F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
325
69B
How SSL VPN works
SSL VPN works in the following procedure:
1. The administrator logs in to the Web interface of the SSL VPN gateway, and then creates resources
to represent resources on the internal servers.
2. A remote user establishes an HTTPS connection to the SSL VPN gateway. The SSL VPN gateway
and the remote user authenticate each other by using the certificate-based authentication function
provided by SSL.
3. After the HTTPS connection is established, the user can try to log in to the Web interface of the SSL
VPN gateway by entering the username and password and selecting the authentication method
(for example, RADIUS authentication). The SSL VPN gateway will verify the user information.
4. After logging in to the Web interface, the user finds the resources of interest on the Web interface.
The user client then sends an access request to the SSL VPN gateway through an SSL connection.
5. The SSL VPN gateway resolves the request, interacts with the corresponding server, and then
forwards the server's reply to the user.
70B
Advantages of SSL VPN
SSL VPN provides these advantages:
554BSupport for various application protocols
SSL VPN can secure any application without knowing the details. SSL VPN classifies the service resources
provided by applications into three categories:
• Web proxy server resources—Web-based access enables users to establish HTTPS connections to
the SSL VPN gateway through a browser. Thus, users can access the Web proxy server resources of
the servers.
• TCP application resources—TCP-based access allows users to use their applications to access the
open service ports of the server securely. Such resources include remote access services, desktop
sharing services, email services, Notes mail services, and common application service resources.
• IP network resources—IP-based access allows user hosts to communicate with servers at Layer 3
securely. It supports all IP-based applications to communicate with the servers.
555BSimple deployment
SSL is integrated into most browsers, such as IE. Almost every PC installed with a browser supports SSL.
To access Web-based resources, a user only needs to launch a browser that supports SSL. When a user
tries to access TCP-based or IP-based resources, the SSL VPN client software runs automatically, without
requiring any manual intervention.
556BSupport for multiple authentication methods
In addition to the certificate authentication method provided by SSL, SSL VPN also supports the following
authentication methods and any combination of two of the following methods:
• Local authentication
• RADIUS authentication
• LDAP authentication
• AD authentication