These server settings configure the SSL VPN server, such as the IP address and port the service listens on, the service's cipher list, and its service certificate. When connecting to the edge gateway, remote users specify the same IP address and port you set in these server settings.

About this task

If your edge gateway is configured with multiple, overlay IP address networks on its external interface, the IP address you select for the SSL VPN server can be different than the default external interface of the edge gateway.

While configuring the SSL VPN server settings, you must choose which encryption algorithms to use for the SSL VPN tunnel. You can choose one or more ciphers. Carefully choose the ciphers according to the strengths and weaknesses of your selections.

By default, the system uses the default, self-signed certificate that the system generates for each edge gateway as the default server identity certificate for the SSL VPN tunnel. Instead of this default, you can choose to use a digital certificate that you have added to the system on the Certificates screen.

Prerequisites

Verify you have met the prerequisites described in Configure SSL VPN-Plus Using the Tenant Portal.

If you choose to use a service certificate different than the default one, import the required certificate into the system. See Add a Service Certificate to the Edge Gateway for information.

Verify that you have completed the steps described in Navigate to the SSL-VPN Plus Screen in the Tenant Portal.

Procedure

  1. In the tenant portal, on the SSL VPN-Plus screen, click Server Settings.
  2. Select an IPv4 address.
  3. (Optional) : Type a TCP port number.

    This TCP port number is used by the SSL client installation package. By default, the system uses port 443, which is the default port for HTTPS/SSL traffic. Even though port number is required you can set any TCP port for communications.

    Note:

    The SSL VPN client requires the IP address and port configured here to be reachable from your remote users' client systems. If you change the port number from the default, ensure the IP address and port combination will be reachable from your intended users' systems.

  4. Select an encryption method in the cipher list.
  5. Configure the service's syslog logging policy.

    Logging is enabled by default. You can change the level of messages to log or disable logging.

  6. (Optional) : If you want to use a service certificate instead of the system-generated self-signed certificate that the system uses by default, click CHANGE SERVER CERTIFICATE, make your selection, and click OK.
  7. Click Save changes.

What to do next

Note:

The edge gateway IP address and the TCP port number you set must be reachable by your remote users. Add an edge gateway firewall rule that allows access to the SSL VPN-Plus IP address and port configured in this procedure. See Add an Edge Gateway Firewall Rule Using the Tenant Portal for information.

Add an IP pool so that remote users are assigned IP addresses when they connect using SSL VPN-Plus. See Create an IP Pool for Use with SSL VPN-Plus on an Edge Gateway for information.