Usage of SSL-VPN is conditioned by membership of the WinRoute host in the corresponding domain (Windows NT or Active Directory). User accounts that will be used for connections to SSL-VPN must be authenticated at the domain (it is not possible to use local authentication). This implies that SSL-VPN cannot be used for accessing shared items in multiple domains or to items at hosts which are not members of any domain.
The SSL-VPN interface can be enabled/disabled on the Web Interface → SSL-VPN in the Configuration → Advanced Options section.
Click SSL-VPN can be set.
to open a dialog where port and SSL certificate for
SSL-VPN's default port is port 443
(standard port of the HTTPS service).
Click to create a new certificate for the SSL-VPN service or to import a certificate issued by a trustworthy certification authority. When created, the certificate is saved as sslvpn.crt
and the corresponding private key as sslvpn.key
. The process of creating/importing a certificate is identical as the one for WinRoute's interface or the VPN server, addressed in detail in chapter 11.1 Web interface preferences.
Certificates for particular server name issued by a trustworthy certification authority can also be used for the Web interface and the VPN server — it is not necessary to use three different certificates.
Access to the SSL-VPN interface from the Internet must be allowed by defining a traffic rule allowing connection to the firewall's HTTPS service. For details, see chapter 7.4 Basic Traffic Rule Types.
Note: If the port for SSL-VPN interface is changed, it is also necessary to modify the Service item in this rule!
If at least one antivirus is enabled in WinRoute (see chapter 13 Antivirus control), all files transferred by the SSL-VPN interface can be scanned for viruses.
In default configuration, only files uploaded to hosts in remote private networks are scanned. For connection speed reasons, files downloaded to local hosts from remote networks are not scanned by antiviruses (files downloaded from private networks are considered as trustworthy). Settings of antivirus check can be changed in antivirus configuration — see chapter 13.5 Scanning of files transferred via Clientless SSL-VPN.