mask.

  2. Click Apply

    The default setting for office mode is 172.16.10.0/24.

  1. In the Advanced page > Certificate authentication section, select one of these options:

    • Automatically use the last installed certificate.

    • Manually choose a VPN certificate - Select a certificate from the list of uploaded certificates in the drop-down menu.

  2. Click Apply.

  1. Select the Route Internet traffic from connected clients through this gateway checkbox.

  2. Starting from R81.10.10, you can select the Restrict VPN Remote Access implied rule checkbox to disable implied rules and restrict Remote Access VPNClosed An encrypted tunnel between remote access clients (such as Endpoint Security VPN) and a Security Gateway. according to the Access Policy.

  3. Click Apply.

Normally, only traffic from the VPN clients into the organization's encryption domain is encrypted and sent through the VPN tunnel to the gateway. Selecting the above checkbox causes all traffic from the VPN clients to be encrypted and sent to the gateway. Traffic to locations outside the organization are enforced in this case by the outgoing access Policy. For more information, see Access Policy Firewall Blade Control and Policy pages.

Notes:

The local encryption domains are the internal networks accessible by encrypted traffic from remote access VPN users. By default, the local encryption domain is determined automatically by the appliance. Networks behind LAN interfaces and trusted wireless networks are part of the local encryption domain.

Optionally, you can manually create a local encryption domain to be used by remote access users only instead. It is possible to configure a different manual local encryption domain for VPN remote access and VPN site to site. See VPN > Site to Site Blade Control page.

  1. Click on the local encryption domain link: automatically according to topology or manually. The link shown is a reflection of what is currently configured.

  2. Select Define local network topology manually.

  3. Click Select to show the full list of available networks and choose the relevant checkboxes.

  4. Click New if the existing list does not contain the networks you need. For information on creating a new network object, see the Users & Objects > Network Objects page.

  5. Click Apply.

    The Remote Access Local Encryption Domain window opens and shows the services you selected.

DNS Servers for Remote Access users

You can define up to three DNS servers for Remote Access clients. By default, the Office mode first DNS for clients is set to this gateway.

  1. Click Configure manually.

  2. In Office mode first DNS for clients, enter the IP address of a server to use as the DNS server.

  3. Click Apply.

DNS Domain Name

You can set a DNS domain name that the Remote Access clients' devices automatically use to attempt to resolve non-FQDN domains. By default, the suffix is automatically configured to take the DNS domain name configured in the DNS page.

  1. Click Configure manually.

  2. In DNS domain name, enter the DNS domain name suffix to use.

  3. Click Apply.

  1. Click Configure automatically.

  2. Click Apply.

    The DNS domain name shows the text "Same as DNS domain name".

SSL VPN bookmarks

  1. Click Add > New Local User/Users Group/Active Directory Group > SSL VPN Bookmarks tab.

    A new window opens.

  2. Enter new bookmarks or select existing bookmarks.

    Note - If you select Global bookmark, this bookmark is always shown.

  3. Click Apply.

  1. In SSL VPN bookmarks, click New to create new bookmarks.

    A new window opens.

  2. Enter these details:

    • URL

      Note - If you select Global bookmark, then all users see this bookmark.

    • Type - Link or RDP (remote desktop protocol)

    • Label - The bookmark name

    • Tooltip - Description

  3. Click Apply.

If you select RDP as the bookmark type, you must enter the user name and password in the RDP Advanced Settings. These credentials are sent to the end user.

Note - Select Show characters to see the password characters.

You can also specify the screen size of the remote desktop.

The default mode is full screen.

  1. Click on a bookmark.

  2. Click Edit or Delete.

  3. Click Apply.